| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 100€ Virus blockiert meinen Rechner (XP)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.03.2012, 04:50
| #1 |
 |  100€ Virus blockiert meinen Rechner (XP) guten morgen liebe helfer, nun hat es also auch mich erwischt. konnte meinen rechner bis eben nicht im normalen modus starten ohne diese BKA vollbild meldung zu bekommen, die den zugriff auf meinen desktop verhinderte. habe also eben im abgesicherten modus mit netzwerktreibern hier reingeschaut, malwarebytes laufen lassen und die 2 funde gelöscht: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.28.07 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Administrator :: MICHA-B47E0D6EE [administrator] 29.03.2012 04:43:05 mbam-log-2012-03-29 (04-43-05).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 384433 Time elapsed: 42 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\temp\cgs8h0.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Autostart\cgs8h0.exe.lnk (Trojan.Agent.Gen) -> Quarantined and deleted successfully. (end) hier bin ich nun also im normalen modus. es scheint alles wieder gut zu sein, aber ich würde gerne mit eurer hilfe lieber mal alles durchchecken :-) nachtrag: habe eben den taskmanager starten wollen und bekam die meldung, dass dieser durch den administrator deaktiviert worden sei. habe die verantwortliche zeile (google sei dank) gelöscht und nu funzt er wieder. hoffe, das war ok!? |
|
29.03.2012, 08:02
| #2 |
  | 100€ Virus blockiert meinen Rechner (XP) Hi,
__________________OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris chris
__________________ |
|
29.03.2012, 12:25
| #3 |
| | 100€ Virus blockiert meinen Rechner (XP) hallo chris,
__________________OTL.txt Code:
ATTFilter OTL logfile created on: 29.03.2012 13:08:45 - Run 4 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Micha\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,42% Memory free 3,85 Gb Paging File | 3,19 Gb Available in Paging File | 82,87% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 186,30 Gb Total Space | 58,08 Gb Free Space | 31,17% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 544,66 Gb Free Space | 58,47% Space Free | Partition Type: NTFS Computer Name: MICHA-B47E0D6EE | User Name: Micha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\IObit\Advanced SystemCare 5\madexcept_.bpl () MOD - C:\Programme\IObit\Advanced SystemCare 5\madbasic_.bpl () MOD - C:\Programme\IObit\Advanced SystemCare 5\maddisAsm_.bpl () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdvancedSystemCareService5) -- C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe (IObit) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation) SRV - (postgresql-8.4) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (MagicTuneEngine) -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GPU-Z) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\GPU-Z.sys File not found DRV - (gdfg) -- System32\drivers\pqhv.sys File not found DRV - (ECSIoDriver_1_1_0_0) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\is-FC7LA.tmp\ECSIoDriver.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\catchme.sys File not found DRV - (AMDPCI) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\AMDPCI.sys File not found DRV - (ALSysIO) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\ALSysIO.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (HWiNFO32) -- C:\Programme\HWiNFO32\HWiNFO32.SYS (REALiX(tm)) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (RzSynapse) -- C:\WINDOWS\system32\drivers\RzSynapse.sys (Razer USA Ltd) DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 02:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.14 17:41:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.18 14:49:09 | 000,000,000 | ---D | M] [2011.10.06 05:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Extensions [2011.10.06 05:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Extensions\prism@developer.mozilla.org [2012.03.24 19:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions [2012.01.05 12:06:57 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010.05.05 16:42:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.12 15:30:42 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\dictlookup@arnhold.com [2011.10.15 15:49:28 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\extensions\firefox@tvunetworks.com [2010.02.12 16:25:30 | 000,001,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\Mozilla\Firefox\Profiles\g58u29s8.default\searchplugins\winamp-search.xml [2012.03.14 17:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.18 18:13:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.02.19 11:01:44 | 000,000,000 | ---D | M] (Yummy CONDUIT Player) -- C:\Programme\Mozilla Firefox\extensions\YPlayer@yummy.net () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\G58U29S8.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\G58U29S8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MICHA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\G58U29S8.DEFAULT\EXTENSIONS\YESPOPUPSV1@PATHETICCOCKROACH.COM.XPI [2011.12.19 02:47:19 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.03.14 17:41:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.11.18 16:40:16 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.09.27 21:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2011.05.06 12:43:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.06 12:43:59 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.05.06 12:43:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.05.06 12:43:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.06 12:43:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.06 12:43:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.17 02:37:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [Razer Naga Driver] C:\Programme\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd) O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Programme\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265985632375 (MUWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7246A0B-E278-4F57-A0FF-034F8F789B23}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.12 11:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.02.16 14:58:45 | 000,200,260 | ---- | M] () - D:\AUTO.pat -- [ NTFS ] O32 - AutoRun File - [2010.02.16 14:58:45 | 000,007,316 | ---- | M] () - D:\AUTO.pst -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.29 13:09:29 | 000,000,000 | ---D | C] -- C:\TDSS [2012.03.29 12:54:28 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe [2012.03.22 13:38:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [2012.03.22 02:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Diablo III [2012.03.16 16:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Desktop\2012_03_16 [2012.03.14 13:41:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.03.14 13:41:42 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.03.09 14:48:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2012.03.09 14:02:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Desktop\2012_03_09 [2012.03.08 18:28:54 | 000,021,336 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe [2012.03.08 17:24:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit [2012.03.08 17:23:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Advanced SystemCare 5 [2012.03.08 17:23:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Anwendungsdaten\IObit [2012.03.08 17:23:24 | 000,000,000 | ---D | C] -- C:\Programme\IObit [2012.03.03 16:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\TerraTec [2012.03.03 16:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Micha\_noxon_iradio [2012.03.03 16:05:17 | 000,000,000 | ---D | C] -- C:\Programme\TerraTec [2012.03.03 16:04:59 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.03.03 16:04:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.03.03 16:04:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.29 12:54:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Micha\Desktop\OTL.exe [2012.03.29 05:33:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.29 05:26:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.03.29 04:06:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.26 19:56:10 | 000,564,474 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.26 19:56:10 | 000,541,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.26 19:56:10 | 000,119,694 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.26 19:56:10 | 000,102,820 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.03.16 18:18:37 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.03.16 18:18:37 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.03.16 18:18:34 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.03.14 17:32:17 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.14 17:06:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.03.14 13:45:34 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124532.reg [2012.03.14 13:45:23 | 000,000,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124520.reg [2012.03.14 13:44:56 | 000,002,590 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124448.reg [2012.03.14 13:41:44 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.03.13 21:56:10 | 000,006,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled[1].pdf [2012.03.13 21:56:08 | 000,006,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled.pdf [2012.03.03 16:05:20 | 000,000,821 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\NOXON player Basic.lnk [2012.03.02 18:46:08 | 000,038,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Desktop\happynazi.jpg [2012.03.02 02:11:10 | 000,161,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.01 01:58:00 | 018,624,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll [2012.03.01 01:58:00 | 017,534,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2012.03.01 01:58:00 | 013,417,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys [2012.03.01 01:58:00 | 005,918,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2012.03.01 01:58:00 | 004,309,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2012.03.01 01:58:00 | 002,784,050 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data [2012.03.01 01:58:00 | 002,522,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2012.03.01 01:58:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2012.03.01 01:58:00 | 002,291,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll [2012.03.01 01:58:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll [2012.03.01 01:58:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll [2012.03.01 01:58:00 | 000,065,536 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2012.03.01 01:58:00 | 000,007,843 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb [2012.02.29 23:15:40 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll [2012.02.29 23:15:40 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll [2012.02.29 23:15:40 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll [2012.02.29 23:15:40 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll [2012.02.29 23:15:40 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll [2012.02.29 23:15:39 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll [2012.02.29 23:15:39 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll [2012.02.29 23:15:38 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll [2012.02.29 23:15:38 | 000,278,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll [2012.02.29 23:15:38 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll [2012.02.29 23:15:38 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll [2012.02.29 23:15:37 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll [2012.02.29 23:15:37 | 000,262,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll [2012.02.29 23:15:36 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll [2012.02.29 23:15:35 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll [2012.02.29 23:15:35 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll [2012.02.29 23:15:35 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll [2012.02.29 23:15:35 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll [2012.02.29 23:15:35 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll [2012.02.29 23:15:35 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll [2012.02.29 23:15:34 | 000,286,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll [2012.02.29 23:15:34 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll [2012.02.29 23:15:34 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll [2012.02.29 23:15:34 | 000,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll [2012.02.29 23:15:33 | 000,126,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll [2012.02.29 23:15:11 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll [2012.02.29 23:15:11 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll [2012.02.29 23:15:10 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll [2012.02.29 22:30:31 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll [2012.02.29 22:30:24 | 015,494,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll [2012.02.29 22:30:24 | 000,143,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe [2012.02.29 22:30:23 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.29 04:57:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.03.14 17:05:39 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.03.14 13:45:33 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124532.reg [2012.03.14 13:45:22 | 000,000,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124520.reg [2012.03.14 13:44:54 | 000,002,590 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\cc_20120314_124448.reg [2012.03.14 13:41:44 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.03.13 21:56:10 | 000,006,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled[1].pdf [2012.03.13 21:56:08 | 000,006,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Eigene Dateien\Untitled.pdf [2012.03.03 16:05:20 | 000,000,821 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\NOXON player Basic.lnk [2012.03.02 18:45:53 | 000,038,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Micha\Desktop\happynazi.jpg [2012.02.16 21:42:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.12 02:41:17 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.06 11:13:16 | 000,000,032 | R--- | C] () -- C:\WINDOWS\hash.dat [2011.09.27 03:25:59 | 743,598,133 | ---- | C] () -- C:\Programme\DATA3.CAB.downloading [2011.09.27 03:25:59 | 1782,579,200 | ---- | C] () -- C:\Programme\DATA2.CAB.downloading [2011.09.27 03:25:59 | 1782,579,200 | ---- | C] () -- C:\Programme\DATA1.CAB.downloading [2011.09.27 03:25:59 | 009,832,696 | ---- | C] () -- C:\Programme\setup.exe.downloading [2011.08.12 05:33:49 | 000,492,456 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.06.02 17:18:09 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2010.10.07 06:39:10 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.10.07 06:39:00 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.10.07 06:39:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.09.05 19:57:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI [2010.06.30 18:06:38 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.06.30 18:06:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.06.30 18:06:36 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.06.30 18:06:35 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.06.30 18:06:35 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 29.03.2012 13:08:45 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Micha\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,42% Memory free
3,85 Gb Paging File | 3,19 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186,30 Gb Total Space | 58,08 Gb Free Space | 31,17% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 544,66 Gb Free Space | 58,47% Space Free | Partition Type: NTFS
Computer Name: MICHA-B47E0D6EE | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58553:TCP" = 58553:TCP:*:Enabled:Pando Media Booster
"58553:UDP" = 58553:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5432:TCP" = 5432:TCP:*:Enabled:postgres
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"58553:TCP" = 58553:TCP:*:Enabled:Pando Media Booster
"58553:UDP" = 58553:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MagicTune Premium\MagicTune.exe" = C:\Programme\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm -- (Microsoft Corporation)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader -- (Blizzard Entertainment)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\World of Warcraft Public Test\Launcher.exe" = C:\Programme\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Steam\SteamApps\common\iron grip marauders\prism.exe" = C:\Programme\Steam\SteamApps\common\iron grip marauders\prism.exe:*:Enabled:Iron Grip: Marauders -- (Mozilla Foundation)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\World of Warcraft\Launcher.patch.exe" = C:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\World of Warcraft Public Test\Launcher.patch.exe" = C:\Programme\World of Warcraft Public Test\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\downloads\Diablo III\Diablo-III-8370-deDE-Installer-downloader.exe" = D:\downloads\Diablo III\Diablo-III-8370-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe" = C:\Programme\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Apps\2.0\HQ0CX64P.PGB\C7EXKLHT.ZAK\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Apps\2.0\HQ0CX64P.PGB\C7EXKLHT.ZAK\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7797FC7F-05A2-4FDB-BADD-74B3DA296935}" = ActivePerl 5.12.2 Build 1203
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Betsafe Poker_is1" = Betsafe Poker
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HoldemManager" = Holdem Manager
"HWiNFO32_is1" = HWiNFO32 Version 3.90
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NOXON player Basic" = NOXON player Basic
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Secunia PSI" = Secunia PSI (2.0.0.4002)
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 201230" = EverQuest II
"Steam App 31740" = Iron Grip: Marauders
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Unlocker" = Unlocker 1.8.8
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"SOE-EverQuest Test" = EverQuest
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"World of Logs Client" = World of Logs Client
"World of Logs Client (4.2)" = World of Logs Client (4.2)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.03.2012 22:07:06 | Computer Name = MICHA-B47E0D6EE | Source = ESENT | ID = 490
Description = svchost (1732) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 28.03.2012 22:09:20 | Computer Name = MICHA-B47E0D6EE | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (275:112:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.
Error - 28.03.2012 22:09:31 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 04:09:31 CESTFATAL: the database system is starting up
Error - 28.03.2012 22:09:33 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 04:09:33 CESTFATAL: the database system is starting up
Error - 28.03.2012 22:09:35 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 04:09:35 CESTFATAL: the database system is starting up
Error - 28.03.2012 22:10:02 | Computer Name = MICHA-B47E0D6EE | Source = ESENT | ID = 490
Description = svchost (1680) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 28.03.2012 23:33:56 | Computer Name = MICHA-B47E0D6EE | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (275:112:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.
Error - 28.03.2012 23:34:12 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 05:34:12 CESTFATAL: the database system is starting up
Error - 28.03.2012 23:34:14 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 05:34:14 CESTFATAL: the database system is starting up
Error - 28.03.2012 23:34:16 | Computer Name = MICHA-B47E0D6EE | Source = PostgreSQL | ID = 0
Description = 2012-03-29 05:34:16 CESTFATAL: the database system is starting up
[ System Events ]
Error - 07.02.2012 21:30:12 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
Fehler beendet: 3417 (0xD59).
Error - 08.02.2012 05:02:45 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
Fehler beendet: 3417 (0xD59).
Error - 09.02.2012 14:11:00 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
Fehler beendet: 3417 (0xD59).
Error - 11.02.2012 15:25:05 | Computer Name = MICHA-B47E0D6EE | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde mit folgendem dienstspezifischem
Fehler beendet: 3417 (0xD59).
Error - 12.02.2012 23:07:13 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
Error - 12.02.2012 23:07:15 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
Error - 12.02.2012 23:07:17 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
Error - 12.02.2012 23:07:20 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
Error - 12.02.2012 23:07:22 | Computer Name = MICHA-B47E0D6EE | Source = nvgts | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.
Error - 12.02.2012 23:07:22 | Computer Name = MICHA-B47E0D6EE | Source = VolSnap | ID = 393230
Description = Die Schattenkopie von Volume "C:" wurde aufgrund eines E/A-Fehlers
abgebrochen.
[ TuneUp Events ]
Error - 21.05.2010 14:06:48 | Computer Name = MICHA-B47E0D6EE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 27.06.2010 14:23:03 | Computer Name = MICHA-B47E0D6EE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
TDSS Code:
ATTFilter 13:19:03.0046 1724 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:19:03.0156 1724 ============================================================
13:19:03.0156 1724 Current date / time: 2012/03/29 13:19:03.0156
13:19:03.0156 1724 SystemInfo:
13:19:03.0156 1724
13:19:03.0156 1724 OS Version: 5.1.2600 ServicePack: 3.0
13:19:03.0156 1724 Product type: Workstation
13:19:03.0156 1724 ComputerName: MICHA-B47E0D6EE
13:19:03.0156 1724 UserName: Micha
13:19:03.0156 1724 Windows directory: C:\WINDOWS
13:19:03.0156 1724 System windows directory: C:\WINDOWS
13:19:03.0156 1724 Processor architecture: Intel x86
13:19:03.0156 1724 Number of processors: 1
13:19:03.0156 1724 Page size: 0x1000
13:19:03.0156 1724 Boot type: Normal boot
13:19:03.0156 1724 ============================================================
13:19:04.0843 1724 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:19:04.0859 1724 Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:19:05.0312 1724 \Device\Harddisk0\DR0:
13:19:05.0312 1724 MBR used
13:19:05.0312 1724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
13:19:05.0312 1724 \Device\Harddisk1\DR2:
13:19:05.0312 1724 MBR used
13:19:05.0312 1724 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
13:19:05.0375 1724 Initialize success
13:19:05.0375 1724 ============================================================
13:20:56.0578 0364 ============================================================
13:20:56.0578 0364 Scan started
13:20:56.0578 0364 Mode: Manual; SigCheck; TDLFS;
13:20:56.0578 0364 ============================================================
13:20:56.0937 0364 Abiosdsk - ok
13:20:56.0953 0364 abp480n5 - ok
13:20:57.0000 0364 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:20:57.0281 0364 ACPI - ok
13:20:57.0328 0364 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:20:57.0453 0364 ACPIEC - ok
13:20:57.0468 0364 adpu160m - ok
13:20:57.0562 0364 AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe
13:20:57.0593 0364 AdvancedSystemCareService5 - ok
13:20:57.0625 0364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:20:57.0765 0364 aec - ok
13:20:57.0812 0364 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:20:57.0890 0364 AFD - ok
13:20:57.0906 0364 Aha154x - ok
13:20:57.0906 0364 aic78u2 - ok
13:20:57.0921 0364 aic78xx - ok
13:20:57.0968 0364 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:20:58.0125 0364 Alerter - ok
13:20:58.0140 0364 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:20:58.0203 0364 ALG - ok
13:20:58.0218 0364 AliIde - ok
13:20:58.0328 0364 ALSysIO - ok
13:20:58.0343 0364 AMDPCI - ok
13:20:58.0375 0364 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:20:58.0437 0364 AmdPPM - ok
13:20:58.0453 0364 amsint - ok
13:20:58.0500 0364 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:20:58.0515 0364 AntiVirSchedulerService - ok
13:20:58.0562 0364 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:20:58.0578 0364 AntiVirService - ok
13:20:58.0578 0364 AppMgmt - ok
13:20:58.0593 0364 asc - ok
13:20:58.0609 0364 asc3350p - ok
13:20:58.0625 0364 asc3550 - ok
13:20:58.0750 0364 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:20:58.0781 0364 aspnet_state - ok
13:20:58.0828 0364 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:20:58.0937 0364 AsyncMac - ok
13:20:58.0968 0364 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:20:59.0093 0364 atapi - ok
13:20:59.0109 0364 Atdisk - ok
13:20:59.0156 0364 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
13:20:59.0390 0364 atksgt - ok
13:20:59.0437 0364 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:20:59.0593 0364 Atmarpc - ok
13:20:59.0656 0364 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:20:59.0796 0364 AudioSrv - ok
13:20:59.0828 0364 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:20:59.0968 0364 audstub - ok
13:21:00.0093 0364 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:21:00.0093 0364 avgio - ok
13:21:00.0140 0364 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:21:00.0156 0364 avgntflt - ok
13:21:00.0171 0364 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:21:00.0187 0364 avipbb - ok
13:21:00.0234 0364 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:21:00.0375 0364 Beep - ok
13:21:00.0406 0364 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:21:00.0546 0364 BITS - ok
13:21:00.0609 0364 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:21:00.0781 0364 Browser - ok
13:21:00.0921 0364 catchme - ok
13:21:00.0953 0364 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:21:01.0140 0364 cbidf2k - ok
13:21:01.0156 0364 cd20xrnt - ok
13:21:01.0203 0364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:21:01.0359 0364 Cdaudio - ok
13:21:01.0390 0364 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:21:01.0531 0364 Cdfs - ok
13:21:01.0578 0364 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:21:01.0734 0364 Cdrom - ok
13:21:01.0734 0364 Changer - ok
13:21:01.0781 0364 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:21:01.0921 0364 CiSvc - ok
13:21:01.0953 0364 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:21:02.0109 0364 ClipSrv - ok
13:21:02.0187 0364 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:02.0203 0364 clr_optimization_v2.0.50727_32 - ok
13:21:02.0265 0364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:02.0296 0364 clr_optimization_v4.0.30319_32 - ok
13:21:02.0312 0364 CmdIde - ok
13:21:02.0312 0364 COMSysApp - ok
13:21:02.0328 0364 Cpqarray - ok
13:21:02.0359 0364 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:21:02.0562 0364 CryptSvc - ok
13:21:02.0578 0364 dac2w2k - ok
13:21:02.0593 0364 dac960nt - ok
13:21:02.0640 0364 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:21:02.0703 0364 DcomLaunch - ok
13:21:02.0734 0364 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:21:02.0875 0364 Dhcp - ok
13:21:02.0921 0364 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:21:03.0109 0364 Disk - ok
13:21:03.0109 0364 dmadmin - ok
13:21:03.0187 0364 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:21:03.0375 0364 dmboot - ok
13:21:03.0421 0364 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:21:03.0593 0364 dmio - ok
13:21:03.0656 0364 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:21:03.0796 0364 dmload - ok
13:21:03.0828 0364 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:21:03.0968 0364 dmserver - ok
13:21:04.0015 0364 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:21:04.0203 0364 DMusic - ok
13:21:04.0234 0364 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:21:04.0281 0364 Dnscache - ok
13:21:04.0328 0364 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:21:04.0500 0364 Dot3svc - ok
13:21:04.0500 0364 dpti2o - ok
13:21:04.0531 0364 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:21:04.0640 0364 drmkaud - ok
13:21:04.0687 0364 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
13:21:04.0703 0364 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
13:21:04.0703 0364 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
13:21:04.0750 0364 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:21:04.0875 0364 EapHost - ok
13:21:05.0015 0364 ECSIoDriver_1_1_0_0 - ok
13:21:05.0062 0364 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:21:05.0218 0364 ERSvc - ok
13:21:05.0281 0364 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:21:05.0281 0364 Eventlog - ok
13:21:05.0343 0364 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
13:21:05.0375 0364 EventSystem - ok
13:21:05.0421 0364 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:21:05.0546 0364 Fastfat - ok
13:21:05.0609 0364 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:21:05.0875 0364 FastUserSwitchingCompatibility - ok
13:21:05.0890 0364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:21:06.0093 0364 Fdc - ok
13:21:06.0109 0364 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:21:06.0234 0364 Fips - ok
13:21:06.0265 0364 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:21:06.0500 0364 Flpydisk - ok
13:21:06.0546 0364 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:21:06.0687 0364 FltMgr - ok
13:21:06.0781 0364 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:21:06.0781 0364 FontCache3.0.0.0 - ok
13:21:06.0812 0364 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:21:06.0937 0364 Fs_Rec - ok
13:21:06.0953 0364 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:21:07.0171 0364 Ftdisk - ok
13:21:07.0187 0364 gdfg - ok
13:21:07.0234 0364 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:21:07.0390 0364 Gpc - ok
13:21:07.0546 0364 GPU-Z - ok
13:21:07.0578 0364 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:21:07.0890 0364 HDAudBus - ok
13:21:07.0968 0364 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:21:08.0187 0364 helpsvc - ok
13:21:08.0203 0364 HidServ - ok
13:21:08.0250 0364 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:21:08.0484 0364 HidUsb - ok
13:21:08.0531 0364 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:21:08.0750 0364 hkmsvc - ok
13:21:08.0765 0364 hpn - ok
13:21:08.0859 0364 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:21:08.0921 0364 HTTP - ok
13:21:08.0984 0364 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:21:09.0203 0364 HTTPFilter - ok
13:21:09.0265 0364 HWiNFO32 (79b69cd1dfbdc48ccad4b8b6d4048786) C:\Programme\HWiNFO32\HWiNFO32.SYS
13:21:09.0281 0364 HWiNFO32 - ok
13:21:09.0296 0364 i2omgmt - ok
13:21:09.0328 0364 i2omp - ok
13:21:09.0375 0364 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:21:09.0562 0364 i8042prt - ok
13:21:09.0687 0364 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:21:09.0765 0364 idsvc - ok
13:21:09.0828 0364 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:21:10.0015 0364 Imapi - ok
13:21:10.0078 0364 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
13:21:10.0281 0364 ImapiService - ok
13:21:10.0281 0364 ini910u - ok
13:21:10.0484 0364 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:21:10.0734 0364 IntcAzAudAddService - ok
13:21:10.0765 0364 IntelIde - ok
13:21:10.0828 0364 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:21:11.0046 0364 Ip6Fw - ok
13:21:11.0109 0364 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:21:11.0328 0364 IpFilterDriver - ok
13:21:11.0375 0364 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:21:11.0562 0364 IpInIp - ok
13:21:11.0593 0364 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:21:11.0765 0364 IpNat - ok
13:21:11.0812 0364 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:21:12.0015 0364 IPSec - ok
13:21:12.0078 0364 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:21:12.0156 0364 IRENUM - ok
13:21:12.0187 0364 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:21:12.0359 0364 isapnp - ok
13:21:12.0484 0364 JavaQuickStarterService (92e16f5d034e7864da308ba6309a98b7) C:\Programme\Java\jre7\bin\jqs.exe
13:21:12.0500 0364 JavaQuickStarterService - ok
13:21:12.0546 0364 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:21:12.0750 0364 Kbdclass - ok
13:21:12.0781 0364 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:21:12.0968 0364 kbdhid - ok
13:21:13.0000 0364 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:21:13.0203 0364 kmixer - ok
13:21:13.0234 0364 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:21:13.0296 0364 KSecDD - ok
13:21:13.0343 0364 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:21:13.0343 0364 L8042Kbd - ok
13:21:13.0375 0364 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
13:21:13.0390 0364 L8042mou - ok
13:21:13.0453 0364 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:21:13.0531 0364 lanmanserver - ok
13:21:13.0578 0364 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:21:13.0609 0364 lanmanworkstation - ok
13:21:13.0640 0364 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
13:21:13.0656 0364 LBeepKE - ok
13:21:13.0671 0364 lbrtfdc - ok
13:21:13.0796 0364 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
13:21:13.0812 0364 LBTServ - ok
13:21:13.0828 0364 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
13:21:13.0843 0364 LHidFilt - ok
13:21:13.0890 0364 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
13:21:13.0890 0364 lirsgt - ok
13:21:13.0953 0364 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:21:14.0156 0364 LmHosts - ok
13:21:14.0218 0364 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
13:21:14.0234 0364 LMouFilt - ok
13:21:14.0265 0364 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:21:14.0281 0364 LMouKE - ok
13:21:14.0312 0364 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
13:21:14.0328 0364 LUsbFilt - ok
13:21:14.0375 0364 MagicTune (4e4c9d7ce77be0c9266b1089f93e7c01) C:\WINDOWS\system32\drivers\MTiCtwl.sys
13:21:14.0375 0364 MagicTune ( UnsignedFile.Multi.Generic ) - warning
13:21:14.0375 0364 MagicTune - detected UnsignedFile.Multi.Generic (1)
13:21:14.0468 0364 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Programme\MagicTune Premium\MagicTuneEngine.exe
13:21:14.0484 0364 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - warning
13:21:14.0484 0364 MagicTuneEngine - detected UnsignedFile.Multi.Generic (1)
13:21:14.0531 0364 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:21:14.0546 0364 MBAMProtector - ok
13:21:14.0609 0364 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
13:21:14.0687 0364 MBAMService - ok
13:21:14.0750 0364 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:21:14.0937 0364 Messenger - ok
13:21:15.0000 0364 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:21:15.0187 0364 mnmdd - ok
13:21:15.0218 0364 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
13:21:15.0421 0364 mnmsrvc - ok
13:21:15.0468 0364 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:21:15.0671 0364 Modem - ok
13:21:15.0734 0364 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:21:15.0921 0364 Mouclass - ok
13:21:15.0953 0364 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:21:16.0203 0364 mouhid - ok
13:21:16.0250 0364 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:21:16.0515 0364 MountMgr - ok
13:21:16.0531 0364 mraid35x - ok
13:21:16.0578 0364 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:21:16.0828 0364 MRxDAV - ok
13:21:16.0890 0364 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:21:16.0968 0364 MRxSmb - ok
13:21:17.0015 0364 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
13:21:17.0453 0364 MSDTC - ok
13:21:17.0734 0364 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:21:17.0875 0364 Msfs - ok
13:21:17.0890 0364 MSIServer - ok
13:21:17.0921 0364 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:21:18.0046 0364 MSKSSRV - ok
13:21:18.0078 0364 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:21:18.0187 0364 MSPCLOCK - ok
13:21:18.0218 0364 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:21:18.0359 0364 MSPQM - ok
13:21:18.0375 0364 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:21:18.0515 0364 mssmbios - ok
13:21:18.0625 0364 MSSQL$SQLEXPRESS - ok
13:21:18.0687 0364 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:21:18.0781 0364 MSSQLServerADHelper - ok
13:21:18.0812 0364 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:21:18.0921 0364 Mup - ok
13:21:19.0171 0364 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:21:19.0343 0364 napagent - ok
13:21:19.0421 0364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:21:19.0625 0364 NDIS - ok
13:21:19.0718 0364 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:21:19.0781 0364 NdisTapi - ok
13:21:19.0859 0364 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:21:20.0000 0364 Ndisuio - ok
13:21:20.0046 0364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:21:20.0218 0364 NdisWan - ok
13:21:20.0312 0364 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:21:20.0406 0364 NDProxy - ok
13:21:20.0453 0364 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:21:20.0625 0364 NetBIOS - ok
13:21:20.0718 0364 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:21:20.0968 0364 NetBT - ok
13:21:21.0046 0364 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:21:21.0203 0364 NetDDE - ok
13:21:21.0203 0364 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:21:21.0390 0364 NetDDEdsdm - ok
13:21:21.0468 0364 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:21.0609 0364 Netlogon - ok
13:21:21.0687 0364 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:21:21.0843 0364 Netman - ok
13:21:21.0890 0364 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:21:21.0906 0364 NetTcpPortSharing - ok
13:21:21.0953 0364 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:21:21.0984 0364 Nla - ok
13:21:22.0031 0364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:21:22.0140 0364 Npfs - ok
13:21:22.0203 0364 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:21:22.0359 0364 Ntfs - ok
13:21:22.0390 0364 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:22.0546 0364 NtLmSsp - ok
13:21:22.0593 0364 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:21:22.0734 0364 NtmsSvc - ok
13:21:22.0765 0364 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:21:22.0875 0364 Null - ok
13:21:23.0375 0364 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:21:24.0171 0364 nv - ok
13:21:24.0296 0364 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys
13:21:24.0359 0364 nvata - ok
13:21:24.0375 0364 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:21:24.0421 0364 NVENETFD - ok
13:21:24.0437 0364 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:21:24.0453 0364 nvgts - ok
13:21:24.0484 0364 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:21:24.0500 0364 nvnetbus - ok
13:21:24.0546 0364 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
13:21:24.0562 0364 NVSvc - ok
13:21:24.0750 0364 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:21:24.0843 0364 nvUpdatusService - ok
13:21:24.0890 0364 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:21:25.0031 0364 NwlnkFlt - ok
13:21:25.0046 0364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:21:25.0171 0364 NwlnkFwd - ok
13:21:25.0203 0364 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:21:25.0328 0364 Parport - ok
13:21:25.0390 0364 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:21:25.0515 0364 PartMgr - ok
13:21:25.0562 0364 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:21:25.0671 0364 ParVdm - ok
13:21:25.0687 0364 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:21:25.0812 0364 PCI - ok
13:21:25.0828 0364 PCIDump - ok
13:21:25.0859 0364 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:21:25.0984 0364 PCIIde - ok
13:21:26.0015 0364 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:21:26.0125 0364 Pcmcia - ok
13:21:26.0140 0364 PDCOMP - ok
13:21:26.0156 0364 PDFRAME - ok
13:21:26.0156 0364 PDRELI - ok
13:21:26.0171 0364 PDRFRAME - ok
13:21:26.0484 0364 perc2 - ok
13:21:26.0875 0364 perc2hib - ok
13:21:27.0015 0364 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:21:27.0046 0364 PlugPlay - ok
13:21:27.0078 0364 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:27.0234 0364 PolicyAgent - ok
13:21:27.0312 0364 postgresql-8.4 - ok
13:21:27.0343 0364 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:21:27.0484 0364 PptpMiniport - ok
13:21:27.0500 0364 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:21:27.0625 0364 Processor - ok
13:21:27.0640 0364 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:28.0031 0364 ProtectedStorage - ok
13:21:28.0046 0364 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:21:28.0296 0364 PSched - ok
13:21:28.0390 0364 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
13:21:28.0406 0364 PSI - ok
13:21:28.0421 0364 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:21:28.0531 0364 Ptilink - ok
13:21:28.0562 0364 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:21:28.0578 0364 PxHelp20 - ok
13:21:28.0593 0364 ql1080 - ok
13:21:28.0609 0364 Ql10wnt - ok
13:21:28.0625 0364 ql12160 - ok
13:21:28.0640 0364 ql1240 - ok
13:21:28.0640 0364 ql1280 - ok
13:21:28.0671 0364 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:21:28.0843 0364 RasAcd - ok
13:21:28.0875 0364 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:21:29.0000 0364 RasAuto - ok
13:21:29.0031 0364 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:21:29.0171 0364 Rasl2tp - ok
13:21:29.0234 0364 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:21:29.0359 0364 RasMan - ok
13:21:29.0375 0364 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:21:29.0812 0364 RasPppoe - ok
13:21:29.0812 0364 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:21:30.0093 0364 Raspti - ok
13:21:30.0125 0364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:21:30.0546 0364 Rdbss - ok
13:21:30.0578 0364 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:21:30.0781 0364 RDPCDD - ok
13:21:30.0828 0364 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:21:30.0890 0364 RDPWD - ok
13:21:30.0921 0364 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:21:31.0093 0364 RDSessMgr - ok
13:21:31.0156 0364 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:21:31.0312 0364 redbook - ok
13:21:31.0343 0364 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:21:31.0484 0364 RemoteAccess - ok
13:21:31.0500 0364 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
13:21:31.0609 0364 RpcLocator - ok
13:21:31.0671 0364 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
13:21:31.0687 0364 RpcSs - ok
13:21:31.0718 0364 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
13:21:31.0828 0364 RSVP - ok
13:21:31.0859 0364 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
13:21:31.0875 0364 RzSynapse - ok
13:21:31.0921 0364 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:21:32.0062 0364 SamSs - ok
13:21:32.0078 0364 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:21:32.0203 0364 SCardSvr - ok
13:21:32.0250 0364 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:21:32.0531 0364 Schedule - ok
13:21:32.0656 0364 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:21:32.0703 0364 Secdrv - ok
13:21:32.0734 0364 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:21:32.0890 0364 seclogon - ok
13:21:32.0953 0364 Secunia PSI Agent - ok
13:21:32.0968 0364 Secunia Update Agent - ok
13:21:33.0031 0364 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:21:33.0156 0364 SENS - ok
13:21:33.0187 0364 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:21:33.0328 0364 Serenum - ok
13:21:33.0343 0364 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:21:33.0468 0364 Serial - ok
13:21:33.0531 0364 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:21:33.0656 0364 Sfloppy - ok
13:21:33.0687 0364 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:21:33.0828 0364 SharedAccess - ok
13:21:33.0859 0364 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:21:33.0875 0364 ShellHWDetection - ok
13:21:33.0890 0364 Simbad - ok
13:21:33.0906 0364 Sparrow - ok
13:21:33.0921 0364 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:21:34.0062 0364 splitter - ok
13:21:34.0093 0364 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:21:34.0156 0364 Spooler - ok
13:21:34.0250 0364 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:21:34.0265 0364 SQLBrowser - ok
13:21:34.0312 0364 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:21:34.0312 0364 SQLWriter - ok
13:21:34.0343 0364 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:21:34.0406 0364 sr - ok
13:21:34.0453 0364 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
13:21:34.0500 0364 srservice - ok
13:21:34.0562 0364 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:21:34.0609 0364 Srv - ok
13:21:34.0640 0364 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:21:34.0703 0364 SSDPSRV - ok
13:21:34.0750 0364 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:21:34.0750 0364 ssmdrv - ok
13:21:34.0781 0364 Steam Client Service - ok
13:21:34.0828 0364 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:21:34.0968 0364 stisvc - ok
13:21:35.0000 0364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:21:35.0140 0364 swenum - ok
13:21:35.0187 0364 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:21:35.0312 0364 swmidi - ok
13:21:35.0312 0364 SwPrv - ok
13:21:35.0328 0364 symc810 - ok
13:21:35.0343 0364 symc8xx - ok
13:21:35.0343 0364 sym_hi - ok
13:21:35.0359 0364 sym_u3 - ok
13:21:35.0390 0364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:21:35.0500 0364 sysaudio - ok
13:21:35.0531 0364 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:21:35.0656 0364 SysmonLog - ok
13:21:35.0687 0364 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:21:35.0812 0364 TapiSrv - ok
13:21:35.0859 0364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:21:35.0906 0364 Tcpip - ok
13:21:35.0937 0364 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:21:36.0046 0364 TDPIPE - ok
13:21:36.0078 0364 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:21:36.0187 0364 TDTCP - ok
13:21:36.0218 0364 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
13:21:36.0281 0364 teamviewervpn - ok
13:21:36.0312 0364 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:21:36.0437 0364 TermDD - ok
13:21:36.0484 0364 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:21:36.0593 0364 TermService - ok
13:21:36.0640 0364 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:21:36.0656 0364 Themes - ok
13:21:36.0656 0364 TosIde - ok
13:21:36.0687 0364 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:21:36.0796 0364 TrkWks - ok
13:21:36.0859 0364 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:21:36.0968 0364 Udfs - ok
13:21:36.0984 0364 ultra - ok
13:21:37.0046 0364 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
13:21:37.0093 0364 UMWdf - ok
13:21:37.0140 0364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:21:37.0296 0364 Update - ok
13:21:37.0328 0364 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:21:37.0406 0364 upnphost - ok
13:21:37.0437 0364 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:21:38.0140 0364 UPS - ok
13:21:38.0265 0364 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:21:38.0406 0364 usbccgp - ok
13:21:38.0421 0364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:21:38.0546 0364 usbehci - ok
13:21:38.0562 0364 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:21:38.0687 0364 usbhub - ok
13:21:38.0734 0364 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:21:38.0843 0364 usbohci - ok
13:21:38.0875 0364 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:21:38.0984 0364 usbprint - ok
13:21:39.0015 0364 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:21:39.0125 0364 usbscan - ok
13:21:39.0140 0364 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:21:39.0265 0364 usbstor - ok
13:21:39.0312 0364 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:21:39.0421 0364 VgaSave - ok
13:21:39.0421 0364 ViaIde - ok
13:21:39.0453 0364 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:21:39.0562 0364 VolSnap - ok
13:21:39.0578 0364 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:21:39.0640 0364 VSS - ok
13:21:39.0671 0364 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
13:21:39.0765 0364 W32Time - ok
13:21:39.0796 0364 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:21:39.0921 0364 Wanarp - ok
13:21:39.0984 0364 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:21:40.0000 0364 Wdf01000 - ok
13:21:40.0015 0364 WDICA - ok
13:21:40.0062 0364 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:21:40.0171 0364 wdmaud - ok
13:21:40.0187 0364 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:21:40.0312 0364 WebClient - ok
13:21:40.0390 0364 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:21:40.0515 0364 winmgmt - ok
13:21:40.0578 0364 WinRM (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
13:21:40.0671 0364 WinRM - ok
13:21:40.0703 0364 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
13:21:40.0734 0364 WmdmPmSN - ok
13:21:40.0765 0364 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:21:40.0890 0364 WmiApSrv - ok
13:21:41.0062 0364 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:21:41.0093 0364 WPFFontCache_v0400 - ok
13:21:41.0140 0364 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:21:41.0265 0364 WS2IFSL - ok
13:21:41.0312 0364 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:21:41.0453 0364 wscsvc - ok
13:21:41.0500 0364 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:21:41.0593 0364 wuauserv - ok
13:21:41.0656 0364 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:21:41.0781 0364 WZCSVC - ok
13:21:41.0812 0364 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:21:41.0953 0364 xmlprov - ok
13:21:41.0984 0364 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:21:43.0421 0364 \Device\Harddisk0\DR0 - ok
13:21:43.0875 0364 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
13:21:43.0984 0364 \Device\Harddisk1\DR2 - ok
13:21:44.0015 0364 Boot (0x1200) (49e7ee72a70ed9c4b334473a31d66032) \Device\Harddisk0\DR0\Partition0
13:21:44.0015 0364 \Device\Harddisk0\DR0\Partition0 - ok
13:21:44.0015 0364 Boot (0x1200) (7161788a168164ffddbd596a1f6eca23) \Device\Harddisk1\DR2\Partition0
13:21:44.0015 0364 \Device\Harddisk1\DR2\Partition0 - ok
13:21:44.0015 0364 ============================================================
13:21:44.0015 0364 Scan finished
13:21:44.0015 0364 ============================================================
13:21:44.0140 2516 Detected object count: 3
13:21:44.0140 2516 Actual detected object count: 3
13:24:01.0484 2516 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:01.0484 2516 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:01.0484 2516 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:01.0484 2516 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:01.0484 2516 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:01.0484 2516 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.03.2012, 15:16
| #4 |
| | 100€ Virus blockiert meinen Rechner (XP) Hi, sieht eigentlich soweit gut aus. Posete noch das Log von GMER oder erstell eein neues... Fix für OTL:
 Code:
ATTFilter
:OTL
DRV - (GPU-Z) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\GPU-Z.sys File not found
DRV - (ECSIoDriver_1_1_0_0) -- C:\DOKUME~1\Micha\LOKALE~1\Temp\is-FC7LA.tmp\ECSIoDriver.sys File not found
O32 - AutoRun File - [2010.02.12 11:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.02.16 14:58:45 | 000,200,260 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010.02.16 14:58:45 | 000,007,316 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = dword:0x00
:Commands
[emptytemp]
[Reboot]
chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.03.2012, 17:41
| #5 |
| | 100€ Virus blockiert meinen Rechner (XP) hab zunächst den OTL fix laufen lassen: Code:
ATTFilter All processes killed
========== OTL ==========
Service GPU-Z stopped successfully!
Service GPU-Z deleted successfully!
File C:\DOKUME~1\Micha\LOKALE~1\Temp\GPU-Z.sys File not found not found.
Service ECSIoDriver_1_1_0_0 stopped successfully!
Service ECSIoDriver_1_1_0_0 deleted successfully!
File C:\DOKUME~1\Micha\LOKALE~1\Temp\is-FC7LA.tmp\ECSIoDriver.sys File not found not found.
C:\AUTOEXEC.BAT moved successfully.
D:\AUTO.pat moved successfully.
D:\AUTO.pst moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 65721057 bytes
->Flash cache emptied: 57034 bytes
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1340149 bytes
->FireFox cache emptied: 3357934 bytes
->Flash cache emptied: 343 bytes
User: Micha
->Temp folder emptied: 433883835 bytes
->Temporary Internet Files folder emptied: 39098511 bytes
->Java cache emptied: 379249 bytes
->FireFox cache emptied: 104870658 bytes
->Flash cache emptied: 57749 bytes
User: NetworkService
->Temp folder emptied: 458752 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2349610 bytes
%systemroot%\System32 .tmp files removed: 861063 bytes
%systemroot%\System32\dllcache .tmp files removed: 243200 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345256 bytes
RecycleBin emptied: 304540 bytes
Total Files Cleaned = 624,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_171608
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
erster versuch im normalen modus: system fror irgendwann ein, auch war unten kein pfad mer zu sehen, an dem man erkennen konnte, wo grad gescannt wird. nach 15 minuten habe ich gerebootet. zweiter versuch im normalen modus brachte mir (an derselben stelle, meine ich) einen bluescreen (driver_irql_not_less_or_equal oder so ähnlich) dritter versuch im abgesicherten modus siehe zweiter versuch nach reboot sah ich im taskmanager den prozess savedump.exe, welchen ich noch nie zuvor sah. hab ihn beendet. |
|
29.03.2012, 19:51
| #6 |
| | 100€ Virus blockiert meinen Rechner (XP) Hi, RootkitRevealer scannen lassen Lade bitte RootkitRevealer runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programmer\ootkitrevealer. Starte in diesem Ordner RootkitReavealer.exe. Alle anderen Programme schließen. Starte durch Klick auf "Scan". Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern, und hier im forum posten. OSAM Prüft Programme/Treiber die gestartet werden online. Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. chris
__________________ --> 100€ Virus blockiert meinen Rechner (XP) |
|
29.03.2012, 23:49
| #7 |
| | 100€ Virus blockiert meinen Rechner (XP) Revealer: Code:
ATTFilter HKU\S-1-5-21-2025429265-162531612-839522115-1004\Console 18.11.2011 14:34 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 12.02.2010 11:25 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 12.02.2010 11:25 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG* 14.02.2012 19:29 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell 07.10.2010 08:49 0 bytes Security mismatch.
HKLM\SOFTWARE\Secunia\sua\Check 29.03.2012 23:52 40 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Swearware\backup\winsock2 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 17.11.2011 02:24 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 17.11.2011 02:24 0 bytes Security mismatch.
C:\Programme\IObit\Advanced SystemCare 5\ASCServiceLog\2012-03-30.log 30.03.2012 00
OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:46:22 on 30.03.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "RTSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ALSysIO" (ALSysIO) - ? - C:\DOKUME~1\Micha\LOKALE~1\Temp\ALSysIO.sys (File not found) "AMDPCI" (AMDPCI) - ? - C:\DOKUME~1\Micha\LOKALE~1\Temp\AMDPCI.sys (File not found) "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\Micha\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DrvAgent32" (DrvAgent32) - "Phoenix Technologies" - C:\WINDOWS\system32\Drivers\DrvAgent32.sys "gdfg" (gdfg) - ? - C:\WINDOWS\System32\drivers\pqhv.sys (File not found) "HWiNFO32/64 Kernel Driver" (HWiNFO32) - "REALiX(tm)" - C:\Programme\HWiNFO32\HWiNFO32.SYS "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MagicTune" (MagicTune) - "Samsung Electronics, Inc. " - C:\WINDOWS\System32\drivers\MTiCtwl.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_01" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_01.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab {74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Micha\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Advanced SystemCare 5" - "IObit" - "C:\Programme\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login "nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet "Razer Naga Driver" - "Razer USA Ltd" - C:\Programme\Razer\Naga Epic\NagaEpicSysTray.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Advanced SystemCare Service 5" (AdvancedSystemCareService5) - "IObit" - C:\Programme\IObit\Advanced SystemCare 5\ASCService.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jqs.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe "MagicTuneEngine" (MagicTuneEngine) - ? - C:\Programme\MagicTune Premium\MagicTuneEngine.exe (File found, but it contains no detailed information) "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NUCVQHGSR" (NUCVQHGSR) - "Sysinternals - www.sysinternals.com" - C:\DOKUME~1\Micha\LOKALE~1\Temp\NUCVQHGSR.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "PostgreSQL Server 8.4" (postgresql-8.4) - "PostgreSQL Global Development Group" - C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
30.03.2012, 13:25
| #8 |
| | 100€ Virus blockiert meinen Rechner (XP) Hi, sieht gut aus, den Eintrag: Code:
ATTFilter "MVB" - ? - mvfs32.dll (File not found)
Verhält sich der Rechner normal (oder noch Umleitungen etc.)? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
30.03.2012, 23:26
| #9 | ||
| | 100€ Virus blockiert meinen Rechner (XP)Zitat:
Zitat:
|
|
31.03.2012, 20:57
| #10 |
| | 100€ Virus blockiert meinen Rechner (XP) Hi, dann wären wir durch... Rootkitre. und OSAM kannst Du löschen, auch C:\_OTL... MAM würde ich drauf lassen und ab- und an updaten und laufen lassen (Fullscan)... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
31.03.2012, 23:08
| #11 |
| | 100€ Virus blockiert meinen Rechner (XP) jut, vielen herzlichen dank :-) |
|
| Themen zu 100€ Virus blockiert meinen Rechner (XP) |
| anti-malware, autostart, blockiert, chkdsk, code, desktop, detected, einstellungen, explorer, file, gelöscht, google, malwarebytes, netzwerk, neustart, programme, rechner, registry, service pack 3, starten, system, taskmanager, temp, trojan.agent.ge, trojan.downloader.gen, virus |
Linear-Darstellung
