| |
| |||||||
Log-Analyse und Auswertung: S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien verstecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.04.2012, 01:47
| #1 |
| |  S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hallo, während ich im Internet war, hat sich plötzlich der Browser geschlossen und mehrere (15-20 Stück) Windows-Fenster "System message - Write Fault Error" mit der Fehlermeldung "A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exeption error when using a reference to an invalid system memory adress" sind aufgeploppt. Kurz darauf ist ein weiteres Fenster "SMART HDD" aufgeploppt, das vorgibt, ein S.M.A.R.T. Check würde ablaufen. Dieser Scan weist folgende Fehler auf: Hard drive boot sector reading error Systemblocks were not found The DRM attribute value is too small before disk scan Error 0x00000050-Page_FAULT_INNONPAGED_AREA Zur Behebung der Fehler wird auf eine Website verwiesen, die eine Reperatur-Software für 84,5 $ anbietet. Zudem traten weitere Probleme auf: Das Startmenü ist komplett leer. Erst waren alle Symbole auf dem Desktop nicht mehr sichtbar, jetzt ist der Desktop komplett schwarz. Sämtliche Dateien und Ordner sind versteckt. Ich habe versucht, wie in der Checklist angegeben, den defogger sowie die dds herunterzuladen. Das war aber erfolglos. Kann mir jemand weiterhelfen? Gruß Willie Hallo zusammen, habe es geschafft, den defogger und die dds herunterzuladen. Beides habe ich wie beschrieben ausgeführt. Hier die dds.txt: [CODE].DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Christian at 12:59:20 on 2012-04-02
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.895.338 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\AVEngine\AVScanningService.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\AVEngine\AVWatchService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\MySecurityCenter\Programs\service.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Fighters\FighterSuiteService.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbsecsvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe
C:\Programme\PowerISO\PWRISOVM.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Ask.com\Updater\Updater.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe
C:\Programme\Fighters\SPYWAREfighter\SWPROTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uWinlogon: Shell=c:\dokumente und einstellungen\christian\anwendungsdaten\control components\ccmain.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\programme\elf_1.13\prxtbElf0.dll
BHO: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\programme\yontoo layers\YontooIEClient.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\programme\elf_1.13\prxtbElf0.dll
TB: Search-Results Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [SansaDispatch] c:\dokumente und einstellungen\christian\anwendungsdaten\sandisk\sansa updater\SansaDispatch.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\programme\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\programme\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PestPatrol Control Center] c:\programme\pestpatrol\PPControl.exe
mRun: [PPMemCheck] c:\programme\pestpatrol\PPMemCheck.exe
mRun: [CookiePatrol] c:\programme\pestpatrol\CookiePatrol.exe
mRun: [setc] c:\programme\mysecuritycenter\programs\setc.exe
mRun: [regist] c:\programme\mysecuritycenter\programs\Info.exe
mRun: [HotKey] c:\windows\twain_32\flatbed\HotKey.exe
mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
mRun: [Nikon Transfer Monitor] c:\programme\gemeinsame dateien\nikon\monitor\NkMonitor.exe
mRun: [PWRISOVM.EXE] c:\programme\poweriso\PWRISOVM.EXE
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\programme\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ApnUpdater] "c:\programme\ask.com\updater\Updater.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [XSROCGDdNlpYr.exe] c:\dokumente und einstellungen\all users\anwendungsdaten\XSROCGDdNlpYr.exe
mRun: [SWPROguard] c:\programme\fighters\spywarefighter\SWPROTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143122975250
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{9FED7716-22A4-4CBF-B5DE-2B3A4642708F} : DhcpNameServer = 192.168.178.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\christian\anwendungsdaten\mozilla\firefox\profiles\v88husb2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programme\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\programme\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\programme\google\picasa3\npPicasa3.dll
FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-4-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-4-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-4-13 269480]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programme\gemeinsame dateien\common toolkit suite\avengine\AVScanningService.exe [2010-12-24 797848]
R2 AV Watch Service;AV Watch Service;c:\programme\gemeinsame dateien\common toolkit suite\avengine\AVWatchService.exe [2010-12-24 93328]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-13 66616]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-25 233472]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MySecurityCenter License Service;MySecurityCenter License Service;c:\programme\mysecuritycenter\programs\service.exe [2007-5-21 78696]
R2 Suite Service;Suite Service;c:\programme\fighters\FighterSuiteService.exe [2010-12-24 1141896]
R2 wbsecsvc;wbsecsvc;c:\windows\system32\wbsecsvc.exe [2006-3-23 245760]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-25 36608]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2006-3-23 28672]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;c:\windows\system32\drivers\W33ND.SYS [2006-3-23 140064]
S1 wbsecdrv;wbsecdrv Protocol Driver;c:\windows\system32\drivers\wbsecdrv.sys --> c:\windows\system32\drivers\wbsecdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [2010-12-24 10264]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-5-25 18120]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-3-19 12288]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-12-25 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-12-25 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-12-25 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2010-12-25 100352]
S4 Usbridkwap;Usbridkwap; [x]
.
=============== Created Last 30 ================
.
2012-04-02 09:48:21 -------- d--h--w- c:\programme\gemeinsame dateien\Common Toolkit Suite
2012-04-02 09:48:21 -------- d--h--w- c:\programme\Fighters
2012-04-02 09:48:21 -------- d--h--w- c:\dokumente und einstellungen\all users\anwendungsdaten\Common Toolkit Suite
2012-04-02 09:46:50 -------- d--h--w- c:\dokumente und einstellungen\all users\anwendungsdaten\Fighters
2012-04-02 09:46:14 -------- dc-h--w- c:\dokumente und einstellungen\all users\anwendungsdaten\{D81057B4-29EC-41EB-A123-4E4E49873404}
2012-04-02 09:44:15 -------- d--h--w- c:\dokumente und einstellungen\christian\anwendungsdaten\Fighters
2012-04-01 22:39:06 -------- d--h--w- c:\programme\gemeinsame dateien\Wise Installation Wizard
2012-04-01 22:16:23 -------- d--h--w- c:\programme\gemeinsame dateien\SpeedyPC Software
2012-04-01 22:16:22 -------- d--h--w- c:\programme\SpeedyPC Software
2012-04-01 22:16:22 -------- d--h--w- c:\dokumente und einstellungen\all users\anwendungsdaten\SpeedyPC Software
2012-04-01 21:01:27 231936 ---ha-w- c:\dokumente und einstellungen\all users\anwendungsdaten\6tvo03dNzTweJL.exe
2012-04-01 20:55:39 297984 ---ha-w- c:\dokumente und einstellungen\all users\anwendungsdaten\XSROCGDdNlpYr.exe
2012-03-20 16:15:03 592824 ---ha-w- c:\programme\mozilla firefox\gkmedias.dll
2012-03-20 16:15:03 44472 ---ha-w- c:\programme\mozilla firefox\mozglue.dll
2012-03-18 16:57:25 -------- d--h--w- c:\dokumente und einstellungen\christian\lokale einstellungen\anwendungsdaten\VSO
.
==================== Find3M ====================
.
2012-02-03 09:57:08 1860224 ---ha-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:33 3072 ---h--w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:20 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
2010-05-15 09:11:14 7771222 ---ha-w- c:\programme\Qtpfsgui-windows-SETUP-v1.9.2.exe
2010-05-15 09:00:40 2732732 ---ha-w- c:\programme\PhotomatixBasic121.exe
.
============= FINISH: 13:00:16,89 ===============
Gmer habe ich auch runtergeladen. Vor dem Ausführen habe ich alle Netzwerke (1x WLAN) getrennt und das Virenprogramm deaktiviert (Antivir). Als ich GMER dann gestartet habe, wurde direkt ein Neustart ausgeführt. Als ich mich wieder angemeldet habe, waren das Netzwerk und Virenprogramm wieder aktiv. Ein Scan durch GMER wurde nicht gestartet. Ein 2. Versuch ergab gleiches Ergebnis. Ich hoffe, die dds und die attach hilft schon weiter! Gruß Christian |
|
02.04.2012, 13:16
| #2 |
| /// Malware-holic   | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.04.2012, 02:05
| #3 |
| | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hallo Markus,
__________________hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 03.04.2012 02:36:02 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Christian\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895,48 Mb Total Physical Memory | 382,61 Mb Available Physical Memory | 42,73% Memory free 2,12 Gb Paging File | 1,69 Gb Available in Paging File | 79,95% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 62,82 Gb Total Space | 4,66 Gb Free Space | 7,42% Space Free | Partition Type: NTFS Drive D: | 11,73 Gb Total Space | 2,46 Gb Free Space | 21,01% Space Free | Partition Type: FAT32 Computer Name: EINSTEIN | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Search-Results) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\MySecurityCenter\Programs\service.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\wbsecsvc.exe (Winbond) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\PestPatrol\CookiePatrol.exe (Computer Associates International) PRC - C:\Programme\PestPatrol\PPControl.exe (Computer Associates International) PRC - C:\Programme\PestPatrol\PPMemCheck.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\twain_32\FlatBed\HotKey.Exe () ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\MySecurityCenter\Programs\service.exe () MOD - C:\Programme\PestPatrol\PPMemCheck.exe () MOD - C:\Programme\PestPatrol\PPServer.dll () MOD - C:\Programme\PestPatrol\PPEngine.dll () MOD - C:\WINDOWS\twain_32\FlatBed\HotKey.Exe () MOD - C:\WINDOWS\twain_32\FlatBed\VICEO.DLL () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Win32 Services (SafeList) ========== SRV - (Usbridkwap) -- File not found SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (MySecurityCenter License Service) -- C:\Programme\MySecurityCenter\Programs\service.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (wbsecsvc) -- C:\WINDOWS\System32\wbsecsvc.exe (Winbond) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wbsecdrv) -- system32\DRIVERS\wbsecdrv.sys File not found DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\WINDOWS\system32\drivers\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (Spyder3) -- C:\WINDOWS\system32\drivers\Spyder3.sys () DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (W33ND) -- C:\WINDOWS\system32\drivers\W33ND.SYS (Winbond Electronics Corp.) DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {D13D3A62-0591-49D1-9DD1-A904D6736216} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{B61AF424-73CC-4188-B592-ED9AFC7FE45F}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=FEB2BFB4-EECC-4FD7-992D-6AE7804BB1F1&apn_sauid=C5EE04B2-48C7-4A02-90F0-40DCF20D50CB& IE - HKCU\..\SearchScopes\{D13D3A62-0591-49D1-9DD1-A904D6736216}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{EC52DCEC-0FBA-4E3D-8310-DAE782AA7E8B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.08.14 10:58:18 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.20 18:15:04 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.07 11:38:19 | 000,000,000 | -H-D | M] [2011.04.06 01:06:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Extensions [2012.02.22 23:06:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\v88husb2.default\extensions [2009.01.29 21:13:13 | 000,002,386 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\v88husb2.default\searchplugins\siteadvisor.xml [2012.01.16 00:38:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.08.14 10:55:56 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.03.20 18:15:03 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.02.22 22:58:29 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.22 22:58:29 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.22 22:58:29 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.22 22:58:29 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.22 22:58:29 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.22 22:58:29 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf0.dll (Conduit Ltd.) O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Programme\Elf_1.13\prxtbElf0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe (Computer Associates International) O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe () O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe (Computer Associates International) O4 - HKLM..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe () O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [regist] C:\Programme\MySecurityCenter\Programs\info.exe (MySecurityCenter) O4 - HKLM..\Run: [setc] C:\Programme\MySecurityCenter\Programs\setc.exe (MySecurityCenter) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SWPROguard] C:\Programme\Fighters\SPYWAREfighter\SWPROTray.exe File not found O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [SansaDispatch] C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKCU..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143122975250 (WUWebControl Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FED7716-22A4-4CBF-B5DE-2B3A4642708F}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL File not found O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Control Components\ccmain.exe) - File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.05 06:41:03 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {672CC40F-BBC5-43F1-AA47-1210A0B8E043} - Microsoft Windows Media Player ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ActiveX: Microsoft Base Smart Card Crypto Provider Package - NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Spyder3Utility.lnk - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Ulead Kalendar Checker 4.0 SE.lnk - C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe - (Ulead Systems, Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.03 02:33:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christian\Desktop\OTL.exe [2012.04.03 02:13:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.03 02:03:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Christian\Recent [2012.04.02 14:00:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.04.02 14:00:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.02 14:00:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.04.02 13:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.04.02 13:48:19 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2012.04.02 12:54:19 | 000,607,260 | RH-- | C] (Swearware) -- C:\Dokumente und Einstellungen\Christian\Desktop\dds.com [2012.04.02 11:48:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite [2012.04.02 11:46:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters [2012.04.02 11:46:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0 [2012.04.02 11:44:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Fighters [2012.04.02 00:39:06 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2012.04.02 00:16:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software [2012.04.02 00:07:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\CSC [2012.04.01 23:01:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Startmenü\Programme\SMART HDD [2012.03.18 18:57:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Anwendungsdaten\VSO [2012.03.18 18:56:46 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\VSO [2010.05.15 11:09:17 | 007,771,222 | -H-- | C] (Qtpfsgui Dev Team ) -- C:\Programme\Qtpfsgui-windows-SETUP-v1.9.2.exe [2010.05.15 11:00:14 | 002,732,732 | -H-- | C] (HDRsoft Sarl ) -- C:\Programme\PhotomatixBasic121.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.03 02:33:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christian\Desktop\OTL.exe [2012.04.03 02:32:03 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.03 02:26:50 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.03 02:26:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.03 02:26:18 | 939,048,960 | -HS- | M] () -- C:\hiberfil.sys [2012.04.03 02:08:12 | 000,000,230 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.04.02 20:40:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At2.job [2012.04.02 14:00:39 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.02 14:00:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At4.job [2012.04.02 13:49:15 | 000,004,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\attach.zip [2012.04.02 12:58:04 | 000,302,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\ld6d3uxc.exe [2012.04.02 12:56:22 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.02 12:54:22 | 000,607,260 | RH-- | M] (Swearware) -- C:\Dokumente und Einstellungen\Christian\Desktop\dds.com [2012.04.02 12:35:03 | 000,050,477 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Defogger.exe [2012.04.01 23:18:40 | 000,460,706 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.01 23:18:40 | 000,442,894 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.01 23:18:40 | 000,085,580 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.01 23:18:40 | 000,072,160 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.01 23:01:42 | 000,000,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJLr [2012.04.01 23:01:42 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJL [2012.04.01 23:01:38 | 000,000,256 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL [2012.03.25 17:46:02 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.03.22 23:57:18 | 007,334,565 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Desktop\TGM-Kanis-Turbinen-GmbH_G-Star_Outlet.pdf [2012.03.20 12:32:05 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At3.job [2012.03.18 18:53:06 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLbx.DAT [2012.03.16 00:03:40 | 001,529,184 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.15 22:48:08 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK [2012.03.10 11:10:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\At1.job [2012.03.05 21:33:25 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT [2012.03.04 23:55:54 | 135,164,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\Eigene Dateien\TempImage.nrg [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.02 14:00:39 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.02 13:49:15 | 000,004,283 | ---- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\attach.zip [2012.04.02 12:58:03 | 000,302,592 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\ld6d3uxc.exe [2012.04.02 12:43:04 | 000,050,477 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\Defogger.exe [2012.04.02 00:44:13 | 939,048,960 | -HS- | C] () -- C:\hiberfil.sys [2012.04.01 23:01:42 | 000,000,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJLr [2012.04.01 23:01:42 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-6tvo03dNzTweJL [2012.04.01 23:01:34 | 000,000,256 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL [2012.03.22 23:57:18 | 007,334,565 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Desktop\TGM-Kanis-Turbinen-GmbH_G-Star_Outlet.pdf [2012.03.04 23:51:50 | 135,164,736 | -H-- | C] () -- C:\Dokumente und Einstellungen\Christian\Eigene Dateien\TempImage.nrg [2012.02.17 00:17:59 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.28 01:46:01 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.12.26 00:15:25 | 001,791,728 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.12.25 23:10:57 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.12.25 23:10:57 | 000,036,608 | -H-- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.05.25 08:45:24 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2010.05.25 08:45:24 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2010.05.25 08:45:24 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2010.05.25 08:45:24 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010.05.15 12:49:31 | 000,782,336 | -H-- | C] () -- C:\WINDOWS\System32\IlmImf.dll [2010.05.15 12:49:31 | 000,353,280 | -H-- | C] () -- C:\WINDOWS\System32\pmtf2.dll [2010.05.15 12:49:31 | 000,270,848 | -H-- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll [2010.05.15 12:49:31 | 000,229,376 | -H-- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll [2010.05.15 12:49:31 | 000,216,064 | -H-- | C] () -- C:\WINDOWS\System32\pmjp.dll [2010.05.15 12:49:31 | 000,205,824 | -H-- | C] () -- C:\WINDOWS\System32\pmtf1.dll [2010.05.15 12:49:31 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll [2010.05.15 12:49:31 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pmexr.dll [2010.05.15 12:49:31 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmbm.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.04.03 02:13:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2007.12.16 12:58:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen [2006.04.05 07:18:09 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.25 23:01:22 | 000,000,000 | -H-D | M] -- C:\Program Files [2012.04.03 02:16:13 | 000,000,000 | RH-D | M] -- C:\Programme [2008.04.03 11:57:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.04.03 02:38:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.23 18:40:47 | 000,000,000 | -H-D | M] -- C:\Temp [2011.05.23 22:27:03 | 000,000,000 | -H-D | M] -- C:\THExcel [2012.04.03 02:26:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2010.05.15 11:00:40 | 002,732,732 | -H-- | M] (HDRsoft Sarl ) -- C:\Programme\PhotomatixBasic121.exe [2010.05.15 11:11:14 | 007,771,222 | -H-- | M] (Qtpfsgui Dev Team ) -- C:\Programme\Qtpfsgui-windows-SETUP-v1.9.2.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2010.01.12 22:53:28 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 14:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.10 14:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: IASTOR.SYS > [2005.10.12 13:07:12 | 000,874,240 | -H-- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OEMDRV\iastor.sys [2005.06.17 08:33:40 | 000,872,064 | -H-- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\I386\IASTOR.SYS < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: NVATABUS.SYS > [2005.02.12 02:11:02 | 000,089,856 | -H-- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\OEMDRV\nvatabus.sys [2005.01.20 09:45:30 | 000,088,960 | -H-- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\I386\NVATABUS.SYS < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 14:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.10 14:00:00 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 14:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VIAMRAID.SYS > [2004.05.18 16:55:26 | 000,074,112 | -H-- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\I386\VIAMRAID.SYS [2004.05.18 16:55:26 | 000,074,112 | -H-- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEMDRV\viamraid.sys < MD5 for: WINLOGON.EXE > [2004.08.10 14:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.03.23 15:54:24 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.03.23 15:54:24 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.03.23 15:54:24 | 000,421,888 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.01.07 16:23:35 | 000,000,175 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\default.pls [2012.04.03 02:05:37 | 008,126,464 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\NTUSER.DAT [2012.04.03 02:37:54 | 000,253,952 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.dat.LOG [2012.04.03 02:05:37 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Christian\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.02.03 11:57:08 | 001,860,224 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.04.2012 02:36:02 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Christian\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
895,48 Mb Total Physical Memory | 382,61 Mb Available Physical Memory | 42,73% Memory free
2,12 Gb Paging File | 1,69 Gb Available in Paging File | 79,95% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 62,82 Gb Total Space | 4,66 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 11,73 Gb Total Space | 2,46 Gb Free Space | 21,01% Space Free | Partition Type: FAT32
Computer Name: EINSTEIN | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Programme\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [dm Fotowelt] -- "C:\Programme\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:enabled:Skype
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\InterVideo\DVD7\WinDVD.exe" = C:\Programme\InterVideo\DVD7\WinDVD.exe:*:enabled:InterVideo WinDVD 7 -- (InterVideo Inc.)
"C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe" = C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe:*:enabled:InterVideo MediaOne Gallery -- ()
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\InterVideo\DVD7\WinDVD.exe" = C:\Programme\InterVideo\DVD7\WinDVD.exe:*:enabled:InterVideo WinDVD 7 -- (InterVideo Inc.)
"C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe" = C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe:*:enabled:InterVideo MediaOne Gallery -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:Disabled:AOL 9.0
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:Disabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:Disabled:AOL 9.0 (Connectivity Service Dialer)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:Disabled:AOL 9.0 (Connectivity Service)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.72
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead FilmBrennerei 4.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80D847BF-3610-4BE4-9F05-970BADEADB9A}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{96C267DA-0926-4C11-B4E7-4D3EF85130D0}" = Paint.NET v3.22
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4970F2B-17E4-486E-9D4A-05EB996812AE}" = Jalbum
"{A4C0464C-542F-497B-B36D-A631E9A6F6C6}" = Reflex4
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB09F557-4821-46D0-BF86-8D1389AA6BC7}" = Tabellenbuch Metall digital
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD6A398A-42A7-485D-8F71-FD9D03FF41C2}" = PED Professional
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{FAF88B432344413595BB2DED98385684}" = DivX User Guide
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Capture NX 2" = Capture NX 2
"Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem
"dm Fotowelt" = dm Fotowelt
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"ElsterFormular 11.5.0.4546" = ElsterFormular
"Exif-Viewer" = Exif-Viewer 2.50
"FastStone Image Viewer" = FastStone Image Viewer 4.1
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LetsTrade" = LetsTrade Komponenten
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PED Professional" = PED Professional
"Photomatix Basic_is1" = Photomatix Basic version 1.2.1
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Qtpfsgui_is1" = Qtpfsgui 1.9.2
"RealPlayer 6.0" = RealPlayer
"RI-CAD_is1" = RI-CAD
"Spyder3Pro" = Spyder3Pro
"SPYWAREfighter" = SPYWAREfighter
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"USB Scanner" = USB Scanner
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Winbond WLAN" = Winbond WLAN
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENcast Organizer" = ZENcast Organizer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2012 05:52:28 | Computer Name = EINSTEIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung 6tvo03dNzTweJL.exe, Version 9.63.24.24, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.04.2012 05:54:55 | Computer Name = EINSTEIN | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1383909612.
Error - 02.04.2012 06:05:56 | Computer Name = EINSTEIN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 02.04.2012 06:08:18 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
Error - 02.04.2012 07:08:06 | Computer Name = EINSTEIN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 02.04.2012 07:09:06 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
Error - 02.04.2012 07:16:35 | Computer Name = EINSTEIN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 02.04.2012 20:08:11 | Computer Name = EINSTEIN | Source = COM+ | ID = 135761
Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt.
Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität
wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten,
die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler
in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector
fail
Error - 02.04.2012 20:21:52 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
Error - 02.04.2012 20:26:43 | Computer Name = EINSTEIN | Source = Media Center Scheduler | ID = 0
Description =
[ System Events ]
Error - 02.04.2012 20:18:50 | Computer Name = EINSTEIN | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 02.04.2012 20:20:01 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
Error - 02.04.2012 20:20:01 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Suite Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 02.04.2012 20:20:01 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
wbsecdrv
Error - 02.04.2012 20:22:06 | Computer Name = EINSTEIN | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 84dba000,
3. Parameter 84dba828, 4. Parameter 1b050000.
Error - 02.04.2012 20:26:40 | Computer Name = EINSTEIN | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 02.04.2012 20:27:42 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
Error - 02.04.2012 20:27:42 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Suite Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 02.04.2012 20:27:42 | Computer Name = EINSTEIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
wbsecdrv
Error - 02.04.2012 20:27:52 | Computer Name = EINSTEIN | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 84e00000,
3. Parameter 84e00828, 4. Parameter 1b050000.
< End of report >
Ich habe heute zudem noch Malwarebytes Anti-Malware drüber laufen lassen. Hier das zugehörige Log-File: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.02.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Christian :: EINSTEIN [administrator] 02.04.2012 14:03:16 mbam-log-2012-04-03 (02-04-28).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 401536 Time elapsed: 2 hour(s), 52 minute(s), 4 second(s) Memory Processes Detected: 2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe (Trojan.Agent) -> 2284 -> No action taken. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL.exe (Rogue.FakeHDD) -> 3724 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XSROCGDdNlpYr.exe (Trojan.Agent) -> Data: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe -> No action taken. Registry Data Items Detected: 7 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSROCGDdNlpYr.exe (Trojan.Agent) -> No action taken. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6tvo03dNzTweJL.exe (Rogue.FakeHDD) -> No action taken. C:\RECYCLER\S-1-5-21-2807410001-2874036241-350567841-1006\Dc43.exe (Adware.InstallCore) -> No action taken. C:\tujserrew.bat (Malware.Trace) -> No action taken. (end) Gruß Christian |
|
03.04.2012, 08:20
| #4 | |
| /// Malware-holic | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt lade unhide: Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 14:30
| #5 |
| | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hallo Markus, ich habe die unhide.exe ausgeführt. Die Ordner/Dateien sind jetzt wieder auf dem Desktop und im Explorer sichtbar. Jedoch sind Unterordner von den Programmen im Startmenü nicht gänzlich sichtbar. Bsp.: Der Ordner für Microsoft Office ist sichtbar, Unterordner werden aber nicht angezeigt (leer). Dies betrifft aber nicht alle Unterordner. Ich habe die unhide.exe noch ein zweites Mal ausgeführt - ohne Erfolg bezüglich der Sichtbarkeit der Unterordner. Hier die unhide.txt vom zweiten Durchlauf: Code:
ATTFilter Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 04/03/2012 01:47:31 PM
Windows Version: Windows XP
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 182271 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 5159 files processed.
Restoring the Start Menu.
* 340 Shortcuts and Desktop items were restored.
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Program finished at: 04/03/2012 01:55:05 PM
Execution time: 0 hours(s), 7 minute(s), and 33 seconds(s)
Die Combofix.exe habe ich auf dem Desktop gespeichert, alle Virenprogramme deaktiviert, alle Programme geschlossen, und dann die Combofix.exe ausgeführt. Am Ende gab es einen Neustart. Jedoch kann ich die Combofix.txt nicht finden. Stattdessen liegt unter C: ein Ordner "Combofix" dessen Inhalt dem Inhalt des Arbeitplatzes entspricht. Wobei im Pfadname der Unterordner Combofix nicht auftaucht, sondern direkt C:\... Ist meine Schilderung verständlich für dich? Kannst du einen Fehler in meiner Ausfühung der beschriebenen Schritte erkennen? Soll ich die Combofix.exe nochmal durchführen? Gruß Christian |
|
03.04.2012, 14:41
| #6 |
| /// Malware-holic | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt schau ob eine log.txt auf c: liegt oder die combofix.txt im ordner qoobox, ebenfalls auf c: zu finden ist.
__________________ --> S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt |
|
03.04.2012, 20:00
| #7 |
| | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hallo Markus, kann weder log.txt auf c: noch combofix.txt im ordner qoobox oder auf c: finden. Soll ich combofix nochmal ausführen? |
|
03.04.2012, 20:10
| #8 |
| /// Malware-holic | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt führe das programm bitte noch mal aus, starte neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich im betroffenen konto an.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 21:13
| #9 |
| | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hallo Markus, habe combofix nochmal ausgeführt und bin jetzt im abgesicherten Modus mit Netzwerk angemeldet. Kann die combofix.txt bzw. log.txt immer noch nicht finden. Zu den betroffenen Konten: Wir haben zwei Konten auf dem Laptop eingerichtet, beide sind/waren von Smart Hdd betroffen. |
|
04.04.2012, 09:17
| #10 |
| /// Malware-holic | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt führe bitte erst mal den tdss killer aus: http://www.trojaner-board.de/82358-t...entfernen.html bei aktion wähle skip, log posten bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.04.2012, 11:25
| #11 |
| | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hallo Markus, hier der log vom tdds killer: Code:
ATTFilter 12:15:27.0156 0964 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
12:15:27.0265 0964 ============================================================
12:15:27.0265 0964 Current date / time: 2012/04/04 12:15:27.0265
12:15:27.0265 0964 SystemInfo:
12:15:27.0265 0964
12:15:27.0265 0964 OS Version: 5.1.2600 ServicePack: 3.0
12:15:27.0265 0964 Product type: Workstation
12:15:27.0265 0964 ComputerName: EINSTEIN
12:15:27.0265 0964 UserName: Christian
12:15:27.0265 0964 Windows directory: C:\WINDOWS
12:15:27.0265 0964 System windows directory: C:\WINDOWS
12:15:27.0265 0964 Processor architecture: Intel x86
12:15:27.0265 0964 Number of processors: 1
12:15:27.0265 0964 Page size: 0x1000
12:15:27.0265 0964 Boot type: Safe boot with network
12:15:27.0265 0964 ============================================================
12:15:29.0421 0964 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:15:29.0421 0964 \Device\Harddisk0\DR0:
12:15:29.0421 0964 MBR used
12:15:29.0421 0964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7DA15C9
12:15:29.0453 0964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x7DA1647, BlocksNum 0x177C97E
12:15:29.0500 0964 Initialize success
12:15:29.0500 0964 ============================================================
12:15:46.0375 1132 ============================================================
12:15:46.0375 1132 Scan started
12:15:46.0375 1132 Mode: Manual; SigCheck; TDLFS;
12:15:46.0375 1132 ============================================================
12:15:47.0531 1132 Abiosdsk - ok
12:15:47.0656 1132 abp480n5 - ok
12:15:47.0812 1132 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:15:51.0218 1132 ACPI - ok
12:15:51.0375 1132 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:15:51.0750 1132 ACPIEC - ok
12:15:51.0875 1132 Adobe LM Service (f84c9dee4698df3c1d76801b7b1b55d7) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
12:15:51.0906 1132 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:15:51.0906 1132 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:15:52.0062 1132 adpu160m - ok
12:15:52.0234 1132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:15:52.0546 1132 aec - ok
12:15:52.0671 1132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:15:52.0750 1132 AFD - ok
12:15:52.0937 1132 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:15:53.0125 1132 AgereSoftModem - ok
12:15:53.0218 1132 Aha154x - ok
12:15:53.0312 1132 aic78u2 - ok
12:15:53.0437 1132 aic78xx - ok
12:15:53.0796 1132 ALCXWDM (08a9aebdf5c1ae0d5fa6c3f105b2e69e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:15:54.0234 1132 ALCXWDM - ok
12:15:54.0359 1132 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:15:54.0656 1132 Alerter - ok
12:15:54.0750 1132 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:15:55.0046 1132 ALG - ok
12:15:55.0234 1132 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:15:55.0546 1132 AliIde - ok
12:15:55.0687 1132 AmdK8 (b9dbaae3219661f4d0c5e8dc0c2f987d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:15:55.0750 1132 AmdK8 - ok
12:15:55.0859 1132 amsint - ok
12:15:56.0078 1132 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
12:15:56.0125 1132 AntiVirSchedulerService - ok
12:15:56.0250 1132 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:15:56.0281 1132 AntiVirService - ok
12:15:56.0406 1132 Apple Mobile Device (a8aa9d47f971570a5162b862b80f87e8) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:15:56.0421 1132 Apple Mobile Device - ok
12:15:56.0546 1132 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:15:56.0859 1132 AppMgmt - ok
12:15:56.0984 1132 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:15:57.0312 1132 Arp1394 - ok
12:15:57.0390 1132 asc - ok
12:15:57.0468 1132 asc3350p - ok
12:15:57.0562 1132 asc3550 - ok
12:15:57.0796 1132 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:15:57.0812 1132 aspnet_state - ok
12:15:57.0906 1132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:15:58.0234 1132 AsyncMac - ok
12:15:58.0359 1132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:15:58.0671 1132 atapi - ok
12:15:58.0781 1132 Atdisk - ok
12:15:58.0921 1132 Ati HotKey Poller (43e945dc2a642539e2b07633cdc9c30e) C:\WINDOWS\system32\Ati2evxx.exe
12:15:59.0000 1132 Ati HotKey Poller - ok
12:15:59.0171 1132 ati2mtag (c762f8fca8f7023e3d405ab915e8acd7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:15:59.0328 1132 ati2mtag - ok
12:15:59.0421 1132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:15:59.0765 1132 Atmarpc - ok
12:15:59.0875 1132 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:16:00.0203 1132 AudioSrv - ok
12:16:00.0312 1132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:16:00.0640 1132 audstub - ok
12:16:00.0750 1132 AVFSFilter - ok
12:16:00.0906 1132 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
12:16:00.0906 1132 avgio - ok
12:16:01.0046 1132 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:16:16.0437 1132 avgntflt - ok
12:16:16.0593 1132 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:16:16.0640 1132 avipbb - ok
12:16:16.0859 1132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:16:17.0203 1132 Beep - ok
12:16:17.0328 1132 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:16:17.0625 1132 BITS - ok
12:16:17.0750 1132 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Programme\Bonjour\mDNSResponder.exe
12:16:17.0781 1132 Bonjour Service - ok
12:16:17.0843 1132 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:16:18.0156 1132 Browser - ok
12:16:18.0312 1132 catchme - ok
12:16:18.0453 1132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:16:18.0812 1132 cbidf2k - ok
12:16:18.0906 1132 cd20xrnt - ok
12:16:19.0000 1132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:16:19.0390 1132 Cdaudio - ok
12:16:19.0500 1132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:16:19.0781 1132 Cdfs - ok
12:16:19.0828 1132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:16:20.0218 1132 Cdrom - ok
12:16:20.0312 1132 Changer - ok
12:16:20.0437 1132 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:16:20.0750 1132 CiSvc - ok
12:16:20.0859 1132 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:16:21.0140 1132 ClipSrv - ok
12:16:21.0359 1132 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:21.0375 1132 clr_optimization_v2.0.50727_32 - ok
12:16:21.0468 1132 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:16:21.0750 1132 CmBatt - ok
12:16:21.0875 1132 CmdIde - ok
12:16:21.0968 1132 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:16:22.0265 1132 Compbatt - ok
12:16:22.0312 1132 COMSysApp - ok
12:16:22.0453 1132 Cpqarray - ok
12:16:22.0562 1132 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:16:22.0859 1132 CryptSvc - ok
12:16:22.0984 1132 dac2w2k - ok
12:16:23.0062 1132 dac960nt - ok
12:16:23.0218 1132 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:16:23.0343 1132 DcomLaunch - ok
12:16:23.0500 1132 dgderdrv (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys
12:16:32.0875 1132 dgderdrv - ok
12:16:33.0015 1132 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:16:33.0312 1132 Dhcp - ok
12:16:33.0359 1132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:16:33.0671 1132 Disk - ok
12:16:33.0718 1132 dmadmin - ok
12:16:33.0890 1132 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:16:34.0218 1132 dmboot - ok
12:16:34.0328 1132 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:16:34.0656 1132 dmio - ok
12:16:34.0703 1132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:16:35.0109 1132 dmload - ok
12:16:35.0218 1132 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:16:35.0515 1132 dmserver - ok
12:16:35.0625 1132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:16:35.0906 1132 DMusic - ok
12:16:36.0015 1132 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:16:36.0125 1132 Dnscache - ok
12:16:36.0250 1132 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:16:36.0578 1132 Dot3svc - ok
12:16:36.0671 1132 dpti2o - ok
12:16:36.0765 1132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:16:37.0062 1132 drmkaud - ok
12:16:37.0171 1132 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:16:37.0468 1132 EapHost - ok
12:16:37.0593 1132 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
12:16:37.0734 1132 ehRecvr - ok
12:16:37.0875 1132 ehSched (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
12:16:37.0906 1132 ehSched - ok
12:16:38.0031 1132 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:16:38.0312 1132 ERSvc - ok
12:16:38.0453 1132 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:16:38.0546 1132 Eventlog - ok
12:16:38.0718 1132 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
12:16:38.0781 1132 EventSystem - ok
12:16:38.0937 1132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:16:39.0234 1132 Fastfat - ok
12:16:39.0359 1132 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:16:39.0437 1132 FastUserSwitchingCompatibility - ok
12:16:39.0531 1132 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
12:16:39.0843 1132 Fax - ok
12:16:40.0000 1132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:16:40.0265 1132 Fdc - ok
12:16:40.0406 1132 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:16:40.0687 1132 Fips - ok
12:16:40.0828 1132 FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:16:40.0921 1132 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:16:40.0921 1132 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:16:41.0031 1132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:16:41.0328 1132 Flpydisk - ok
12:16:41.0437 1132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:16:41.0765 1132 FltMgr - ok
12:16:41.0968 1132 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:16:42.0015 1132 FontCache3.0.0.0 - ok
12:16:42.0140 1132 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
12:16:42.0156 1132 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:16:42.0156 1132 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:16:42.0265 1132 FsUsbExService (15ab846886c225fff0376f3cef21188f) C:\WINDOWS\system32\FsUsbExService.Exe
12:16:42.0328 1132 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
12:16:42.0328 1132 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
12:16:42.0437 1132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:16:42.0765 1132 Fs_Rec - ok
12:16:42.0906 1132 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:16:43.0250 1132 Ftdisk - ok
12:16:43.0375 1132 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:16:43.0421 1132 GEARAspiWDM - ok
12:16:43.0500 1132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:16:43.0781 1132 Gpc - ok
12:16:43.0984 1132 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
12:16:44.0000 1132 gupdate - ok
12:16:44.0046 1132 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
12:16:44.0062 1132 gupdatem - ok
12:16:44.0218 1132 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:16:44.0515 1132 helpsvc - ok
12:16:44.0562 1132 HidServ - ok
12:16:44.0656 1132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:16:44.0968 1132 HidUsb - ok
12:16:45.0125 1132 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:16:45.0406 1132 hkmsvc - ok
12:16:45.0484 1132 hpn - ok
12:16:45.0578 1132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:16:45.0671 1132 HTTP - ok
12:16:45.0765 1132 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:16:46.0046 1132 HTTPFilter - ok
12:16:46.0093 1132 i2omgmt - ok
12:16:46.0171 1132 i2omp - ok
12:16:46.0265 1132 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:16:46.0562 1132 i8042prt - ok
12:16:46.0718 1132 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:16:46.0750 1132 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:16:46.0750 1132 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:16:47.0015 1132 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:16:47.0093 1132 idsvc - ok
12:16:47.0218 1132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:16:47.0531 1132 Imapi - ok
12:16:47.0656 1132 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:16:47.0953 1132 ImapiService - ok
12:16:48.0031 1132 ini910u - ok
12:16:48.0187 1132 IntelIde - ok
12:16:48.0328 1132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:16:48.0609 1132 Ip6Fw - ok
12:16:48.0750 1132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:16:49.0078 1132 IpFilterDriver - ok
12:16:49.0187 1132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:16:49.0484 1132 IpInIp - ok
12:16:49.0578 1132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:16:49.0875 1132 IpNat - ok
12:16:50.0015 1132 iPod Service (62937a89470af8ff172f0980ca8aefc9) C:\Programme\iPod\bin\iPodService.exe
12:16:50.0093 1132 iPod Service - ok
12:16:50.0218 1132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:16:50.0484 1132 IPSec - ok
12:16:50.0625 1132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:16:50.0921 1132 IRENUM - ok
12:16:51.0015 1132 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:16:51.0312 1132 isapnp - ok
12:16:51.0468 1132 Iviaspi (94a8c9436c36cd9657cfed0043066b9c) C:\WINDOWS\system32\drivers\iviaspi.sys
12:16:51.0500 1132 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
12:16:51.0500 1132 Iviaspi - detected UnsignedFile.Multi.Generic (1)
12:16:51.0625 1132 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
12:16:51.0640 1132 JavaQuickStarterService - ok
12:16:51.0703 1132 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:16:52.0046 1132 Kbdclass - ok
12:16:52.0140 1132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:16:52.0437 1132 kmixer - ok
12:16:52.0562 1132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:16:52.0671 1132 KSecDD - ok
12:16:52.0750 1132 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:16:52.0875 1132 lanmanserver - ok
12:16:53.0000 1132 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:16:53.0046 1132 lanmanworkstation - ok
12:16:53.0140 1132 lbrtfdc - ok
12:16:53.0406 1132 LightScribeService (d30d9547c02ecee13e259970f71503d7) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
12:16:53.0421 1132 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:16:53.0421 1132 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:16:53.0546 1132 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:16:53.0828 1132 LmHosts - ok
12:16:53.0968 1132 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
12:16:54.0015 1132 McrdSvc - ok
12:16:54.0140 1132 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
12:16:54.0171 1132 MDM - ok
12:16:54.0296 1132 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:16:54.0593 1132 Messenger - ok
12:16:54.0703 1132 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
12:16:54.0734 1132 MHN ( UnsignedFile.Multi.Generic ) - warning
12:16:54.0734 1132 MHN - detected UnsignedFile.Multi.Generic (1)
12:16:54.0843 1132 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:16:54.0875 1132 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
12:16:54.0875 1132 MHNDRV - detected UnsignedFile.Multi.Generic (1)
12:16:55.0000 1132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:16:55.0312 1132 mnmdd - ok
12:16:55.0437 1132 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
12:16:55.0734 1132 mnmsrvc - ok
12:16:55.0796 1132 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:16:56.0093 1132 Modem - ok
12:16:56.0218 1132 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:16:56.0484 1132 Mouclass - ok
12:16:56.0625 1132 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:16:56.0953 1132 mouhid - ok
12:16:57.0031 1132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:16:57.0312 1132 MountMgr - ok
12:16:57.0406 1132 mraid35x - ok
12:16:57.0546 1132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:16:57.0812 1132 MRxDAV - ok
12:16:57.0953 1132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:16:58.0109 1132 MRxSmb - ok
12:16:58.0218 1132 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
12:16:58.0500 1132 MSDTC - ok
12:16:58.0593 1132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:16:58.0937 1132 Msfs - ok
12:16:59.0031 1132 MSIServer - ok
12:16:59.0140 1132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:16:59.0421 1132 MSKSSRV - ok
12:16:59.0546 1132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:16:59.0828 1132 MSPCLOCK - ok
12:16:59.0937 1132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:17:00.0250 1132 MSPQM - ok
12:17:00.0390 1132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:17:00.0671 1132 mssmbios - ok
12:17:00.0750 1132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:17:00.0859 1132 Mup - ok
12:17:00.0953 1132 MySecurityCenter License Service (500c0730c7c6f26a7e4b2e284adfe738) C:\Programme\MySecurityCenter\Programs\service.exe
12:17:01.0000 1132 MySecurityCenter License Service - ok
12:17:01.0109 1132 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:17:01.0421 1132 napagent - ok
12:17:01.0578 1132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:17:01.0875 1132 NDIS - ok
12:17:02.0046 1132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:17:02.0109 1132 NdisTapi - ok
12:17:02.0203 1132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:17:02.0484 1132 Ndisuio - ok
12:17:02.0546 1132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:17:02.0859 1132 NdisWan - ok
12:17:02.0968 1132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:17:03.0062 1132 NDProxy - ok
12:17:03.0125 1132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:17:03.0421 1132 NetBIOS - ok
12:17:03.0531 1132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:17:03.0843 1132 NetBT - ok
12:17:03.0968 1132 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:17:04.0250 1132 NetDDE - ok
12:17:04.0296 1132 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:17:04.0640 1132 NetDDEdsdm - ok
12:17:04.0734 1132 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:05.0031 1132 Netlogon - ok
12:17:05.0140 1132 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:17:05.0437 1132 Netman - ok
12:17:05.0609 1132 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:05.0625 1132 NetTcpPortSharing - ok
12:17:05.0687 1132 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:17:06.0031 1132 NIC1394 - ok
12:17:06.0171 1132 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:17:06.0250 1132 Nla - ok
12:17:06.0343 1132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:17:06.0625 1132 Npfs - ok
12:17:06.0734 1132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:17:07.0031 1132 Ntfs - ok
12:17:07.0140 1132 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:07.0421 1132 NtLmSsp - ok
12:17:07.0562 1132 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:17:07.0875 1132 NtmsSvc - ok
12:17:07.0984 1132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:17:08.0296 1132 Null - ok
12:17:08.0421 1132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:17:08.0781 1132 NwlnkFlt - ok
12:17:08.0875 1132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:17:09.0203 1132 NwlnkFwd - ok
12:17:09.0343 1132 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:17:09.0625 1132 ohci1394 - ok
12:17:09.0734 1132 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
12:17:09.0765 1132 ose - ok
12:17:09.0859 1132 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
12:17:10.0125 1132 Parport - ok
12:17:10.0234 1132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:17:10.0515 1132 PartMgr - ok
12:17:10.0625 1132 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:17:10.0953 1132 ParVdm - ok
12:17:11.0093 1132 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:17:11.0375 1132 PCI - ok
12:17:11.0421 1132 PCIDump - ok
12:17:11.0546 1132 PCIIde - ok
12:17:11.0687 1132 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:17:11.0968 1132 Pcmcia - ok
12:17:12.0046 1132 PDCOMP - ok
12:17:12.0140 1132 PDFRAME - ok
12:17:12.0218 1132 PDRELI - ok
12:17:12.0343 1132 PDRFRAME - ok
12:17:12.0421 1132 perc2 - ok
12:17:12.0500 1132 perc2hib - ok
12:17:13.0015 1132 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
12:17:13.0062 1132 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
12:17:13.0062 1132 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
12:17:13.0250 1132 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:17:13.0359 1132 PlugPlay - ok
12:17:13.0562 1132 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:13.0828 1132 PolicyAgent - ok
12:17:13.0968 1132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:17:14.0265 1132 PptpMiniport - ok
12:17:14.0359 1132 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:17:14.0656 1132 Processor - ok
12:17:14.0781 1132 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:15.0046 1132 ProtectedStorage - ok
12:17:15.0171 1132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:17:15.0453 1132 PSched - ok
12:17:15.0515 1132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:17:15.0843 1132 Ptilink - ok
12:17:15.0921 1132 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:17:15.0968 1132 PxHelp20 - ok
12:17:16.0093 1132 ql1080 - ok
12:17:16.0171 1132 Ql10wnt - ok
12:17:16.0296 1132 ql12160 - ok
12:17:16.0406 1132 ql1240 - ok
12:17:16.0500 1132 ql1280 - ok
12:17:16.0640 1132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:17:16.0968 1132 RasAcd - ok
12:17:17.0062 1132 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:17:17.0421 1132 RasAuto - ok
12:17:17.0515 1132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:17:17.0796 1132 Rasl2tp - ok
12:17:17.0875 1132 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:17:18.0187 1132 RasMan - ok
12:17:18.0265 1132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:17:18.0546 1132 RasPppoe - ok
12:17:18.0656 1132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:17:19.0000 1132 Raspti - ok
12:17:19.0093 1132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:17:19.0390 1132 Rdbss - ok
12:17:19.0546 1132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:17:19.0859 1132 RDPCDD - ok
12:17:19.0968 1132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:17:20.0281 1132 rdpdr - ok
12:17:20.0421 1132 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:17:20.0515 1132 RDPWD - ok
12:17:20.0625 1132 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:17:20.0921 1132 RDSessMgr - ok
12:17:21.0031 1132 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:17:21.0312 1132 redbook - ok
12:17:21.0390 1132 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:17:21.0750 1132 RemoteAccess - ok
12:17:21.0812 1132 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:17:22.0109 1132 RemoteRegistry - ok
12:17:22.0250 1132 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
12:17:22.0531 1132 RpcLocator - ok
12:17:22.0656 1132 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:17:22.0781 1132 RpcSs - ok
12:17:22.0937 1132 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
12:17:23.0250 1132 RSVP - ok
12:17:23.0343 1132 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:17:23.0640 1132 SamSs - ok
12:17:23.0734 1132 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:17:24.0031 1132 SCardSvr - ok
12:17:24.0171 1132 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
12:17:24.0187 1132 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
12:17:24.0187 1132 SCDEmu - detected UnsignedFile.Multi.Generic (1)
12:17:24.0312 1132 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:17:24.0593 1132 Schedule - ok
12:17:24.0765 1132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:17:25.0046 1132 Secdrv - ok
12:17:25.0156 1132 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:17:25.0437 1132 seclogon - ok
12:17:25.0531 1132 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:17:25.0796 1132 SENS - ok
12:17:25.0953 1132 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
12:17:26.0234 1132 Serial - ok
12:17:26.0421 1132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:17:26.0718 1132 Sfloppy - ok
12:17:26.0859 1132 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:17:27.0156 1132 SharedAccess - ok
12:17:27.0265 1132 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:17:27.0281 1132 ShellHWDetection - ok
12:17:27.0328 1132 Simbad - ok
12:17:27.0437 1132 Sparrow - ok
12:17:27.0531 1132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:17:27.0843 1132 splitter - ok
12:17:27.0937 1132 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:17:28.0031 1132 Spooler - ok
12:17:28.0140 1132 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\WINDOWS\system32\DRIVERS\Spyder3.sys
12:17:28.0250 1132 Spyder3 - ok
12:17:28.0328 1132 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:17:28.0609 1132 sr - ok
12:17:28.0734 1132 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
12:17:29.0015 1132 srservice - ok
12:17:29.0140 1132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:17:29.0218 1132 Srv - ok
12:17:29.0296 1132 sscebus (b2063ce662af3ab20045121a5b716df6) C:\WINDOWS\system32\DRIVERS\sscebus.sys
12:17:29.0375 1132 sscebus - ok
12:17:29.0484 1132 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
12:17:29.0500 1132 sscemdfl - ok
12:17:29.0640 1132 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\WINDOWS\system32\DRIVERS\sscemdm.sys
12:17:29.0656 1132 sscemdm - ok
12:17:29.0781 1132 ssceserd (60cd4ad33aa52e58faac3abad18cf8ef) C:\WINDOWS\system32\DRIVERS\ssceserd.sys
12:17:29.0796 1132 ssceserd - ok
12:17:29.0937 1132 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:17:30.0218 1132 SSDPSRV - ok
12:17:30.0296 1132 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:17:30.0343 1132 ssmdrv - ok
12:17:30.0437 1132 StillCam (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:17:30.0812 1132 StillCam - ok
12:17:30.0937 1132 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:17:31.0234 1132 stisvc - ok
12:17:31.0328 1132 Suite Service - ok
12:17:31.0468 1132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:17:31.0750 1132 swenum - ok
12:17:31.0843 1132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:17:32.0140 1132 swmidi - ok
12:17:32.0218 1132 SwPrv - ok
12:17:32.0375 1132 symc810 - ok
12:17:32.0500 1132 symc8xx - ok
12:17:32.0578 1132 sym_hi - ok
12:17:32.0671 1132 sym_u3 - ok
12:17:32.0828 1132 SynTP (e76e0a9a30a4f2809a3356af32d06f0b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:17:32.0890 1132 SynTP - ok
12:17:33.0000 1132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:17:33.0296 1132 sysaudio - ok
12:17:33.0421 1132 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:17:33.0718 1132 SysmonLog - ok
12:17:33.0859 1132 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:17:34.0156 1132 TapiSrv - ok
12:17:34.0265 1132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:17:34.0296 1132 Tcpip - ok
12:17:34.0406 1132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:17:34.0687 1132 TDPIPE - ok
12:17:34.0796 1132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:17:35.0062 1132 TDTCP - ok
12:17:35.0156 1132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:17:35.0468 1132 TermDD - ok
12:17:35.0578 1132 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:17:35.0875 1132 TermService - ok
12:17:36.0000 1132 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:17:36.0062 1132 Themes - ok
12:17:36.0109 1132 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
12:17:36.0421 1132 TlntSvr - ok
12:17:36.0468 1132 TosIde - ok
12:17:36.0562 1132 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:17:36.0859 1132 TrkWks - ok
12:17:36.0968 1132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:17:37.0296 1132 Udfs - ok
12:17:37.0484 1132 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
12:17:37.0500 1132 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
12:17:37.0500 1132 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
12:17:37.0656 1132 ULI5261XP (ce2dd5efb0f773382376faaf9f506542) C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
12:17:37.0703 1132 ULI5261XP - ok
12:17:37.0812 1132 ultra - ok
12:17:37.0968 1132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:17:38.0296 1132 Update - ok
12:17:38.0468 1132 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:17:38.0765 1132 upnphost - ok
12:17:38.0859 1132 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:17:39.0156 1132 UPS - ok
12:17:39.0234 1132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:17:39.0562 1132 usbccgp - ok
12:17:39.0671 1132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:17:39.0953 1132 usbehci - ok
12:17:40.0046 1132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:17:40.0328 1132 usbhub - ok
12:17:40.0421 1132 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:17:40.0687 1132 usbohci - ok
12:17:40.0828 1132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:17:41.0109 1132 usbprint - ok
12:17:41.0203 1132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:17:41.0500 1132 usbscan - ok
12:17:41.0609 1132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:17:41.0906 1132 USBSTOR - ok
12:17:42.0015 1132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:17:42.0296 1132 VgaSave - ok
12:17:42.0375 1132 ViaIde - ok
12:17:42.0515 1132 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:17:42.0781 1132 VolSnap - ok
12:17:42.0875 1132 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:17:43.0171 1132 VSS - ok
12:17:43.0312 1132 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:17:43.0562 1132 W32Time - ok
12:17:43.0640 1132 W33ND (0baa4c13ccd2cafe1e121121f1c1611d) C:\WINDOWS\system32\DRIVERS\W33ND.SYS
12:17:43.0687 1132 W33ND - ok
12:17:43.0781 1132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:17:44.0093 1132 Wanarp - ok
12:17:44.0218 1132 wanatw - ok
12:17:44.0312 1132 wbsecdrv - ok
12:17:44.0390 1132 wbsecsvc - ok
12:17:44.0546 1132 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:17:44.0593 1132 Wdf01000 - ok
12:17:44.0687 1132 WDICA - ok
12:17:44.0828 1132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:17:45.0109 1132 wdmaud - ok
12:17:45.0203 1132 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:17:45.0500 1132 WebClient - ok
12:17:45.0687 1132 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:17:45.0968 1132 winmgmt - ok
12:17:46.0328 1132 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:17:46.0484 1132 wlidsvc - ok
12:17:46.0593 1132 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:17:46.0703 1132 WmdmPmSN - ok
12:17:46.0843 1132 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:17:46.0984 1132 Wmi - ok
12:17:47.0078 1132 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:17:47.0390 1132 WmiApSrv - ok
12:17:47.0515 1132 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
12:17:47.0609 1132 WMPNetworkSvc - ok
12:17:47.0750 1132 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:17:47.0781 1132 WpdUsb - ok
12:17:47.0921 1132 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:17:48.0281 1132 WS2IFSL - ok
12:17:48.0421 1132 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:17:48.0703 1132 wscsvc - ok
12:17:48.0765 1132 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:17:49.0062 1132 wuauserv - ok
12:17:49.0187 1132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:17:49.0218 1132 WudfPf - ok
12:17:49.0328 1132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:17:49.0375 1132 WudfRd - ok
12:17:49.0437 1132 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:17:49.0500 1132 WudfSvc - ok
12:17:49.0625 1132 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:17:49.0921 1132 WZCSVC - ok
12:17:50.0046 1132 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:17:50.0328 1132 xmlprov - ok
12:17:50.0453 1132 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:17:50.0671 1132 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:17:50.0671 1132 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:17:50.0718 1132 Boot (0x1200) (3512296c03ebe65e2d567ebf627925be) \Device\Harddisk0\DR0\Partition0
12:17:50.0718 1132 \Device\Harddisk0\DR0\Partition0 - ok
12:17:50.0812 1132 Boot (0x1200) (018cb81baf85d085ba189dfbe6607988) \Device\Harddisk0\DR0\Partition1
12:17:50.0812 1132 \Device\Harddisk0\DR0\Partition1 - ok
12:17:50.0828 1132 ============================================================
12:17:50.0828 1132 Scan finished
12:17:50.0828 1132 ============================================================
12:17:51.0046 1768 Detected object count: 13
12:17:51.0046 1768 Actual detected object count: 13
12:22:58.0046 1768 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0046 1768 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0046 1768 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0046 1768 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0093 1768 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0093 1768 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0125 1768 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0125 1768 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0156 1768 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0156 1768 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0203 1768 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0203 1768 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0234 1768 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0234 1768 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0234 1768 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0234 1768 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0281 1768 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0281 1768 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0281 1768 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0281 1768 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0281 1768 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0281 1768 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0312 1768 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:58.0312 1768 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:22:58.0312 1768 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:22:58.0312 1768 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
04.04.2012, 16:26
| #12 |
| /// Malware-holic | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt sieht io aus. wie läuft der pc? lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.04.2012, 17:28
| #13 |
| | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hallo Markus, hier die Programmliste des CCleaners mit meinen Kommentaren: Code:
ATTFilter 7-Zip 9.20 04.04.2012 Adobe Acrobat 5.0 Adobe Systems, Inc. 04.04.2012 5.0 notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 04.04.2012 10.2.153.1 notwendig Adobe Photoshop CS Adobe Systems, Inc. CS notwendig Adobe Photoshop CS3 Adobe Systems Incorporated 24.08.2009 10.0 notwendig Adobe Photoshop Lightroom 2.6 Adobe 16.03.2010 106,5MB 2.6.1 notwendig Adobe Reader 7.0.9 - Deutsch Adobe Systems Incorporated 08.01.2009 78,1MB 7.0.9 notwendig Apple Mobile Device Support Apple Inc. 02.02.2009 38,8MB 2.1.2.7 unnötig Apple Software Update Apple Inc. 02.02.2009 2,16MB 2.1.1.116 unnötig Athlon 64 Processor Driver 04.04.2012 1.1.0.14 unbekannt ATI - Dienstprogramm zur Deinstallation der Software 04.04.2012 6.14.10.1014 unbekannt ATI Display Driver 03.04.2012 8.192-051101a1-030043C unbekannt ATI Systemsteuerung 04.04.2012 6.14.10.5171 unbekannt AudibleManager Audible, Inc. 04.04.2012 2147340288.2147348480.1344632.1244472 unbekannt Avira AntiVir Personal - Free Antivirus Avira GmbH 04.04.2012 10.2.0.707 notwendig AVS Update Manager 1.0 Online Media Technologies Ltd. 03.08.2009 notwendig AVS Video Converter 6 Online Media Technologies Ltd. 03.08.2009 notwendig AVS4YOU Software Navigator 1.3 Online Media Technologies Ltd. 03.08.2009 notwendig Bonjour Apple Inc. 02.02.2009 0,49MB 1.0.105 unnötig Capture NX 2 NIKON CORPORATION 04.04.2012 2.0.0 notwendig CCleaner Piriform 04.04.2012 3.17 notwendig Creative Systeminformationen 04.04.2012 notwendig Creatix 2.0 AC'97 Modem unbekannt DivX Player DivXNetworks, Inc. 04.04.2012 2.5.5 notwendig DivX Pro DivXNetworks, Inc. 04.04.2012 5.2.1 notwendig DivX User Guide DivXNetworks, Inc. 04.04.2012 5.2.1 notwendig dm Fotowelt 04.04.2012 notwendig Elf 1.13 Toolbar Elf 1.13 04.04.2012 6.3.0.26 unbekannt ElsterFormular Landesfinanzdirektion Thüringen 04.04.2012 12.4.1.7699k notwendig ElsterFormular 2008/2009 Steuerverwaltung des Bundes und der Länder 22.09.2009 10.3.0.0 notwendig Exif-Viewer 2.50 Ralf Bibinger 02.04.2012 2.50 unbekannt FastStone Image Viewer 4.1 FastStone Soft 04.04.2012 4.1 notwendig Google Toolbar for Firefox Google 14.08.2008 0,96MB 2.1.20060807 unnötig HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 27.11.2010 97,8MB 22.0.334.0 notwendig HP Deskjet 3050 J610 series Hilfe Hewlett Packard 27.11.2010 12,9MB 140.0.63.63 notwendig HP Photo Creations HP Photo Creations Powered by RocketLife 04.04.2012 1.0.0.3341 notwendig HP Update Hewlett-Packard 27.11.2010 2,97MB 5.002.005.003 notwendig InterVideo MediaOne Gallery 04.04.2012 unbekannt InterVideo WinDVD 7 InterVideo Inc. 04.04.2012 7.0-B27.184 unbekannt iTunes Apple Inc. 02.02.2009 103,9MB 8.0.2.20 unnötig J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 23.03.2006 152,3MB 1.5.0.60 unbekannt Jalbum Jalbum AB 09.01.2011 20,0MB 8.13 unbekannt Java(TM) 6 Update 29 Oracle 07.10.2011 91,1MB 6.0.290 unbekannt Kies Ihr Firmenname 25.12.2010 1.4 unbekannt Learn2 Player (Uninstall Only) 04.04.2012 unbekannt LetsTrade Komponenten 04.04.2012 unbekannt Macromedia Shockwave Player Macromedia, Inc. 02.04.2012 10.1.0.11 unbekannt Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 02.04.2012 1.60.1.1000 notwendig Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft Corporation 11.10.2011 unbekannt Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft Corporation 10.06.2010 unbekannt Microsoft .NET Framework 1.1 12.01.2012 unbekannt Microsoft .NET Framework 1.1 German Language Pack Microsoft 27.03.2006 3,00MB 1.1.4322 unbkeannt Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation 23.03.2006 unbekannt Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 17.02.2012 185,2MB 2.2.30729 unbekannt Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 23.06.2010 209MB 3.2.30729 unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.01.2012 unbekannt Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 16.12.2007 1 unbekannt Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 Microsoft Corporation 14.05.2010 unbekannt Microsoft Office Visio Professional 2003 Microsoft Corporation 15.09.2011 356MB 11.0.8173.0 notwendig Microsoft Office XP Professional mit FrontPage Microsoft Corporation 19.12.2008 241MB 10.0.2701.0 notwendig Microsoft Silverlight Microsoft Corporation 17.02.2012 165,7MB 4.1.10111.0 unbekannt Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 16.12.2007 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 5,28MB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 18.04.2011 10,2MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 15.08.2010 9,65MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 08.04.2010 10,2MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 10,2MB 9.0.30729.6161 unbekannt Microsoft Windows-Journal-Viewer Microsoft 30.03.2006 3,47MB 1.5.2315.3 unbekannt Microsoft Works Microsoft Corporation 22.01.2011 294MB 08.05.0822 unnötig Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket Microsoft Corporation 02.04.2012 unbekannt Mozilla Firefox 11.0 (x86 de) Mozilla 04.04.2012 11.0 notwendig MSXML 4.0 SP2 (KB936181) Microsoft Corporation 15.12.2007 2,62MB 4.20.9848.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 2,67MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 2,77MB 4.20.9876.0 unbekannt MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 25.11.2009 1,40MB 6.20.2003.0 unbekannt MySecurityCenter License Service MySecurityCenter 15.12.2007 1,72MB 3.0.0.0 unbekannt NEF Codec Nikon 16.02.2010 1.00.0000 notwendig notwendig Nero Suite 04.04.2012 notwendig NetWorkingWizard_ICM Samsung 25.12.2010 1.02.010 notwendig Nikon Transfer Nikon 01.10.2009 46,7MB 1.5.0 notwendig Office 2003 Trial Assistant Microsoft 06.04.2006 1,29MB 1.0.0 notwendig Paint.NET v3.22 dotPDN LLC 27.03.2008 4,31MB 3.22.1 notwendig notwendig PDFCreator Frank Heindörfer, Philip Chinery 04.01.2010 0.9.8 notwendig PED Professional TÜV SÜD Industrie Service GmbH 20.07.2009 notwendig Photomatix Basic version 1.2.1 HDRsoft Sarl 04.04.2012 1.2 notwendig Picasa 3 Google, Inc. 04.04.2012 3.8 unbekannt PowerISO 04.04.2012 notwendig Qtpfsgui 1.9.2 Qtpfsgui Dev Team 15.05.2010 unbekannt RealPlayer RealNetworks 04.04.2012 notwendig Realtek AC'97 Audio Realtek Semiconductor Corp. 23.03.2006 5.18 unbekannt Reflex4 Reflex 19.04.2009 77,5MB 4.2.5 notwendig RI-CAD HiTec Zang GmbH unnötig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 02.04.2012 1.3.750.0 notwendig Sansa Updater 02.04.2012 notwendig Search-Results Toolbar Search-Results.com 12.10.2011 3,96MB 1.13.1.0 unbekannt Sicherheitsupdate für Windows Media Encoder (KB2447961) Microsoft Corporation 15.12.2010 unbekannt Sicherheitsupdate für Windows Media Encoder (KB954156) Microsoft Corporation 10.09.2008 unbekannt Sicherheitsupdate für Windows Media Encoder (KB979332) Microsoft Corporation 10.06.2010 unbekannt Skype™ 4.0 Skype Technologies S.A. 28.04.2009 30,2MB 4.0.226 notwendig SmartSound Quicktracks Plugin SmartSound Software Inc 05.04.2006 3.0.2.6 unbekannt Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten Hewlett-Packard Co. 27.11.2010 4,80MB 22.0.334.0 unnötig Synaptics Pointing Device Driver Synaptics 04.04.2012 8.2.1.0 notwendig Ulead FilmBrennerei 4.0 Ulead Systems, Inc. 04.04.2012 4.0 notwendig Ulead Photo Express 4.0 SE 02.04.2012 notwendig Ulead VideoStudio 9.0 Ulead System 02.04.2012 9.0 notwendig ULi LAN Driver 04.04.2012 unbekannt u USB Scanner 03.04.2012 unnötig VideoLAN VLC media player 0.8.6d VideoLAN Team 04.04.2012 0.8.6d notwendig videon muvee Technologies 04.04.2012 3.5 notwendig ViewNX Nikon 01.10.2009 30,6MB 1.4.0 notwendig Viewpoint Media Player 04.04.2012 notwendig VSO Image Resizer 3.0.1.72 VSO-Software 19.02.2010 3.0.1.72 notwendig Winbond WLAN 04.04.2012 unbekannt Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 03.01.2011 1.0 unbekannt Windows Internet Explorer 8 Microsoft Corporation 26.09.2009 20090308.140743 notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 27.11.2010 4,69MB 6.500.3165.0 unbekannt Windows Media Encoder 9-Reihe 05.04.2006 notwendig Windows Media Format 11 runtime 04.04.2012 notwendig Windows Media Player 11 04.04.2012 notwendig Windows XP Media Center Edition Screen Saver Screen Saver 04.04.2012 notwendig Windows XP Service Pack 3 Microsoft Corporation 12.01.2010 20080414.031514 notwendig WinRAR 04.04.2012 unnötig WinZip 15.0 WinZip Computing, S.L. 10.06.2011 30,5MB 15.0.9411 notwendig Yontoo Layers 1.10.01 10.06.2011 1.10.01 unbekannt ZENcast Organizer 04.04.2012 notwendig Der Rechner läuft gut. Ein Problem ist noch, dass im Startmenü -> Alle Programme nicht alle Unterordner der Programme aufgeführt sind. Außerdem ist mir gerade aufgefallen, dass es unter Alle Programme einen Ordner SMART HDD gibt mit den Unterordnern SMART HDD und Uninstall SMART HDD. Was soll ich damit machen? Habe die Befürchtung, wenn ich auf Uninstall gehe, aktiviere ich wieder den Virus. |
|
04.04.2012, 19:12
| #14 |
| /// Malware-holic | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt deinstaliere: Adobe Acrobat Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: apple: alle Bonjour Elf Exif Google Toolbar InterVideo : beide iTunes J2SE Jalbum Java Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: Learn2 LetsTrade Macromedia Microsoft Silverlight MySecurityCenter Picasa Search-Results Skype™ : Kostenlose Internetanrufe mit Skype. Telefone online billig anrufen instaliere version 5 deinstaliere: Studie VideoLAN VideoLAN - Official page for VLC media player, the Open Source video framework! version 2 instalieren. SMART ordner löschen. hmm wenn jetzt nicht alle ordner unter alle programme da sind, ists zu spät, das einzige was du dann machen kannst, ist über senden an, die programme ans startmenü zu heften. die temp ordner wo das start menü hin verschoben wurde sind leer. öffne otl bereinigen neustart. öffne CCleaner analysieren, ccleaner starten. pc neustarten testen wie das system läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.04.2012, 12:39
| #15 |
| | S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt Hey Markus, vielen, vielen Dank für deine Hilfe. Das verdient höchsten Respekt! Das System läuft wieder. Lieben Gruß Willie |
|
| Themen zu S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt |
| boot, browser, check, checklist, dateien, desktop, error, failed, fehlermeldung, folge, folgende, geschlossen, internet, komplett, leer, media, nicht mehr, not, ordner, picasa, plug-in, plötzlich, poweriso, probleme, s.m.a.r.t., s.m.a.r.t. hdd, scan, schwarz, smart hdd, system, test, this, write fault error, yontoo |
Linear-Darstellung
