| |
| |||||||
Log-Analyse und Auswertung: Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.04.2012, 15:01
| #16 |
 |  Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" hallo, habe beide Scans durchgeführt wie beschrieben. Hier der LOG vom Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 T**** :: THOMAS-8157C8E2 [Administrator] Schutz: Aktiviert 13.04.2012 13:10:15 mbam-log-2012-04-13 (13-10-15).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280583 Laufzeit: 51 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 17 C:\AdvoWeb\AdvoWare\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt. C:\AdvoWeb\AdvowareBackup10060701\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt. C:\AdvoWeb\AdvowareBackup10060702\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt. C:\AdvoWeb\AdvowareBackup11012201\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\ecssxxpfoeubn.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\kfbthyjlirzpflxi.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\mjhpcwujngclswtnpqh.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\ooswupwcmconmqy.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\coymnonigzwtyac.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\wusctpegqmtylt.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\vswurnumovfwiqo.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\vvmkjuqjrkirnsbsuvzselbwl.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\04122012_175850\C_Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\FOTOS\2008 Casiana Terme\CIMG2017.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\FOTOS\2008 Urlaub Schenna\3. Meran 2000_Stoanerne Mandln\CIMG2285.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\FOTOS\2008 Urlaub Schenna\6. Schnalztal_Martelltal\CIMG2383.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\FOTOS\Silberhochzeit Mac&Olf\CIMG1990.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1794901c3d30ec449e0c9344d7e31fc6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-13 01:41:48
# local_time=2012-04-13 03:41:48 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775145 100 93 686313 70856719 322450 0
# compatibility_mode=8192 67108863 100 0 97 97 0 0
# compatibility_mode=9217 16777214 75 66 33168680 36277000 0 0
# scanned=79426
# found=1
# cleaned=0
# scan_time=4610
C:\_OTL.zip Win32/LockScreen.AKG trojan (unable to clean) 00000000000000000000000000000000 I
|
|
13.04.2012, 15:51
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Hätte da mal zwei Fragen bevor es weiter geht
__________________1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ |
|
13.04.2012, 16:59
| #18 |
| | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" also fehlende Programme sehe ich nicht. Scheint alles zu laufen und da zu sein. Das einzige was nicht da ist sind die Desktop Symbole und Verknüpfungen (also ein normales Hintergrundbild, aber nackt, ohne jegliche Symbole). Könnte das an einem fehlerhaften Registry-Eintrag liegen?
__________________DANKE NOCHMAL SOWEIT!!!! t |
|
15.04.2012, 14:52
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.04.2012, 18:19
| #20 |
| | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" hi, anbei die OTL-Log-Datei. danke und Gruß! Code:
ATTFilter OTL logfile created on: 15.04.2012 18:57:33 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\T****\Eigene Dateien\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 68,87% Memory free 3,35 Gb Paging File | 2,77 Gb Available in Paging File | 82,71% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,41 Gb Total Space | 1,28 Gb Free Space | 5,25% Space Free | Partition Type: NTFS Drive D: | 208,41 Gb Total Space | 185,68 Gb Free Space | 89,09% Space Free | Partition Type: NTFS Computer Name: THOMAS-8157C8E2 | User Name: T**** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.15 18:53:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Eigene Dateien\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.08.15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2011.02.18 18:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) -- C:\AdvoWeb\AdvoWare\Server\dbntsrv.exe PRC - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe PRC - [2006.02.10 13:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe ========== Modules (No Company Name) ========== MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.06.28 13:19:50 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\VipreBridge.dll MOD - [2011.06.28 13:19:49 | 000,589,184 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2011.06.16 17:32:06 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll MOD - [2011.06.07 11:44:50 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.07.19 18:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe MOD - [2005.11.13 15:22:38 | 000,217,088 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\NWTools.dll MOD - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe MOD - [2005.07.20 05:53:04 | 000,966,765 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) [Auto | Running] -- C:\AdvoWeb\Advoware\Server\dbntsrv.exe -- (Gupta SQLBase Advoware) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctoss2k.sys -- (ossrv) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\emupia2k.sys -- (emupia) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctac32k.sys -- (ctac32k) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.02 17:21:53 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.02 17:21:53 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.02.04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010.05.13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2006.03.27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2006.02.10 13:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006.02.09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.07.13 18:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ksta.de/ IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13" FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.03.11 17:19:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.18 13:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.05 15:50:34 | 000,000,000 | ---D | M] [2011.01.21 19:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Extensions [2012.04.13 14:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions [2011.01.25 20:22:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.26 17:52:42 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.03.23 21:42:12 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml [2012.04.13 13:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.09 18:11:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2012.03.11 17:19:29 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAMME\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011.10.09 18:11:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.09 18:11:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.04.12 23:58:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [lmfvMDBr3jNvGGM] C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003..\Run: [lmfvMDBr3jNvGGM] C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4B9594-62F6-49F5-A458-3BE94868D7C4}: DhcpNameServer = 10.0.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003 Winlogon: Shell - (C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe) - File not found O20 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003 Winlogon: UserInit - (C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe) - File not found O20 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.20 14:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: {fgp1l2e2-UHzu-fOkg-z7KY-SpaF5G4Z1Yo3} - ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.15 18:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7 [2012.04.13 14:23:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.13 13:08:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes [2012.04.13 13:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.04.13 13:07:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.04.13 13:07:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.13 13:07:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.04.12 23:58:50 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.12 07:48:35 | 000,000,000 | -HSD | C] -- C:\found.001 [2012.04.10 18:48:35 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.04.07 17:00:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Desktop\Fotos Handy [2011.04.24 12:07:35 | 027,041,136 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Programme\R119714.EXE [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.15 18:44:18 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk [2012.04.15 18:37:00 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.15 18:36:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.15 18:36:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.14 17:19:00 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.14 15:22:09 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.04.13 16:11:17 | 000,459,194 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.13 16:11:17 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.13 16:11:17 | 000,084,708 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.13 16:11:17 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.13 16:06:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.04.13 13:08:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.04.13 13:08:05 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.04.13 13:07:56 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.12 18:27:23 | 000,310,120 | ---- | M] () -- C:\_OTL.zip [2012.04.12 18:03:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.01 18:43:14 | 000,000,109 | ---- | M] () -- C:\WINDOWS\cdlli52.INI [2012.03.25 17:12:45 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Desktop\Microsoft Office Word 2007.lnk [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.15 18:44:18 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk [2012.04.13 13:07:56 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.12 18:27:23 | 000,310,120 | ---- | C] () -- C:\_OTL.zip [2012.02.17 16:52:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.04.26 12:06:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.04.26 12:06:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.04.24 12:35:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011.04.24 12:35:24 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.02.25 13:43:08 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.22 16:07:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2011.01.21 22:24:33 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cdlli52.INI [2011.01.21 20:48:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2011.01.21 19:55:44 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.01.21 19:45:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011.01.21 19:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.01.21 18:51:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2011.01.21 18:36:48 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.01.21 18:36:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT [2011.01.21 18:21:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.01.20 14:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.01.20 14:32:49 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.01.20 14:26:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.01.20 14:19:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.01.20 14:13:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.01.20 14:12:27 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.01.21 21:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.10.16 12:31:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cached Installations [2011.09.18 13:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2011.01.21 19:42:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service [2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH [2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint [2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH [2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon [2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer [2012.04.12 18:03:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.23 09:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Adobe [2011.03.04 13:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Avira [2011.03.11 14:05:10 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Brother [2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service [2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH [2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint [2011.01.21 21:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Creative [2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH [2011.02.14 19:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Google [2011.01.25 20:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Help [2011.01.20 14:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Identities [2011.01.21 19:28:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Macromedia [2012.04.13 13:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes [2012.04.06 19:09:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Microsoft [2011.01.21 19:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla [2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon [2011.10.09 18:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Sun [2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer [2012.02.05 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys [2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll < MD5 for: NVATABUS.SYS > [2006.03.17 02:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2011.07.18 20:44:23 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.01.20 15:11:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.01.20 15:11:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.01.20 15:11:30 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > |
|
15.04.2012, 19:02
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung"Zitat:
ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten! Mach danach wie o.g. ein neues OTL-Log
__________________ --> Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" |
|
16.04.2012, 21:13
| #22 |
| | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Hallo Arne, ZoneAlarm ist entfernt, hier ist der neue OTL-Log: Code:
ATTFilter OTL logfile created on: 16.04.2012 21:50:13 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\T****\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,17% Memory free 3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,26% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,41 Gb Total Space | 0,55 Gb Free Space | 2,26% Space Free | Partition Type: NTFS Drive D: | 208,41 Gb Total Space | 185,68 Gb Free Space | 89,09% Space Free | Partition Type: NTFS Computer Name: THOMAS-8157C8E2 | User Name: T**** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.15 18:53:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.08.15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) -- C:\AdvoWeb\AdvoWare\Server\dbntsrv.exe PRC - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe PRC - [2006.02.10 13:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe ========== Modules (No Company Name) ========== MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.06.28 13:19:50 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\VipreBridge.dll MOD - [2011.06.28 13:19:49 | 000,589,184 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2011.06.16 17:32:06 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll MOD - [2011.06.07 11:44:50 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.07.19 18:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe MOD - [2005.11.13 15:22:38 | 000,217,088 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\NWTools.dll MOD - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe MOD - [2005.07.20 05:53:04 | 000,966,765 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) [Auto | Running] -- C:\AdvoWeb\Advoware\Server\dbntsrv.exe -- (Gupta SQLBase Advoware) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctoss2k.sys -- (ossrv) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\emupia2k.sys -- (emupia) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctac32k.sys -- (ctac32k) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.02 17:21:53 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.02 17:21:53 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.02.04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2006.03.27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2006.02.10 13:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006.02.09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.07.13 18:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ksta.de/ IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.18 13:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.05 15:50:34 | 000,000,000 | ---D | M] [2011.01.21 19:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Extensions [2012.04.16 21:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions [2011.01.25 20:22:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.23 21:42:12 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml [2012.04.13 13:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.09 18:11:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.10.09 18:11:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.09 18:11:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.04.12 23:58:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4B9594-62F6-49F5-A458-3BE94868D7C4}: DhcpNameServer = 10.0.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.20 14:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.16 21:29:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2012.04.16 20:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2012.04.16 20:19:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.04.15 18:52:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Desktop\OTL.exe [2012.04.15 18:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7 [2012.04.13 14:23:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.13 13:08:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes [2012.04.13 13:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.04.13 13:07:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.04.13 13:07:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.13 13:07:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.04.12 23:58:50 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.12 07:48:35 | 000,000,000 | -HSD | C] -- C:\found.001 [2012.04.10 18:48:35 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.04.07 17:00:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Desktop\Fotos Handy [2011.04.24 12:07:35 | 027,041,136 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Programme\R119714.EXE [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.16 21:35:10 | 000,000,109 | ---- | M] () -- C:\WINDOWS\cdlli52.INI [2012.04.16 21:30:07 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.04.16 21:29:36 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.16 21:29:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.16 21:19:00 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.16 18:05:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.04.16 18:05:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.04.15 18:53:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Desktop\OTL.exe [2012.04.15 18:44:18 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk [2012.04.15 18:36:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.14 15:22:09 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.04.13 16:11:17 | 000,459,194 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.13 16:11:17 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.13 16:11:17 | 000,084,708 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.13 16:11:17 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.13 16:06:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.04.13 13:07:56 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.12 18:27:23 | 000,310,120 | ---- | M] () -- C:\_OTL.zip [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.03.25 17:12:45 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Desktop\Microsoft Office Word 2007.lnk [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.15 18:44:18 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk [2012.04.13 13:07:56 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.12 18:27:23 | 000,310,120 | ---- | C] () -- C:\_OTL.zip [2012.02.17 16:52:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.04.26 12:06:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.04.26 12:06:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.04.24 12:35:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011.04.24 12:35:24 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.02.25 13:43:08 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.22 16:07:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2011.01.21 22:24:33 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cdlli52.INI [2011.01.21 20:48:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2011.01.21 19:55:44 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.01.21 19:45:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011.01.21 19:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.01.21 18:51:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2011.01.21 18:36:48 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.01.21 18:36:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT [2011.01.21 18:21:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.01.20 14:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.01.20 14:32:49 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.01.20 14:26:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.01.20 14:19:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.01.20 14:13:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.01.20 14:12:27 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.01.21 21:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.10.16 12:31:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cached Installations [2011.09.18 13:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2011.01.21 19:42:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service [2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH [2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint [2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH [2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon [2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer [2012.04.16 21:30:07 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.23 09:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Adobe [2011.03.04 13:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Avira [2011.03.11 14:05:10 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Brother [2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service [2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH [2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint [2011.01.21 21:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Creative [2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH [2011.02.14 19:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Google [2011.01.25 20:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Help [2011.01.20 14:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Identities [2011.01.21 19:28:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Macromedia [2012.04.13 13:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes [2012.04.06 19:09:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Microsoft [2011.01.21 19:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla [2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon [2011.10.09 18:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Sun [2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer [2012.02.05 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys [2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll < MD5 for: NVATABUS.SYS > [2006.03.17 02:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2011.07.18 20:44:23 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.01.20 15:11:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.01.20 15:11:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.01.20 15:11:30 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > |
|
17.04.2012, 11:28
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2613550&SearchSource=13"
FF - user.js - File not found
[2011.03.23 21:42:12 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml
O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.20 14:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.04.16 20:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012.04.12 07:48:35 | 000,000,000 | -HSD | C] -- C:\found.001
[2012.04.10 18:48:35 | 000,000,000 | -HSD | C] -- C:\found.000
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2012, 18:08
| #24 |
| | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Hallo, habe den OTL-Fix ausgeführt. Hier der Bericht: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13" removed from browser.startup.homepage
C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\WINDOWS\Internet Logs folder moved successfully.
C:\found.001 folder moved successfully.
C:\found.000 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 2210553 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 2128216 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: T****
->Temp folder emptied: 1051199148 bytes
->Temporary Internet Files folder emptied: 217483700 bytes
->Java cache emptied: 759971 bytes
->FireFox cache emptied: 75398410 bytes
->Google Chrome cache emptied: 203642161 bytes
->Flash cache emptied: 22952 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1258715 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17621966 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.499,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: T****
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04182012_185702
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
18.04.2012, 21:05
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Nein das brauch ich nicht Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2012, 16:54
| #26 |
| | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Hallo, habe den Scan durchgeführt. Hier das LOG-File: Gruß! Code:
ATTFilter 17:44:37.0937 2904 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
17:44:38.0203 2904 ============================================================
17:44:38.0203 2904 Current date / time: 2012/04/19 17:44:38.0203
17:44:38.0203 2904 SystemInfo:
17:44:38.0203 2904
17:44:38.0203 2904 OS Version: 5.1.2600 ServicePack: 3.0
17:44:38.0203 2904 Product type: Workstation
17:44:38.0203 2904 ComputerName: THOMAS-8157C8E2
17:44:38.0203 2904 UserName: T****
17:44:38.0203 2904 Windows directory: C:\WINDOWS
17:44:38.0203 2904 System windows directory: C:\WINDOWS
17:44:38.0203 2904 Processor architecture: Intel x86
17:44:38.0203 2904 Number of processors: 2
17:44:38.0203 2904 Page size: 0x1000
17:44:38.0203 2904 Boot type: Normal boot
17:44:38.0203 2904 ============================================================
17:44:38.0875 2904 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:44:38.0906 2904 \Device\Harddisk0\DR0:
17:44:38.0906 2904 MBR partitions:
17:44:38.0906 2904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
17:44:38.0921 2904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x1A0D1287
17:44:38.0953 2904 C: <-> \Device\Harddisk0\DR0\Partition0
17:44:39.0000 2904 D: <-> \Device\Harddisk0\DR0\Partition1
17:44:39.0000 2904 Initialize success
17:44:39.0000 2904 ============================================================
17:46:46.0437 3984 ============================================================
17:46:46.0437 3984 Scan started
17:46:46.0437 3984 Mode: Manual; SigCheck; TDLFS;
17:46:46.0437 3984 ============================================================
17:46:46.0609 3984 Abiosdsk - ok
17:46:46.0609 3984 abp480n5 - ok
17:46:46.0671 3984 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:46:46.0953 3984 ACPI - ok
17:46:46.0984 3984 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:46:47.0093 3984 ACPIEC - ok
17:46:47.0109 3984 adpu160m - ok
17:46:47.0125 3984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:46:47.0265 3984 aec - ok
17:46:47.0296 3984 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:46:47.0312 3984 AegisP ( UnsignedFile.Multi.Generic ) - warning
17:46:47.0312 3984 AegisP - detected UnsignedFile.Multi.Generic (1)
17:46:47.0343 3984 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:46:47.0390 3984 AFD - ok
17:46:47.0406 3984 Aha154x - ok
17:46:47.0406 3984 aic78u2 - ok
17:46:47.0421 3984 aic78xx - ok
17:46:47.0453 3984 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
17:46:47.0578 3984 Alerter - ok
17:46:47.0593 3984 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
17:46:47.0718 3984 ALG - ok
17:46:47.0781 3984 AliIde - ok
17:46:47.0796 3984 amsint - ok
17:46:47.0843 3984 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:46:47.0859 3984 AntiVirSchedulerService - ok
17:46:47.0875 3984 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:46:47.0890 3984 AntiVirService - ok
17:46:47.0921 3984 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
17:46:48.0046 3984 AppMgmt - ok
17:46:48.0062 3984 asc - ok
17:46:48.0062 3984 asc3350p - ok
17:46:48.0078 3984 asc3550 - ok
17:46:48.0156 3984 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:46:48.0156 3984 aspnet_state - ok
17:46:48.0203 3984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:46:48.0328 3984 AsyncMac - ok
17:46:48.0343 3984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:46:48.0468 3984 atapi - ok
17:46:48.0484 3984 Atdisk - ok
17:46:48.0515 3984 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe
17:46:48.0562 3984 Ati HotKey Poller - ok
17:46:48.0656 3984 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe
17:46:48.0687 3984 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
17:46:48.0687 3984 ATI Smart - detected UnsignedFile.Multi.Generic (1)
17:46:48.0765 3984 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:46:48.0828 3984 ati2mtag - ok
17:46:48.0859 3984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:46:48.0984 3984 Atmarpc - ok
17:46:49.0031 3984 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
17:46:49.0156 3984 AudioSrv - ok
17:46:49.0187 3984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:46:49.0296 3984 audstub - ok
17:46:49.0343 3984 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
17:46:49.0359 3984 avgio - ok
17:46:49.0375 3984 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:46:49.0406 3984 avgntflt - ok
17:46:49.0421 3984 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:46:49.0437 3984 avipbb - ok
17:46:49.0453 3984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:46:49.0578 3984 Beep - ok
17:46:49.0640 3984 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
17:46:49.0765 3984 BITS - ok
17:46:49.0828 3984 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
17:46:49.0953 3984 Browser - ok
17:46:50.0015 3984 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
17:46:50.0046 3984 BrScnUsb - ok
17:46:50.0062 3984 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
17:46:50.0093 3984 BrSerIf - ok
17:46:50.0109 3984 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
17:46:50.0140 3984 BrUsbSer - ok
17:46:50.0156 3984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:46:50.0281 3984 cbidf2k - ok
17:46:50.0296 3984 cd20xrnt - ok
17:46:50.0312 3984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:46:50.0421 3984 Cdaudio - ok
17:46:50.0453 3984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:46:50.0578 3984 Cdfs - ok
17:46:50.0609 3984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:46:50.0718 3984 Cdrom - ok
17:46:50.0750 3984 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:46:50.0750 3984 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
17:46:50.0765 3984 cercsr6 - detected UnsignedFile.Multi.Generic (1)
17:46:50.0765 3984 Changer - ok
17:46:50.0796 3984 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
17:46:50.0921 3984 CiSvc - ok
17:46:50.0953 3984 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
17:46:51.0078 3984 ClipSrv - ok
17:46:51.0140 3984 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:46:51.0156 3984 clr_optimization_v2.0.50727_32 - ok
17:46:51.0187 3984 CmdIde - ok
17:46:51.0203 3984 COMSysApp - ok
17:46:51.0234 3984 Cpqarray - ok
17:46:51.0281 3984 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
17:46:51.0406 3984 CryptSvc - ok
17:46:51.0421 3984 ctac32k - ok
17:46:51.0468 3984 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:46:51.0484 3984 ctdvda2k ( UnsignedFile.Multi.Generic ) - warning
17:46:51.0484 3984 ctdvda2k - detected UnsignedFile.Multi.Generic (1)
17:46:51.0500 3984 ctprxy2k - ok
17:46:51.0515 3984 ctsfm2k - ok
17:46:51.0515 3984 dac2w2k - ok
17:46:51.0531 3984 dac960nt - ok
17:46:51.0578 3984 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:46:51.0625 3984 DcomLaunch - ok
17:46:51.0656 3984 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
17:46:51.0781 3984 Dhcp - ok
17:46:51.0812 3984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:46:51.0953 3984 Disk - ok
17:46:51.0968 3984 dmadmin - ok
17:46:52.0015 3984 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:46:52.0156 3984 dmboot - ok
17:46:52.0203 3984 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:46:52.0312 3984 dmio - ok
17:46:52.0343 3984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:46:52.0453 3984 dmload - ok
17:46:52.0484 3984 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
17:46:52.0609 3984 dmserver - ok
17:46:52.0625 3984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:46:52.0750 3984 DMusic - ok
17:46:52.0781 3984 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
17:46:52.0843 3984 Dnscache - ok
17:46:52.0875 3984 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
17:46:53.0000 3984 Dot3svc - ok
17:46:53.0031 3984 dpti2o - ok
17:46:53.0078 3984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:46:53.0203 3984 drmkaud - ok
17:46:53.0218 3984 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:46:53.0265 3984 e1express - ok
17:46:53.0312 3984 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
17:46:53.0437 3984 EapHost - ok
17:46:53.0468 3984 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
17:46:53.0515 3984 ehRecvr - ok
17:46:53.0546 3984 ehSched (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
17:46:53.0562 3984 ehSched - ok
17:46:53.0593 3984 emupia - ok
17:46:53.0640 3984 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
17:46:53.0765 3984 ERSvc - ok
17:46:53.0796 3984 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:46:53.0843 3984 Eventlog - ok
17:46:53.0875 3984 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
17:46:53.0906 3984 EventSystem - ok
17:46:53.0953 3984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:46:54.0078 3984 Fastfat - ok
17:46:54.0140 3984 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:46:54.0171 3984 FastUserSwitchingCompatibility - ok
17:46:54.0187 3984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:46:54.0312 3984 Fdc - ok
17:46:54.0343 3984 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:46:54.0468 3984 Fips - ok
17:46:54.0468 3984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:46:54.0593 3984 Flpydisk - ok
17:46:54.0625 3984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:46:54.0765 3984 FltMgr - ok
17:46:54.0828 3984 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:46:54.0843 3984 FontCache3.0.0.0 - ok
17:46:54.0875 3984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:46:55.0000 3984 Fs_Rec - ok
17:46:55.0015 3984 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:46:55.0156 3984 Ftdisk - ok
17:46:55.0187 3984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:46:55.0312 3984 Gpc - ok
17:46:55.0359 3984 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
17:46:55.0359 3984 gupdate - ok
17:46:55.0375 3984 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
17:46:55.0390 3984 gupdatem - ok
17:46:55.0421 3984 Gupta SQLBase Advoware - ok
17:46:55.0468 3984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:46:55.0593 3984 HDAudBus - ok
17:46:55.0640 3984 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:46:55.0750 3984 helpsvc - ok
17:46:55.0812 3984 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
17:46:55.0921 3984 HidServ - ok
17:46:55.0937 3984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:46:56.0062 3984 hidusb - ok
17:46:56.0093 3984 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
17:46:56.0218 3984 hkmsvc - ok
17:46:56.0234 3984 hpn - ok
17:46:56.0265 3984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:46:56.0296 3984 HTTP - ok
17:46:56.0328 3984 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
17:46:56.0453 3984 HTTPFilter - ok
17:46:56.0468 3984 i2omgmt - ok
17:46:56.0484 3984 i2omp - ok
17:46:56.0515 3984 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:46:56.0546 3984 iastor - ok
17:46:56.0640 3984 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:46:56.0640 3984 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:46:56.0640 3984 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:46:56.0765 3984 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:46:56.0812 3984 idsvc - ok
17:46:56.0906 3984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:46:57.0015 3984 Imapi - ok
17:46:57.0046 3984 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
17:46:57.0171 3984 ImapiService - ok
17:46:57.0187 3984 ini910u - ok
17:46:57.0203 3984 IntelIde - ok
17:46:57.0250 3984 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:46:57.0359 3984 intelppm - ok
17:46:57.0390 3984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:46:57.0500 3984 Ip6Fw - ok
17:46:57.0531 3984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:46:57.0640 3984 IpFilterDriver - ok
17:46:57.0656 3984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:46:57.0781 3984 IpInIp - ok
17:46:57.0828 3984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:46:57.0937 3984 IpNat - ok
17:46:57.0968 3984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:46:58.0093 3984 IPSec - ok
17:46:58.0109 3984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:46:58.0234 3984 IRENUM - ok
17:46:58.0250 3984 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:46:58.0359 3984 isapnp - ok
17:46:58.0468 3984 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Programme\Java\jre6\bin\jqs.exe
17:46:58.0484 3984 JavaQuickStarterService - ok
17:46:58.0546 3984 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:46:58.0656 3984 Kbdclass - ok
17:46:58.0703 3984 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:46:58.0843 3984 kbdhid - ok
17:46:58.0859 3984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:46:58.0984 3984 kmixer - ok
17:46:59.0015 3984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:46:59.0062 3984 KSecDD - ok
17:46:59.0093 3984 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
17:46:59.0140 3984 lanmanserver - ok
17:46:59.0156 3984 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
17:46:59.0187 3984 lanmanworkstation - ok
17:46:59.0281 3984 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
17:46:59.0359 3984 Lavasoft Ad-Aware Service - ok
17:46:59.0390 3984 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
17:46:59.0390 3984 Lavasoft Kernexplorer - ok
17:46:59.0453 3984 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:46:59.0468 3984 Lbd - ok
17:46:59.0515 3984 lbrtfdc - ok
17:46:59.0546 3984 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
17:46:59.0671 3984 LmHosts - ok
17:46:59.0734 3984 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
17:46:59.0750 3984 MBAMProtector - ok
17:46:59.0812 3984 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:46:59.0843 3984 MBAMService - ok
17:46:59.0906 3984 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
17:46:59.0937 3984 McrdSvc - ok
17:46:59.0953 3984 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
17:47:00.0078 3984 Messenger - ok
17:47:00.0109 3984 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
17:47:00.0125 3984 MHN ( UnsignedFile.Multi.Generic ) - warning
17:47:00.0125 3984 MHN - detected UnsignedFile.Multi.Generic (1)
17:47:00.0125 3984 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:47:00.0140 3984 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
17:47:00.0140 3984 MHNDRV - detected UnsignedFile.Multi.Generic (1)
17:47:00.0171 3984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:47:00.0296 3984 mnmdd - ok
17:47:00.0312 3984 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
17:47:00.0453 3984 mnmsrvc - ok
17:47:00.0500 3984 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:47:00.0609 3984 Modem - ok
17:47:00.0671 3984 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:47:00.0796 3984 Mouclass - ok
17:47:00.0828 3984 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:47:00.0953 3984 mouhid - ok
17:47:00.0968 3984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:47:01.0078 3984 MountMgr - ok
17:47:01.0093 3984 mraid35x - ok
17:47:01.0125 3984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:47:01.0265 3984 MRxDAV - ok
17:47:01.0296 3984 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:47:01.0343 3984 MRxSmb - ok
17:47:01.0375 3984 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
17:47:01.0500 3984 MSDTC - ok
17:47:01.0515 3984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:47:01.0640 3984 Msfs - ok
17:47:01.0656 3984 MSIServer - ok
17:47:01.0687 3984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:47:01.0812 3984 MSKSSRV - ok
17:47:01.0828 3984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:47:01.0953 3984 MSPCLOCK - ok
17:47:01.0968 3984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:47:02.0093 3984 MSPQM - ok
17:47:02.0125 3984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:47:02.0250 3984 mssmbios - ok
17:47:02.0281 3984 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:47:02.0312 3984 Mup - ok
17:47:02.0359 3984 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
17:47:02.0500 3984 napagent - ok
17:47:02.0546 3984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:47:02.0656 3984 NDIS - ok
17:47:02.0703 3984 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:47:02.0750 3984 NdisTapi - ok
17:47:02.0765 3984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:47:02.0890 3984 Ndisuio - ok
17:47:02.0906 3984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:47:03.0015 3984 NdisWan - ok
17:47:03.0062 3984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:47:03.0109 3984 NDProxy - ok
17:47:03.0140 3984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:47:03.0265 3984 NetBIOS - ok
17:47:03.0296 3984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:47:03.0406 3984 NetBT - ok
17:47:03.0437 3984 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:47:03.0578 3984 NetDDE - ok
17:47:03.0578 3984 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:47:03.0703 3984 NetDDEdsdm - ok
17:47:03.0750 3984 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:47:03.0859 3984 Netlogon - ok
17:47:03.0921 3984 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
17:47:04.0046 3984 Netman - ok
17:47:04.0078 3984 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:47:04.0093 3984 NetTcpPortSharing - ok
17:47:04.0125 3984 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
17:47:04.0171 3984 Nla - ok
17:47:04.0218 3984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:47:04.0328 3984 Npfs - ok
17:47:04.0359 3984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:47:04.0500 3984 Ntfs - ok
17:47:04.0515 3984 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:47:04.0640 3984 NtLmSsp - ok
17:47:04.0687 3984 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
17:47:04.0828 3984 NtmsSvc - ok
17:47:04.0875 3984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:47:04.0984 3984 Null - ok
17:47:05.0031 3984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:47:05.0156 3984 NwlnkFlt - ok
17:47:05.0171 3984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:47:05.0281 3984 NwlnkFwd - ok
17:47:05.0375 3984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:47:05.0421 3984 odserv - ok
17:47:05.0453 3984 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:47:05.0468 3984 ose - ok
17:47:05.0500 3984 ossrv - ok
17:47:05.0531 3984 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:47:05.0656 3984 Parport - ok
17:47:05.0687 3984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:47:05.0812 3984 PartMgr - ok
17:47:05.0828 3984 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:47:05.0953 3984 ParVdm - ok
17:47:05.0984 3984 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:47:06.0109 3984 PCI - ok
17:47:06.0109 3984 PCIDump - ok
17:47:06.0140 3984 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:47:06.0265 3984 PCIIde - ok
17:47:06.0296 3984 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:47:06.0421 3984 Pcmcia - ok
17:47:06.0421 3984 PDCOMP - ok
17:47:06.0437 3984 PDFRAME - ok
17:47:06.0453 3984 PDRELI - ok
17:47:06.0453 3984 PDRFRAME - ok
17:47:06.0468 3984 perc2 - ok
17:47:06.0468 3984 perc2hib - ok
17:47:06.0515 3984 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:47:06.0562 3984 PlugPlay - ok
17:47:06.0593 3984 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:47:06.0703 3984 PolicyAgent - ok
17:47:06.0750 3984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:47:06.0875 3984 PptpMiniport - ok
17:47:06.0875 3984 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:47:07.0000 3984 ProtectedStorage - ok
17:47:07.0000 3984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:47:07.0125 3984 PSched - ok
17:47:07.0140 3984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:47:07.0265 3984 Ptilink - ok
17:47:07.0296 3984 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:47:07.0328 3984 PxHelp20 - ok
17:47:07.0343 3984 ql1080 - ok
17:47:07.0343 3984 Ql10wnt - ok
17:47:07.0359 3984 ql12160 - ok
17:47:07.0359 3984 ql1240 - ok
17:47:07.0375 3984 ql1280 - ok
17:47:07.0390 3984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:47:07.0515 3984 RasAcd - ok
17:47:07.0546 3984 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
17:47:07.0671 3984 RasAuto - ok
17:47:07.0718 3984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:47:07.0843 3984 Rasl2tp - ok
17:47:07.0875 3984 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
17:47:08.0000 3984 RasMan - ok
17:47:08.0015 3984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:47:08.0125 3984 RasPppoe - ok
17:47:08.0140 3984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:47:08.0265 3984 Raspti - ok
17:47:08.0296 3984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:47:08.0421 3984 Rdbss - ok
17:47:08.0437 3984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:47:08.0546 3984 RDPCDD - ok
17:47:08.0562 3984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:47:08.0703 3984 rdpdr - ok
17:47:08.0750 3984 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:47:08.0781 3984 RDPWD - ok
17:47:08.0828 3984 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
17:47:08.0953 3984 RDSessMgr - ok
17:47:08.0984 3984 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:47:09.0093 3984 redbook - ok
17:47:09.0140 3984 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
17:47:09.0265 3984 RemoteAccess - ok
17:47:09.0312 3984 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
17:47:09.0421 3984 RemoteRegistry - ok
17:47:09.0453 3984 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
17:47:09.0578 3984 RpcLocator - ok
17:47:09.0625 3984 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:47:09.0671 3984 RpcSs - ok
17:47:09.0718 3984 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
17:47:09.0859 3984 RSVP - ok
17:47:09.0890 3984 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
17:47:09.0921 3984 RTLWUSB - ok
17:47:09.0953 3984 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:47:10.0062 3984 SamSs - ok
17:47:10.0078 3984 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
17:47:10.0203 3984 SCardSvr - ok
17:47:10.0265 3984 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
17:47:10.0375 3984 Schedule - ok
17:47:10.0437 3984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:47:10.0546 3984 Secdrv - ok
17:47:10.0593 3984 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
17:47:10.0718 3984 seclogon - ok
17:47:10.0765 3984 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
17:47:10.0890 3984 SENS - ok
17:47:10.0937 3984 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:47:11.0046 3984 Serial - ok
17:47:11.0078 3984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:47:11.0187 3984 Sfloppy - ok
17:47:11.0234 3984 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
17:47:11.0359 3984 SharedAccess - ok
17:47:11.0390 3984 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:47:11.0421 3984 ShellHWDetection - ok
17:47:11.0437 3984 Simbad - ok
17:47:11.0453 3984 Sparrow - ok
17:47:11.0484 3984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:47:11.0609 3984 splitter - ok
17:47:11.0656 3984 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:47:11.0703 3984 Spooler - ok
17:47:11.0734 3984 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:47:11.0843 3984 sr - ok
17:47:11.0890 3984 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
17:47:12.0015 3984 srservice - ok
17:47:12.0046 3984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:47:12.0078 3984 Srv - ok
17:47:12.0109 3984 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
17:47:12.0234 3984 SSDPSRV - ok
17:47:12.0265 3984 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:47:12.0281 3984 ssmdrv - ok
17:47:12.0312 3984 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
17:47:12.0390 3984 STHDA - ok
17:47:12.0484 3984 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
17:47:12.0593 3984 stisvc - ok
17:47:12.0640 3984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:47:12.0765 3984 swenum - ok
17:47:12.0781 3984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:47:12.0906 3984 swmidi - ok
17:47:12.0906 3984 SwPrv - ok
17:47:12.0921 3984 symc810 - ok
17:47:12.0937 3984 symc8xx - ok
17:47:12.0937 3984 sym_hi - ok
17:47:12.0953 3984 sym_u3 - ok
17:47:12.0968 3984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:47:13.0078 3984 sysaudio - ok
17:47:13.0109 3984 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
17:47:13.0250 3984 SysmonLog - ok
17:47:13.0281 3984 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
17:47:13.0406 3984 TapiSrv - ok
17:47:13.0437 3984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:47:13.0484 3984 Tcpip - ok
17:47:13.0500 3984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:47:13.0609 3984 TDPIPE - ok
17:47:13.0671 3984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:47:13.0781 3984 TDTCP - ok
17:47:13.0812 3984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:47:13.0921 3984 TermDD - ok
17:47:13.0968 3984 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
17:47:14.0093 3984 TermService - ok
17:47:14.0140 3984 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:47:14.0156 3984 Themes - ok
17:47:14.0171 3984 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
17:47:14.0296 3984 TlntSvr - ok
17:47:14.0328 3984 TosIde - ok
17:47:14.0359 3984 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
17:47:14.0484 3984 TrkWks - ok
17:47:14.0515 3984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:47:14.0625 3984 Udfs - ok
17:47:14.0640 3984 ultra - ok
17:47:14.0671 3984 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
17:47:14.0796 3984 UMWdf - ok
17:47:14.0890 3984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:47:15.0031 3984 Update - ok
17:47:15.0078 3984 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
17:47:15.0218 3984 upnphost - ok
17:47:15.0250 3984 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
17:47:15.0359 3984 UPS - ok
17:47:15.0390 3984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:47:15.0515 3984 usbccgp - ok
17:47:15.0562 3984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:47:15.0687 3984 usbehci - ok
17:47:15.0703 3984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:47:15.0812 3984 usbhub - ok
17:47:15.0828 3984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:47:15.0953 3984 usbprint - ok
17:47:15.0968 3984 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:47:16.0078 3984 usbstor - ok
17:47:16.0109 3984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:47:16.0234 3984 usbuhci - ok
17:47:16.0296 3984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:47:16.0406 3984 VgaSave - ok
17:47:16.0421 3984 ViaIde - ok
17:47:16.0437 3984 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:47:16.0562 3984 VolSnap - ok
17:47:16.0609 3984 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
17:47:16.0765 3984 VSS - ok
17:47:16.0781 3984 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
17:47:16.0906 3984 W32Time - ok
17:47:16.0953 3984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:47:17.0062 3984 Wanarp - ok
17:47:17.0078 3984 WDICA - ok
17:47:17.0093 3984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:47:17.0218 3984 wdmaud - ok
17:47:17.0250 3984 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
17:47:17.0375 3984 WebClient - ok
17:47:17.0406 3984 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:47:17.0515 3984 winmgmt - ok
17:47:17.0593 3984 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
17:47:17.0609 3984 WmdmPmSN - ok
17:47:17.0671 3984 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
17:47:17.0734 3984 Wmi - ok
17:47:17.0765 3984 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:47:17.0875 3984 WmiApSrv - ok
17:47:17.0906 3984 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:47:17.0937 3984 WpdUsb - ok
17:47:17.0968 3984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:47:18.0078 3984 WS2IFSL - ok
17:47:18.0125 3984 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
17:47:18.0250 3984 wscsvc - ok
17:47:18.0281 3984 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
17:47:18.0406 3984 wuauserv - ok
17:47:18.0453 3984 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
17:47:18.0593 3984 WZCSVC - ok
17:47:18.0671 3984 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
17:47:18.0796 3984 xmlprov - ok
17:47:18.0828 3984 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:47:19.0015 3984 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:47:19.0015 3984 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:47:19.0015 3984 Boot (0x1200) (2aaf8028c97de81c932314d032565c66) \Device\Harddisk0\DR0\Partition0
17:47:19.0015 3984 \Device\Harddisk0\DR0\Partition0 - ok
17:47:19.0046 3984 Boot (0x1200) (f32f02e405acd54e59b1ca0c79cbeaeb) \Device\Harddisk0\DR0\Partition1
17:47:19.0046 3984 \Device\Harddisk0\DR0\Partition1 - ok
17:47:19.0046 3984 ============================================================
17:47:19.0046 3984 Scan finished
17:47:19.0046 3984 ============================================================
17:47:19.0156 3416 Detected object count: 8
17:47:19.0156 3416 Actual detected object count: 8
17:48:47.0578 3416 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:47.0578 3416 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:47.0578 3416 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:47.0578 3416 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:47.0593 3416 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:47.0593 3416 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:47.0593 3416 ctdvda2k ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:47.0593 3416 ctdvda2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:47.0593 3416 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:47.0593 3416 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:47.0593 3416 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:47.0593 3416 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:47.0609 3416 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:47.0609 3416 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:47.0609 3416 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:48:47.0609 3416 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:49:45.0515 2808 Deinitialize success
|
|
19.04.2012, 18:45
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2012, 15:42
| #28 |
| | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" So, der TDSS-Eintrag ist gelöscht, hier der neue LOG: Code:
ATTFilter 16:37:07.0703 3912 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
16:37:14.0390 3912 ============================================================
16:37:14.0390 3912 Current date / time: 2012/04/20 16:37:14.0390
16:37:14.0390 3912 SystemInfo:
16:37:14.0390 3912
16:37:14.0390 3912 OS Version: 5.1.2600 ServicePack: 3.0
16:37:14.0390 3912 Product type: Workstation
16:37:14.0390 3912 ComputerName: THOMAS-8157C8E2
16:37:14.0390 3912 UserName: T****
16:37:14.0390 3912 Windows directory: C:\WINDOWS
16:37:14.0390 3912 System windows directory: C:\WINDOWS
16:37:14.0390 3912 Processor architecture: Intel x86
16:37:14.0390 3912 Number of processors: 2
16:37:14.0390 3912 Page size: 0x1000
16:37:14.0390 3912 Boot type: Normal boot
16:37:14.0390 3912 ============================================================
16:37:14.0796 3912 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:37:14.0843 3912 \Device\Harddisk0\DR0:
16:37:14.0843 3912 MBR partitions:
16:37:14.0843 3912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
16:37:14.0859 3912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x1A0D1287
16:37:14.0875 3912 C: <-> \Device\Harddisk0\DR0\Partition0
16:37:14.0921 3912 D: <-> \Device\Harddisk0\DR0\Partition1
16:37:14.0921 3912 Initialize success
16:37:14.0921 3912 ============================================================
16:37:22.0031 2940 ============================================================
16:37:22.0031 2940 Scan started
16:37:22.0031 2940 Mode: Manual; SigCheck; TDLFS;
16:37:22.0031 2940 ============================================================
16:37:22.0187 2940 Abiosdsk - ok
16:37:22.0218 2940 abp480n5 - ok
16:37:22.0265 2940 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:37:23.0078 2940 ACPI - ok
16:37:23.0156 2940 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:37:23.0296 2940 ACPIEC - ok
16:37:23.0312 2940 adpu160m - ok
16:37:23.0359 2940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:37:23.0500 2940 aec - ok
16:37:23.0531 2940 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:37:23.0546 2940 AegisP ( UnsignedFile.Multi.Generic ) - warning
16:37:23.0546 2940 AegisP - detected UnsignedFile.Multi.Generic (1)
16:37:23.0578 2940 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:37:23.0640 2940 AFD - ok
16:37:23.0640 2940 Aha154x - ok
16:37:23.0656 2940 aic78u2 - ok
16:37:23.0656 2940 aic78xx - ok
16:37:23.0703 2940 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
16:37:23.0843 2940 Alerter - ok
16:37:23.0875 2940 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
16:37:24.0000 2940 ALG - ok
16:37:24.0015 2940 AliIde - ok
16:37:24.0031 2940 amsint - ok
16:37:24.0078 2940 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
16:37:24.0093 2940 AntiVirSchedulerService - ok
16:37:24.0109 2940 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
16:37:24.0140 2940 AntiVirService - ok
16:37:24.0203 2940 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
16:37:24.0359 2940 AppMgmt - ok
16:37:24.0375 2940 asc - ok
16:37:24.0390 2940 asc3350p - ok
16:37:24.0406 2940 asc3550 - ok
16:37:24.0484 2940 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:37:24.0500 2940 aspnet_state - ok
16:37:24.0531 2940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:37:24.0656 2940 AsyncMac - ok
16:37:24.0671 2940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:37:24.0828 2940 atapi - ok
16:37:24.0828 2940 Atdisk - ok
16:37:24.0875 2940 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe
16:37:24.0921 2940 Ati HotKey Poller - ok
16:37:24.0968 2940 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe
16:37:25.0000 2940 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
16:37:25.0000 2940 ATI Smart - detected UnsignedFile.Multi.Generic (1)
16:37:25.0062 2940 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:37:25.0125 2940 ati2mtag - ok
16:37:25.0156 2940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:37:25.0296 2940 Atmarpc - ok
16:37:25.0328 2940 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
16:37:25.0468 2940 AudioSrv - ok
16:37:25.0484 2940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:37:25.0625 2940 audstub - ok
16:37:25.0671 2940 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:37:25.0671 2940 avgio - ok
16:37:25.0703 2940 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:37:25.0734 2940 avgntflt - ok
16:37:25.0750 2940 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:37:25.0765 2940 avipbb - ok
16:37:25.0796 2940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:37:25.0937 2940 Beep - ok
16:37:25.0984 2940 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
16:37:26.0140 2940 BITS - ok
16:37:26.0203 2940 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
16:37:26.0359 2940 Browser - ok
16:37:26.0390 2940 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:37:26.0421 2940 BrScnUsb - ok
16:37:26.0453 2940 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
16:37:26.0484 2940 BrSerIf - ok
16:37:26.0500 2940 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
16:37:26.0531 2940 BrUsbSer - ok
16:37:26.0546 2940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:37:26.0687 2940 cbidf2k - ok
16:37:26.0703 2940 cd20xrnt - ok
16:37:26.0718 2940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:37:26.0859 2940 Cdaudio - ok
16:37:26.0890 2940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:37:27.0031 2940 Cdfs - ok
16:37:27.0046 2940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:37:27.0187 2940 Cdrom - ok
16:37:27.0218 2940 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
16:37:27.0234 2940 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
16:37:27.0234 2940 cercsr6 - detected UnsignedFile.Multi.Generic (1)
16:37:27.0234 2940 Changer - ok
16:37:27.0265 2940 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
16:37:27.0406 2940 CiSvc - ok
16:37:27.0421 2940 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
16:37:27.0578 2940 ClipSrv - ok
16:37:27.0625 2940 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:37:27.0640 2940 clr_optimization_v2.0.50727_32 - ok
16:37:27.0687 2940 CmdIde - ok
16:37:27.0687 2940 COMSysApp - ok
16:37:27.0718 2940 Cpqarray - ok
16:37:27.0750 2940 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
16:37:27.0890 2940 CryptSvc - ok
16:37:27.0906 2940 ctac32k - ok
16:37:27.0937 2940 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
16:37:27.0984 2940 ctdvda2k ( UnsignedFile.Multi.Generic ) - warning
16:37:27.0984 2940 ctdvda2k - detected UnsignedFile.Multi.Generic (1)
16:37:28.0000 2940 ctprxy2k - ok
16:37:28.0015 2940 ctsfm2k - ok
16:37:28.0015 2940 dac2w2k - ok
16:37:28.0031 2940 dac960nt - ok
16:37:28.0078 2940 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:37:28.0140 2940 DcomLaunch - ok
16:37:28.0171 2940 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
16:37:28.0312 2940 Dhcp - ok
16:37:28.0343 2940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:37:28.0468 2940 Disk - ok
16:37:28.0484 2940 dmadmin - ok
16:37:28.0515 2940 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:37:28.0687 2940 dmboot - ok
16:37:28.0718 2940 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:37:28.0843 2940 dmio - ok
16:37:28.0859 2940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:37:29.0000 2940 dmload - ok
16:37:29.0031 2940 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
16:37:29.0171 2940 dmserver - ok
16:37:29.0203 2940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:37:29.0343 2940 DMusic - ok
16:37:29.0375 2940 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
16:37:29.0437 2940 Dnscache - ok
16:37:29.0484 2940 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
16:37:29.0625 2940 Dot3svc - ok
16:37:29.0640 2940 dpti2o - ok
16:37:29.0671 2940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:37:29.0812 2940 drmkaud - ok
16:37:29.0859 2940 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:37:29.0890 2940 e1express - ok
16:37:29.0921 2940 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
16:37:30.0062 2940 EapHost - ok
16:37:30.0109 2940 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
16:37:30.0140 2940 ehRecvr - ok
16:37:30.0171 2940 ehSched (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
16:37:30.0203 2940 ehSched - ok
16:37:30.0218 2940 emupia - ok
16:37:30.0250 2940 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
16:37:30.0390 2940 ERSvc - ok
16:37:30.0421 2940 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:37:30.0468 2940 Eventlog - ok
16:37:30.0500 2940 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
16:37:30.0531 2940 EventSystem - ok
16:37:30.0593 2940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:37:30.0734 2940 Fastfat - ok
16:37:30.0765 2940 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:37:30.0796 2940 FastUserSwitchingCompatibility - ok
16:37:30.0828 2940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:37:30.0953 2940 Fdc - ok
16:37:31.0000 2940 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:37:31.0140 2940 Fips - ok
16:37:31.0156 2940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:37:31.0281 2940 Flpydisk - ok
16:37:31.0343 2940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:37:31.0468 2940 FltMgr - ok
16:37:31.0546 2940 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:37:31.0562 2940 FontCache3.0.0.0 - ok
16:37:31.0593 2940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:37:31.0718 2940 Fs_Rec - ok
16:37:31.0734 2940 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:37:31.0890 2940 Ftdisk - ok
16:37:31.0921 2940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:37:32.0078 2940 Gpc - ok
16:37:32.0109 2940 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
16:37:32.0125 2940 gupdate - ok
16:37:32.0140 2940 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
16:37:32.0156 2940 gupdatem - ok
16:37:32.0187 2940 Gupta SQLBase Advoware - ok
16:37:32.0218 2940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:37:32.0359 2940 HDAudBus - ok
16:37:32.0390 2940 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:37:32.0531 2940 helpsvc - ok
16:37:32.0578 2940 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
16:37:32.0703 2940 HidServ - ok
16:37:32.0718 2940 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:37:32.0859 2940 hidusb - ok
16:37:32.0890 2940 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
16:37:33.0046 2940 hkmsvc - ok
16:37:33.0062 2940 hpn - ok
16:37:33.0109 2940 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:37:33.0140 2940 HTTP - ok
16:37:33.0187 2940 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
16:37:33.0328 2940 HTTPFilter - ok
16:37:33.0343 2940 i2omgmt - ok
16:37:33.0343 2940 i2omp - ok
16:37:33.0375 2940 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:37:33.0406 2940 iastor - ok
16:37:33.0484 2940 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:37:33.0500 2940 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:37:33.0500 2940 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:37:33.0593 2940 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:37:33.0656 2940 idsvc - ok
16:37:33.0734 2940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:37:33.0875 2940 Imapi - ok
16:37:33.0906 2940 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
16:37:34.0046 2940 ImapiService - ok
16:37:34.0062 2940 ini910u - ok
16:37:34.0078 2940 IntelIde - ok
16:37:34.0125 2940 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:37:34.0265 2940 intelppm - ok
16:37:34.0296 2940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:37:34.0421 2940 Ip6Fw - ok
16:37:34.0453 2940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:37:34.0593 2940 IpFilterDriver - ok
16:37:34.0609 2940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:37:34.0734 2940 IpInIp - ok
16:37:34.0765 2940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:37:34.0890 2940 IpNat - ok
16:37:34.0953 2940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:37:35.0093 2940 IPSec - ok
16:37:35.0125 2940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:37:35.0250 2940 IRENUM - ok
16:37:35.0265 2940 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:37:35.0421 2940 isapnp - ok
16:37:35.0531 2940 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Programme\Java\jre6\bin\jqs.exe
16:37:35.0546 2940 JavaQuickStarterService - ok
16:37:35.0578 2940 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:37:35.0718 2940 Kbdclass - ok
16:37:35.0750 2940 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:37:35.0890 2940 kbdhid - ok
16:37:35.0906 2940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:37:36.0046 2940 kmixer - ok
16:37:36.0062 2940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:37:36.0140 2940 KSecDD - ok
16:37:36.0171 2940 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
16:37:36.0234 2940 lanmanserver - ok
16:37:36.0265 2940 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
16:37:36.0296 2940 lanmanworkstation - ok
16:37:36.0390 2940 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
16:37:36.0515 2940 Lavasoft Ad-Aware Service - ok
16:37:36.0546 2940 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
16:37:36.0578 2940 Lavasoft Kernexplorer - ok
16:37:36.0625 2940 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:37:36.0640 2940 Lbd - ok
16:37:36.0656 2940 lbrtfdc - ok
16:37:36.0703 2940 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
16:37:36.0843 2940 LmHosts - ok
16:37:36.0875 2940 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
16:37:36.0890 2940 MBAMProtector - ok
16:37:36.0953 2940 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
16:37:36.0984 2940 MBAMService - ok
16:37:37.0046 2940 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
16:37:37.0062 2940 McrdSvc - ok
16:37:37.0093 2940 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
16:37:37.0218 2940 Messenger - ok
16:37:37.0250 2940 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
16:37:37.0265 2940 MHN ( UnsignedFile.Multi.Generic ) - warning
16:37:37.0265 2940 MHN - detected UnsignedFile.Multi.Generic (1)
16:37:37.0296 2940 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:37:37.0312 2940 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
16:37:37.0312 2940 MHNDRV - detected UnsignedFile.Multi.Generic (1)
16:37:37.0343 2940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:37:37.0468 2940 mnmdd - ok
16:37:37.0515 2940 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
16:37:37.0671 2940 mnmsrvc - ok
16:37:37.0718 2940 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:37:37.0843 2940 Modem - ok
16:37:37.0859 2940 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:37:38.0000 2940 Mouclass - ok
16:37:38.0015 2940 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:37:38.0156 2940 mouhid - ok
16:37:38.0171 2940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:37:38.0312 2940 MountMgr - ok
16:37:38.0343 2940 mraid35x - ok
16:37:38.0375 2940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:37:38.0515 2940 MRxDAV - ok
16:37:38.0546 2940 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:37:38.0578 2940 MRxSmb - ok
16:37:38.0625 2940 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
16:37:38.0765 2940 MSDTC - ok
16:37:38.0796 2940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:37:38.0937 2940 Msfs - ok
16:37:38.0937 2940 MSIServer - ok
16:37:38.0984 2940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:37:39.0109 2940 MSKSSRV - ok
16:37:39.0125 2940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:37:39.0281 2940 MSPCLOCK - ok
16:37:39.0312 2940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:37:39.0453 2940 MSPQM - ok
16:37:39.0468 2940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:37:39.0609 2940 mssmbios - ok
16:37:39.0656 2940 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:37:39.0687 2940 Mup - ok
16:37:39.0734 2940 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
16:37:39.0890 2940 napagent - ok
16:37:39.0953 2940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:37:40.0109 2940 NDIS - ok
16:37:40.0140 2940 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:37:40.0171 2940 NdisTapi - ok
16:37:40.0187 2940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:37:40.0328 2940 Ndisuio - ok
16:37:40.0343 2940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:37:40.0484 2940 NdisWan - ok
16:37:40.0500 2940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:37:40.0546 2940 NDProxy - ok
16:37:40.0593 2940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:37:40.0718 2940 NetBIOS - ok
16:37:40.0750 2940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:37:40.0890 2940 NetBT - ok
16:37:40.0921 2940 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:37:41.0062 2940 NetDDE - ok
16:37:41.0078 2940 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:37:41.0218 2940 NetDDEdsdm - ok
16:37:41.0234 2940 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:37:41.0375 2940 Netlogon - ok
16:37:41.0421 2940 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
16:37:41.0562 2940 Netman - ok
16:37:41.0625 2940 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:37:41.0640 2940 NetTcpPortSharing - ok
16:37:41.0671 2940 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
16:37:41.0718 2940 Nla - ok
16:37:41.0734 2940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:37:41.0859 2940 Npfs - ok
16:37:41.0890 2940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:37:42.0062 2940 Ntfs - ok
16:37:42.0078 2940 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:37:42.0218 2940 NtLmSsp - ok
16:37:42.0265 2940 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
16:37:42.0406 2940 NtmsSvc - ok
16:37:42.0437 2940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:37:42.0578 2940 Null - ok
16:37:42.0593 2940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:37:42.0734 2940 NwlnkFlt - ok
16:37:42.0750 2940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:37:42.0875 2940 NwlnkFwd - ok
16:37:42.0953 2940 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
16:37:43.0000 2940 odserv - ok
16:37:43.0046 2940 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:37:43.0062 2940 ose - ok
16:37:43.0093 2940 ossrv - ok
16:37:43.0140 2940 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
16:37:43.0281 2940 Parport - ok
16:37:43.0312 2940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:37:43.0437 2940 PartMgr - ok
16:37:43.0484 2940 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:37:43.0609 2940 ParVdm - ok
16:37:43.0640 2940 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:37:43.0765 2940 PCI - ok
16:37:43.0796 2940 PCIDump - ok
16:37:43.0812 2940 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:37:43.0953 2940 PCIIde - ok
16:37:44.0000 2940 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:37:44.0140 2940 Pcmcia - ok
16:37:44.0140 2940 PDCOMP - ok
16:37:44.0156 2940 PDFRAME - ok
16:37:44.0156 2940 PDRELI - ok
16:37:44.0171 2940 PDRFRAME - ok
16:37:44.0187 2940 perc2 - ok
16:37:44.0203 2940 perc2hib - ok
16:37:44.0250 2940 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:37:44.0296 2940 PlugPlay - ok
16:37:44.0328 2940 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:37:44.0453 2940 PolicyAgent - ok
16:37:44.0500 2940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:37:44.0640 2940 PptpMiniport - ok
16:37:44.0640 2940 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:37:44.0765 2940 ProtectedStorage - ok
16:37:44.0781 2940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:37:44.0906 2940 PSched - ok
16:37:44.0921 2940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:37:45.0062 2940 Ptilink - ok
16:37:45.0078 2940 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:37:45.0109 2940 PxHelp20 - ok
16:37:45.0140 2940 ql1080 - ok
16:37:45.0156 2940 Ql10wnt - ok
16:37:45.0156 2940 ql12160 - ok
16:37:45.0171 2940 ql1240 - ok
16:37:45.0187 2940 ql1280 - ok
16:37:45.0203 2940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:37:45.0343 2940 RasAcd - ok
16:37:45.0375 2940 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
16:37:45.0515 2940 RasAuto - ok
16:37:45.0546 2940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:37:45.0687 2940 Rasl2tp - ok
16:37:45.0718 2940 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
16:37:45.0859 2940 RasMan - ok
16:37:45.0875 2940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:37:46.0015 2940 RasPppoe - ok
16:37:46.0015 2940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:37:46.0156 2940 Raspti - ok
16:37:46.0187 2940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:37:46.0328 2940 Rdbss - ok
16:37:46.0343 2940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:37:46.0468 2940 RDPCDD - ok
16:37:46.0500 2940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:37:46.0640 2940 rdpdr - ok
16:37:46.0687 2940 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:37:46.0734 2940 RDPWD - ok
16:37:46.0750 2940 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
16:37:46.0890 2940 RDSessMgr - ok
16:37:46.0921 2940 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:37:47.0046 2940 redbook - ok
16:37:47.0093 2940 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
16:37:47.0218 2940 RemoteAccess - ok
16:37:47.0281 2940 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
16:37:47.0421 2940 RemoteRegistry - ok
16:37:47.0453 2940 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
16:37:47.0593 2940 RpcLocator - ok
16:37:47.0625 2940 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:37:47.0687 2940 RpcSs - ok
16:37:47.0718 2940 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
16:37:47.0859 2940 RSVP - ok
16:37:47.0906 2940 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
16:37:47.0953 2940 RTLWUSB - ok
16:37:47.0968 2940 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:37:48.0109 2940 SamSs - ok
16:37:48.0125 2940 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
16:37:48.0265 2940 SCardSvr - ok
16:37:48.0328 2940 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
16:37:48.0453 2940 Schedule - ok
16:37:48.0484 2940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:37:48.0609 2940 Secdrv - ok
16:37:48.0656 2940 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
16:37:48.0796 2940 seclogon - ok
16:37:48.0828 2940 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
16:37:48.0968 2940 SENS - ok
16:37:49.0031 2940 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
16:37:49.0171 2940 Serial - ok
16:37:49.0203 2940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:37:49.0343 2940 Sfloppy - ok
16:37:49.0390 2940 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
16:37:49.0531 2940 SharedAccess - ok
16:37:49.0578 2940 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:37:49.0593 2940 ShellHWDetection - ok
16:37:49.0609 2940 Simbad - ok
16:37:49.0625 2940 Sparrow - ok
16:37:49.0671 2940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:37:49.0812 2940 splitter - ok
16:37:49.0828 2940 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:37:49.0875 2940 Spooler - ok
16:37:49.0890 2940 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:37:50.0046 2940 sr - ok
16:37:50.0078 2940 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
16:37:50.0218 2940 srservice - ok
16:37:50.0281 2940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:37:50.0328 2940 Srv - ok
16:37:50.0375 2940 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
16:37:50.0515 2940 SSDPSRV - ok
16:37:50.0546 2940 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:37:50.0546 2940 ssmdrv - ok
16:37:50.0609 2940 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
16:37:50.0687 2940 STHDA - ok
16:37:50.0750 2940 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
16:37:50.0890 2940 stisvc - ok
16:37:50.0937 2940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:37:51.0093 2940 swenum - ok
16:37:51.0109 2940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:37:51.0234 2940 swmidi - ok
16:37:51.0265 2940 SwPrv - ok
16:37:51.0281 2940 symc810 - ok
16:37:51.0296 2940 symc8xx - ok
16:37:51.0312 2940 sym_hi - ok
16:37:51.0328 2940 sym_u3 - ok
16:37:51.0343 2940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:37:51.0468 2940 sysaudio - ok
16:37:51.0500 2940 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
16:37:51.0625 2940 SysmonLog - ok
16:37:51.0656 2940 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
16:37:51.0796 2940 TapiSrv - ok
16:37:51.0843 2940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:37:51.0906 2940 Tcpip - ok
16:37:51.0921 2940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:37:52.0062 2940 TDPIPE - ok
16:37:52.0062 2940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:37:52.0218 2940 TDTCP - ok
16:37:52.0234 2940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:37:52.0375 2940 TermDD - ok
16:37:52.0406 2940 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
16:37:52.0546 2940 TermService - ok
16:37:52.0578 2940 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:37:52.0593 2940 Themes - ok
16:37:52.0609 2940 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
16:37:52.0750 2940 TlntSvr - ok
16:37:52.0781 2940 TosIde - ok
16:37:52.0796 2940 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
16:37:52.0921 2940 TrkWks - ok
16:37:52.0968 2940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:37:53.0109 2940 Udfs - ok
16:37:53.0109 2940 ultra - ok
16:37:53.0140 2940 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
16:37:53.0281 2940 UMWdf - ok
16:37:53.0343 2940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:37:53.0531 2940 Update - ok
16:37:53.0578 2940 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
16:37:53.0750 2940 upnphost - ok
16:37:53.0765 2940 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
16:37:53.0890 2940 UPS - ok
16:37:53.0921 2940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:37:54.0062 2940 usbccgp - ok
16:37:54.0140 2940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:37:54.0265 2940 usbehci - ok
16:37:54.0296 2940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:37:54.0453 2940 usbhub - ok
16:37:54.0484 2940 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:37:54.0625 2940 usbprint - ok
16:37:54.0640 2940 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:37:54.0781 2940 usbstor - ok
16:37:54.0812 2940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:37:54.0937 2940 usbuhci - ok
16:37:54.0953 2940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:37:55.0093 2940 VgaSave - ok
16:37:55.0109 2940 ViaIde - ok
16:37:55.0125 2940 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:37:55.0265 2940 VolSnap - ok
16:37:55.0296 2940 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
16:37:55.0453 2940 VSS - ok
16:37:55.0484 2940 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
16:37:55.0640 2940 W32Time - ok
16:37:55.0671 2940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:37:55.0796 2940 Wanarp - ok
16:37:55.0812 2940 WDICA - ok
16:37:55.0828 2940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:37:55.0953 2940 wdmaud - ok
16:37:56.0000 2940 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
16:37:56.0140 2940 WebClient - ok
16:37:56.0187 2940 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:37:56.0328 2940 winmgmt - ok
16:37:56.0406 2940 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
16:37:56.0421 2940 WmdmPmSN - ok
16:37:56.0484 2940 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
16:37:56.0546 2940 Wmi - ok
16:37:56.0578 2940 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:37:56.0718 2940 WmiApSrv - ok
16:37:56.0765 2940 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:37:56.0781 2940 WpdUsb - ok
16:37:56.0812 2940 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:37:56.0953 2940 WS2IFSL - ok
16:37:56.0984 2940 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
16:37:57.0125 2940 wscsvc - ok
16:37:57.0171 2940 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
16:37:57.0312 2940 wuauserv - ok
16:37:57.0359 2940 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
16:37:57.0500 2940 WZCSVC - ok
16:37:57.0546 2940 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
16:37:57.0687 2940 xmlprov - ok
16:37:57.0718 2940 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:37:58.0015 2940 \Device\Harddisk0\DR0 - ok
16:37:58.0015 2940 Boot (0x1200) (2aaf8028c97de81c932314d032565c66) \Device\Harddisk0\DR0\Partition0
16:37:58.0015 2940 \Device\Harddisk0\DR0\Partition0 - ok
16:37:58.0046 2940 Boot (0x1200) (f32f02e405acd54e59b1ca0c79cbeaeb) \Device\Harddisk0\DR0\Partition1
16:37:58.0046 2940 \Device\Harddisk0\DR0\Partition1 - ok
16:37:58.0046 2940 ============================================================
16:37:58.0046 2940 Scan finished
16:37:58.0046 2940 ============================================================
16:37:58.0156 2928 Detected object count: 7
16:37:58.0156 2928 Actual detected object count: 7
16:38:18.0406 2928 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:18.0406 2928 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:18.0406 2928 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:18.0406 2928 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:18.0421 2928 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:18.0421 2928 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:18.0421 2928 ctdvda2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:18.0421 2928 ctdvda2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:18.0421 2928 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:18.0421 2928 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:18.0421 2928 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:18.0421 2928 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:18.0421 2928 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:38:18.0421 2928 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:38:22.0187 3616 Deinitialize success
|
|
20.04.2012, 19:13
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2012, 16:01
| #30 |
| | Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" Hi, habe ComboFix durchgeführt. Hier das Resultat: Gruß! Code:
ATTFilter ComboFix 12-04-22.01 - T**** 22.04.2012 16:38:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1218 [GMT 2:00]
ausgef¸hrt von:: c:\dokumente und einstellungen\T****\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Lˆschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\R119714.EXE
c:\windows\IsUn0407.exe
c:\windows\setupapi.log
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
.
c:\windows\system32\drivers\i8042prt.sys fehlte
Kopie von - c:\windows\ServicePackFiles\i386\i8042prt.sys wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-22 bis 2012-04-22 ))))))))))))))))))))))))))))))
.
.
2012-04-22 14:41 . 2008-04-14 01:55 52992 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-04-22 14:41 . 2008-04-14 01:55 52992 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-04-20 14:33 . 2012-04-20 14:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 15:44 . 2012-04-19 15:44 2072112 ----a-w- c:\programme\tdsskiller.exe
2012-04-13 12:23 . 2012-04-13 12:23 -------- d-----w- c:\programme\ESET
2012-04-13 11:08 . 2012-04-13 11:08 -------- d-----w- c:\dokumente und einstellungen\T****\Anwendungsdaten\Malwarebytes
2012-04-13 11:07 . 2012-04-13 11:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-04-13 11:07 . 2012-04-13 11:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-04-13 11:07 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 21:58 . 2012-04-12 21:58 -------- d-----w- C:\_OTL
2012-04-12 16:21 . 2012-04-12 16:21 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 16:27 . 2012-04-12 16:27 310120 ----a-w- C:\_OTL.zip
2012-03-01 01:15 . 2006-03-04 03:34 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:15 . 2004-08-10 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:15 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:15 . 2004-08-10 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-02-29 14:09 . 2004-08-10 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-08-10 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:57 . 2004-08-10 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-09-18 282624]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmen¸\Programme\Autostart\
NETGEAR WG111v2 Smart Wizard.lnk - c:\programme\NETGEAR\WG111v2\WG111v2.exe [2006-7-30 1101824]
NkbMonitor.exe.lnk - c:\programme\Nikon\PictureProject\NkbMonitor.exe [2011-9-18 118784]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.01.2011 19:49 64288]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.01.2011 18:11 136360]
R2 Gupta SQLBase Advoware;Gupta SQLBase Advoware;c:\advoweb\Advoware\Server\dbntsrv.exe "SERVICE=Gupta SQLBase Advoware" "INI=c:\advoweb\Advoware\Server\sqlsrv.ini" --> c:\advoweb\Advoware\Server\dbntsrv.exe SERVICE=Gupta SQLBase Advoware [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [03.12.2010 11:05 2152152]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [13.04.2012 13:07 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.04.2012 13:07 22344]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27.03.2006 18:53 167808]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [21.01.2011 19:42 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [21.01.2011 19:42 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\Lavasoft\Ad-Aware\kernexplorer.sys [03.12.2010 11:05 15232]
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 07:40]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-21 17:42]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-21 17:42]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://ksta.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\dokumente und einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-22 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteintr‰ge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\advoweb\Advoware\Server\dbntsrv.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-22 16:51:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-22 14:51
.
Vor Suchlauf: 2.735.775.744 Bytes frei
Nach Suchlauf: 3.080.953.856 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 53AAC44AF0791DA311C16E53A616182A
|
|
| Themen zu Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" |
| 0x00000001, ad-aware, avira, bho, bildschirm, booten, computer, conduit, desktop, disabletaskmgr, error, excel, firefox, flash player, google earth, helper, logfile, microsoft office word, netgear, object, office 2007, otl-datei, plug-in, registry, remote control, rundll, scan, security, server, software, system, thomas, udp, usb 2.0, windows internet, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
