| |
| |||||||
Log-Analyse und Auswertung: Sophos hat Troj/Java-CN und Mal/Generic-L gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.04.2012, 19:55
| #1 |
 |  Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Hallo, Sophos hat heute Mal/Generic-L in der Datei C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Microsoft\saletoc.exe gefunden, in Quarantäne gestellt und bereinigt. Danach wurde noch ein Registrierungseintrag ausfindig gemacht und bereinigt. Da mein Notebook in letzter Zeit sowieso immer langsamer wurde, habe ich CCleaner laufen lassen. Dabei hat Sophos in C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\photos.class Troj/Java-CN und in C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\0.761964080814858767f76.exe Mal/Generic-L gefunden und in Quarantäne verschoben. Durch Bereinigen von Sophos sind die auch verschwunden. Da ich aber der Sache nicht so traue, wollte ich sicherheitshalber hier mal nachfragen... Habe alle Schritte von "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" befolgt hoffe ich  [HTML].DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Run by Rainer at 16:39:35 on 2012-04-14
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.511.25 [GMT 2:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Programme\Sophos\AutoUpdate\ALsvc.exe
C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Programme\RealVNC\VNC4\winvnc4.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Wistron\AVManager\AVManager.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
C:\Programme\Sophos\AutoUpdate\almon.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [<NO NAME>]
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [LaunchAp] c:\programme\launch manager\LaunchAp.exe
mRun: [HotkeyApp] c:\programme\launch manager\HotkeyApp.exe
mRun: [LMgrOSD] c:\programme\launch manager\OSD.exe
mRun: [Wbutton] "c:\programme\launch manager\Wbutton.exe"
mRun: [CtrlVol] c:\programme\launch manager\CtrlVol.exe
mRun: [AVManager] "c:\programme\wistron\avmanager\AVManager.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\programme\ati technologies\ati control panel\atiptaxx.exe
mRun: [RemoteControl] "c:\programme\home cinema\powerdvd\PDVDServ.exe"
mRun: [PCMService] "c:\programme\home cinema\powercinema\PCMService.exe"
mRun: [mmtask] c:\programme\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [ISUSPM Startup] "c:\programme\gemeinsame dateien\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\programme\gemeinsame dateien\ahead\lib\NeroCheck.exe
mRun: [PCSuiteTrayApplication] c:\programme\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [IntelZeroConfig] "c:\programme\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\programme\gemeinsame dateien\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Sophos AutoUpdate Monitor] c:\programme\sophos\autoupdate\almon.exe
mRun: [NokiaMServer] c:\programme\gemeinsame dateien\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [CamAppSTI.exe] c:\programme\aveo usb2.0 pc camera\CamAppSTI.exe
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [Reader Application Helper] c:\programme\sony\readerdesktop\apphelper\ReaderAppHelper.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\programme\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\bttray.lnk - c:\programme\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\photof~1.lnk - c:\programme\gemeinsame dateien\panasonic\photofunstudio autostart\AutoStartupService.exe
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programme\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\programme\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\dokumente und einstellungen\all users\anwendungsdaten\sophos\web intelligence\swi_ifslsp.dll
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ACDBBC2A-3124-4FFC-ACF7-BA5A827626A3} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F84E9999-9CD8-497A-960B-176816782B1B} : NameServer = 192.168.0.1
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\rainer\anwendungsdaten\mozilla\firefox\profiles\7t22gtgu.default\
FF - component: c:\programme\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\sony\readerdesktop\npreaderdetectmoz.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-27 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-27 251680]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-10-12 708864]
.
=============== Created Last 30 ================
.
2012-04-14 13:16:21 -------- d-----w- c:\programme\MSECache
2012-04-14 12:41:55 -------- d-sh--w- C:\found.002
2012-04-14 12:06:29 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-28 19:17:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-28 19:17:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-21 19:17:24 592824 ----a-w- c:\programme\mozilla firefox\gkmedias.dll
2012-03-21 19:17:24 44472 ----a-w- c:\programme\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
.
============= FINISH: 16:45:03,64 ===============
Geändert von ChrZiegler (14.04.2012 um 20:01 Uhr) Grund: aktualisierung |
|
15.04.2012, 17:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
15.04.2012, 23:56
| #3 |
| | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Hier die Logs...
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.15.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 Rainer :: MEDION95400 [Administrator] 15.04.2012 21:02:48 mbam-log-2012-04-15 (21-02-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 319239 Laufzeit: 1 Stunde(n), 27 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=489ef464a01cdc4498b611b3e57f4cd7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 10:44:16
# local_time=2012-04-16 12:44:16 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 228 228 0 0
# compatibility_mode=8449 16775141 50 97 75 111581700 0 0
# scanned=104954
# found=4
# cleaned=0
# scan_time=7285
C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25\5b3f9e99-7323df9e a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\jar_cache3897618242322183173.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\jar_cache6024172789864629329.tmp a variant of Java/Exploit.Agent.NAL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\jar_cache63167.tmp Java/TrojanDownloader.OpenStream.NAB trojan (unable to clean) 00000000000000000000000000000000 I
|
|
16.04.2012, 11:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2012, 17:05
| #5 |
| | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden 1.) Der normale Modus geht uneingeschränkt - ist nur sehr langsam... 2.) Im Startmenü vermisse ich nichts. Nur die Liste der zuletzt benutzten Programme war leer. Bei den Ordnern ist alles vorhanden. *UPDATE* Gerade habe ich bemerkt, dass Sophos wieder eine Datei mit Mal/Generic-L in Quarantäne verschoben hat: C:\System Volume Information\_restore{57C4CAD6-00BF-4B54-9A55-A6C69BA0472D}\RP1027\A0754833.exe Soll ich das bereinigen lassen von Sophos oder erst einmal abwarten? Geändert von ChrZiegler (16.04.2012 um 17:12 Uhr) Grund: aktualisierung |
|
16.04.2012, 20:18
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Sophos hat Troj/Java-CN und Mal/Generic-L gefunden |
|
16.04.2012, 21:00
| #7 |
| | Sophos hat Troj/Java-CN und Mal/Generic-L gefundenCode:
ATTFilter OTL logfile created on: 16.04.2012 21:37:36 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Rainer\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,98 Mb Total Physical Memory | 175,32 Mb Available Physical Memory | 34,31% Memory free 1,22 Gb Paging File | 0,74 Gb Available in Paging File | 60,46% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46,29 Gb Total Space | 10,46 Gb Free Space | 22,59% Space Free | Partition Type: NTFS Drive D: | 36,88 Gb Total Space | 19,45 Gb Free Space | 52,74% Space Free | Partition Type: NTFS Drive E: | 9,86 Gb Total Space | 3,45 Gb Free Space | 35,02% Space Free | Partition Type: FAT32 Computer Name: MEDION95400 | User Name: Rainer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.16 21:35:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rainer\Desktop\OTL.exe PRC - [2012.03.09 08:35:44 | 002,818,072 | ---- | M] (Sophos Limited) -- c:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012.01.31 20:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2012.01.12 21:18:42 | 000,232,472 | ---- | M] (Sophos Limited) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe PRC - [2012.01.12 21:18:29 | 000,900,120 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALMon.exe PRC - [2012.01.12 21:15:23 | 000,212,504 | ---- | M] (Sophos Limited) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.01.12 21:15:21 | 000,139,800 | ---- | M] (Sophos Limited) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.08.29 18:55:11 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe PRC - [2011.03.31 16:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2010.01.20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2009.11.03 15:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2009.11.03 15:45:48 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2009.11.03 15:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe PRC - [2009.11.03 15:35:14 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe PRC - [2009.11.03 15:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe PRC - [2009.01.04 16:26:16 | 000,028,672 | ---- | M] (AVEO) -- C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.16 15:32:40 | 000,848,888 | ---- | M] (RealVNC Ltd.) -- C:\Programme\RealVNC\VNC4\winvnc4.exe PRC - [2005.01.11 18:18:40 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005.01.11 18:18:40 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2005.01.11 18:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe PRC - [2005.01.11 18:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2005.01.11 18:17:20 | 000,118,926 | ---- | M] (CyberLink Corp.) -- C:\Programme\Home Cinema\PowerCinema\PCMService.exe PRC - [2004.11.29 19:55:44 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2004.11.26 18:49:54 | 000,081,920 | ---- | M] (Wistron Corporation) -- C:\Programme\Wistron\AVManager\AVManager.exe PRC - [2004.11.23 16:01:28 | 000,073,728 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe PRC - [2004.11.11 15:13:44 | 000,049,152 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2004.11.02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe PRC - [2004.08.06 14:04:10 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2004.07.26 14:52:34 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe PRC - [2004.01.02 14:58:48 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.01.02 14:58:42 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2012.01.31 20:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2012.01.31 20:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2012.01.31 20:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2012.01.31 20:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2012.01.31 20:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2012.01.31 20:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2012.01.31 20:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2012.01.31 20:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2012.01.31 20:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2012.01.31 20:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2012.01.31 20:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2012.01.31 20:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2012.01.31 20:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2011.11.17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2010.09.23 14:58:28 | 000,689,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\217f47a04d65b6bec88290c1afa830d6\System.Data.SqlServerCe.ni.dll MOD - [2010.06.24 19:59:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.06.24 19:58:51 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2010.06.14 13:13:46 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll MOD - [2010.06.14 13:13:29 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll MOD - [2010.06.14 13:11:17 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll MOD - [2010.06.14 09:19:55 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll MOD - [2010.06.14 09:19:02 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll MOD - [2010.06.14 09:17:46 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll MOD - [2010.06.14 09:16:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll MOD - [2010.06.14 09:12:16 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll MOD - [2009.11.03 15:35:46 | 000,200,704 | ---- | M] () -- C:\Programme\Intel\WiFi\bin\iWMSProv.dll MOD - [2009.10.15 08:33:30 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll MOD - [2009.10.06 15:36:56 | 000,205,312 | ---- | M] () -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\patchw32.dll MOD - [2008.10.20 15:28:44 | 000,045,056 | ---- | M] () -- C:\Programme\AVEO USB2.0 PC Camera\AVEOCamSDK.dll MOD - [2006.07.26 02:00:00 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2006.07.26 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2005.01.11 18:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe MOD - [2005.01.11 18:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe MOD - [2005.01.11 18:17:50 | 000,168,020 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapEngine.dll MOD - [2005.01.11 18:17:50 | 000,057,422 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSchMgr.dll MOD - [2005.01.11 18:17:50 | 000,028,672 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvcps.dll MOD - [2005.01.11 18:17:14 | 000,229,458 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll MOD - [2004.11.29 19:56:52 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2004.11.23 16:01:28 | 000,073,728 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe MOD - [2004.08.06 14:04:10 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe MOD - [2003.04.01 21:54:00 | 000,743,424 | ---- | M] () -- C:\Programme\Wistron\AVManager\libxml2.dll MOD - [2002.06.27 20:11:00 | 000,872,448 | ---- | M] () -- C:\Programme\Wistron\AVManager\iconv.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.14 14:07:01 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.03.09 08:35:44 | 002,818,072 | ---- | M] (Sophos Limited) [Auto | Running] -- c:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.03.09 08:34:56 | 001,453,080 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_update.exe -- (swi_update) SRV - [2012.01.12 21:18:42 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.01.12 21:15:23 | 000,212,504 | ---- | M] (Sophos Limited) [Auto | Running] -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.01.12 21:15:21 | 000,139,800 | ---- | M] (Sophos Limited) [Auto | Running] -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2011.11.17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.11.03 15:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2009.11.03 15:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2009.11.03 15:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.10.16 15:32:40 | 000,848,888 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4) SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.01.11 18:18:40 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.01.11 18:18:10 | 000,110,668 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2005.01.11 18:18:04 | 000,184,398 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.01.12 21:16:47 | 000,024,832 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter) DRV - [2012.01.12 21:16:39 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2012.01.12 21:12:56 | 000,154,624 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl) DRV - [2011.06.28 17:19:24 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\skmscan.sys -- (SKMScan) DRV - [2010.12.02 15:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.12.02 15:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.12.02 15:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.12.02 15:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.12.02 13:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.12.02 13:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.03.15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2008.10.02 11:48:19 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008.03.17 12:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.01.07 14:36:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2006.10.13 16:40:54 | 000,611,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2006.10.12 20:14:59 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k) DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005.06.03 14:41:00 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.04.22 10:25:26 | 000,708,864 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2004.11.29 19:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2004.11.29 19:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2004.11.29 19:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP) DRV - [2004.11.29 19:34:20 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2004.11.29 19:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2004.11.29 19:31:16 | 000,030,299 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2004.11.29 19:31:08 | 000,030,125 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2004.11.29 19:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2004.05.26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004.01.16 13:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2004.01.02 14:58:48 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.01.02 14:58:46 | 000,067,968 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004.01.02 14:58:40 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2003.08.29 18:47:48 | 000,007,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flash.sys -- (flash) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-839522115-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1085031214-839522115-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1085031214-839522115-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1085031214-839522115-1343024091-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1085031214-839522115-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.74 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.05 16:49:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.21 21:17:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.14 15:59:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.05 16:49:38 | 000,000,000 | ---D | M] [2010.04.05 16:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Extensions [2011.04.29 13:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\7t22gtgu.default\extensions [2010.08.13 18:38:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla\Firefox\Profiles\7t22gtgu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.10 08:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.12.13 12:03:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.03.21 21:17:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.01.10 08:55:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.10 08:55:13 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.01.10 08:55:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.10 08:55:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.10 08:55:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.10 08:55:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.07.26 02:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3 - HKU\S-1-5-21-1085031214-839522115-1343024091-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVManager] C:\Programme\Wistron\AVManager\AVManager.exe (Wistron Corporation) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CamAppSTI.exe] C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe (AVEO) O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] c:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-1085031214-839522115-1343024091-1003..\Run: [] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 5.1 HD Edition.lnk = C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1085031214-839522115-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74E014C6-8CE2-414C-87E2-299B95C44099}: NameServer = 217.0.43.177 217.0.43.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F84E9999-9CD8-497A-960B-176816782B1B}: NameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - c:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.12 11:30:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\Shell - "" = AutoRun O33 - MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{330e5f40-d25e-11e0-a811-000e35c21fb0}\Shell\AutoRun\command - "" = G:\AutoRun.EXE O33 - MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\Shell - "" = AutoRun O33 - MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\Shell - "" = AutoRun O33 - MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\Shell - "" = AutoRun O33 - MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f7ef1a00-5dfe-11e1-a8e8-000e35c21fb0}\Shell\AutoRun\command - "" = G:\RunClubSanDisk.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SAVService - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SAVService - c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7393A46A-46E2-4ECC-0DB9-B6F68074BBEE} - Outlook Express ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\sx_cam_i420.dll (Xirlink, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.16 21:35:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rainer\Desktop\OTL.exe [2012.04.15 22:39:05 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.14 16:31:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Rainer\Desktop\dds.com [2012.04.14 15:59:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.14 15:28:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Rainer\Recent [2012.04.14 15:16:21 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2012.04.14 14:41:55 | 000,000,000 | -HSD | C] -- C:\found.002 [68 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.16 21:42:03 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.16 21:35:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rainer\Desktop\OTL.exe [2012.04.16 21:27:34 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.16 21:27:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.16 18:06:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.16 00:58:19 | 000,001,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rainer\Eigene Dateien\Default.rdp [2012.04.15 20:18:43 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.14 19:33:29 | 000,005,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Desktop\Logfiles.zip [2012.04.14 16:53:23 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Desktop\bdxhteeo.exe [2012.04.14 16:32:09 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\defogger_reenable [2012.04.14 16:31:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Rainer\Desktop\dds.com [2012.04.14 16:30:09 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Desktop\Defogger.exe [2012.04.14 16:10:08 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.04.14 15:09:18 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.04.14 08:11:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.01 18:03:52 | 000,449,334 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.01 18:03:52 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.01 18:03:52 | 000,067,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.01 18:03:51 | 000,080,268 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [68 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.15 20:18:43 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.14 19:33:29 | 000,005,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Desktop\Logfiles.zip [2012.04.14 16:53:20 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Desktop\bdxhteeo.exe [2012.04.14 16:30:39 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\defogger_reenable [2012.04.14 16:29:59 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Desktop\Defogger.exe [2012.03.28 21:17:07 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.01.23 08:27:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\{A4C35BA3-0E4B-4454-ACA6-0B1EB16FD792} [2012.01.23 08:27:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Anwendungsdaten\{89B8869C-9C7A-4723-8F1F-6EFB507CF4A9} [2010.09.23 15:01:41 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010.09.23 15:01:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010.09.23 15:01:41 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010.09.23 15:01:41 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010.09.23 15:01:41 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010.09.23 15:01:41 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010.09.23 15:01:41 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010.09.23 15:01:41 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010.09.23 15:01:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010.09.23 15:01:41 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2010.09.23 15:01:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010.09.23 15:01:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010.09.23 15:01:41 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010.09.23 15:01:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010.09.23 15:01:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010.09.23 15:01:41 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2010.09.23 15:01:41 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2010.09.23 15:01:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010.09.23 15:01:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini ========== LOP Check ========== [2007.06.03 15:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.02.07 21:19:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma [2010.11.12 12:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.05.01 14:14:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011.06.05 17:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaAccount [2011.04.29 13:12:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.05.01 19:05:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache [2010.09.23 15:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2007.06.03 15:21:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.11.12 12:41:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2008.09.24 10:23:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate [2012.01.12 21:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos [2011.02.12 19:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0 [2011.08.29 18:49:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2011.02.15 13:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings [2006.10.12 13:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander [2010.01.17 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\abgx360 [2008.09.20 12:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\MAGIX [2011.06.18 13:16:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia [2007.07.19 08:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia Multimedia Player [2011.06.18 13:16:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia Ovi Suite [2011.06.18 12:50:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\PC Suite [2010.11.12 12:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\proDAD ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.17 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\abgx360 [2012.02.14 14:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Adobe [2012.01.23 21:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\AdobeUM [2007.03.28 11:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Ahead [2006.10.13 17:06:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Corel [2006.10.12 20:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\CyberLink [2010.08.13 18:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Google [2011.01.16 18:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Help [2006.10.12 11:42:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Identities [2011.08.29 18:59:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\InstallShield [2010.06.24 20:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Intel [2006.10.12 17:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Macromedia [2008.09.20 12:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\MAGIX [2010.11.11 19:12:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Malwarebytes [2012.04.14 15:17:50 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Microsoft [2010.04.05 16:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Mozilla [2011.06.18 13:16:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia [2007.07.19 08:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia Multimedia Player [2011.06.18 13:16:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia Ovi Suite [2011.06.18 12:50:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\PC Suite [2010.11.12 12:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\proDAD [2012.02.07 20:31:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Sony Corporation [2006.12.26 12:53:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Sun [2006.10.13 16:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\U3 < %APPDATA%\*.exe /s > [2006.10.13 17:05:54 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe [2006.10.13 17:05:54 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe [2011.05.01 18:33:37 | 075,862,048 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe [2011.02.02 10:26:23 | 075,862,048 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\Nokia\Ovi Suite\Software Updater\Nokia_Ovi_Suite_webupgrade_ALL.exe [2005.06.06 10:29:14 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Rainer\Anwendungsdaten\U3\temp\cleanup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.07.26 02:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2006.07.26 02:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.07.26 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2010.01.18 11:15:22 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=43D4AAF044843D801F70861BF51C7DB2 -- C:\Programme\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\EventLog\EventLog.dll [2010.01.18 11:15:22 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=43D4AAF044843D801F70861BF51C7DB2 -- C:\Programme\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\Spec\AVCHD\BDCore\EventLog.dll [2006.07.26 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2006.07.26 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2006.07.26 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2006.07.26 02:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll [2006.07.26 02:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2006.07.26 02:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll < MD5 for: USERINIT.EXE > [2006.07.26 02:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2006.07.26 02:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.12 18:21:48 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=33AA1F31DE9099BB306F4195FEC61421 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.07.26 02:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.07.26 02:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006.10.12 13:10:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.10.12 13:10:41 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.10.12 13:10:41 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > ========== Files - Unicode (All) ========== [2007.01.03 18:17:04 | 000,000,332 | ---- | M] ()(C:\WINDOWS\?) -- C:\WINDOWS\ἠ [2007.01.03 18:16:32 | 000,000,332 | ---- | C] ()(C:\WINDOWS\?) -- C:\WINDOWS\ἠ [2007.01.03 18:03:29 | 000,000,040 | ---- | M] ()(C:\WINDOWS\???) -- C:\WINDOWS\✐✐✐ [2007.01.03 18:03:29 | 000,000,040 | ---- | C] ()(C:\WINDOWS\???) -- C:\WINDOWS\✐✐✐ < End of report > |
|
17.04.2012, 11:25
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.12 11:30:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\Shell - "" = AutoRun
O33 - MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{330e5f40-d25e-11e0-a811-000e35c21fb0}\Shell\AutoRun\command - "" = G:\AutoRun.EXE
O33 - MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\Shell - "" = AutoRun
O33 - MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\Shell - "" = AutoRun
O33 - MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\Shell - "" = AutoRun
O33 - MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f7ef1a00-5dfe-11e1-a8e8-000e35c21fb0}\Shell\AutoRun\command - "" = G:\RunClubSanDisk.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 13:37
| #9 |
| | Sophos hat Troj/Java-CN und Mal/Generic-L gefundenCode:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aeff421-4d6e-11e0-a731-000e35c21fb0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330e5f40-d25e-11e0-a811-000e35c21fb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{330e5f40-d25e-11e0-a811-000e35c21fb0}\ not found.
File G:\AutoRun.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{359937d0-61c0-11e0-a758-000b6b599375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{359937d0-61c0-11e0-a758-000b6b599375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{359937d0-61c0-11e0-a758-000b6b599375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{359937d0-61c0-11e0-a758-000b6b599375}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efbfedf0-0c2c-11e0-a6c2-000b6b599375}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efbfedf3-0c2c-11e0-a6c2-000b6b599375}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ef1a00-5dfe-11e1-a8e8-000e35c21fb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ef1a00-5dfe-11e1-a8e8-000e35c21fb0}\ not found.
File G:\RunClubSanDisk.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 756 bytes
->Temporary Internet Files folder emptied: 14353205 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Rainer
->Temp folder emptied: 4102302664 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 794156 bytes
->FireFox cache emptied: 50265172 bytes
->Flash cache emptied: 795 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2008652 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 2300928 bytes
Windows Temp folder emptied: 167139450 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4.138,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Rainer
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04172012_142709
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
17.04.2012, 15:30
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 16:00
| #11 |
| | Sophos hat Troj/Java-CN und Mal/Generic-L gefundenCode:
ATTFilter 16:52:38.0743 2224 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:52:39.0153 2224 ============================================================
16:52:39.0153 2224 Current date / time: 2012/04/17 16:52:39.0153
16:52:39.0153 2224 SystemInfo:
16:52:39.0153 2224
16:52:39.0153 2224 OS Version: 5.1.2600 ServicePack: 2.0
16:52:39.0153 2224 Product type: Workstation
16:52:39.0153 2224 ComputerName: MEDION95400
16:52:39.0153 2224 UserName: Rainer
16:52:39.0153 2224 Windows directory: C:\WINDOWS
16:52:39.0153 2224 System windows directory: C:\WINDOWS
16:52:39.0153 2224 Processor architecture: Intel x86
16:52:39.0153 2224 Number of processors: 1
16:52:39.0153 2224 Page size: 0x1000
16:52:39.0153 2224 Boot type: Normal boot
16:52:39.0153 2224 ============================================================
16:52:43.0600 2224 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:52:43.0640 2224 Drive \Device\Harddisk1\DR5 - Size: 0xF7C0000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:52:43.0640 2224 \Device\Harddisk0\DR0:
16:52:43.0670 2224 MBR used
16:52:43.0670 2224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5C9559C
16:52:43.0680 2224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5C9561A, BlocksNum 0x49C4FD0
16:52:43.0710 2224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xA65A629, BlocksNum 0x13BBAC9
16:52:43.0710 2224 \Device\Harddisk1\DR5:
16:52:43.0710 2224 MBR used
16:52:43.0710 2224 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7BDE0
16:52:43.0850 2224 Initialize success
16:52:43.0850 2224 ============================================================
16:53:32.0480 3904 ============================================================
16:53:32.0480 3904 Scan started
16:53:32.0480 3904 Mode: Manual; SigCheck; TDLFS;
16:53:32.0480 3904 ============================================================
16:53:33.0021 3904 3xHybrid (9730a1ff4283bd68b0927f9fd97cc757) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
16:53:34.0493 3904 3xHybrid - ok
16:53:34.0603 3904 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
16:53:36.0245 3904 61883 - ok
16:53:36.0326 3904 Abiosdsk - ok
16:53:36.0396 3904 abp480n5 - ok
16:53:36.0516 3904 acedrv10 (553ba53445795cbc0d4f9fa37eb855a6) C:\WINDOWS\system32\drivers\acedrv10.sys
16:53:36.0556 3904 acedrv10 - ok
16:53:36.0626 3904 acehlp10 (8ce00b6a46962a1808b19cd1dae5170c) C:\WINDOWS\system32\drivers\acehlp10.sys
16:53:36.0646 3904 acehlp10 - ok
16:53:36.0716 3904 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:53:36.0906 3904 ACPI - ok
16:53:36.0926 3904 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:53:37.0067 3904 ACPIEC - ok
16:53:37.0177 3904 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:53:37.0197 3904 AdobeFlashPlayerUpdateSvc - ok
16:53:37.0217 3904 adpu160m - ok
16:53:37.0287 3904 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
16:53:38.0148 3904 aec - ok
16:53:38.0258 3904 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
16:53:38.0288 3904 AFD - ok
16:53:38.0419 3904 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:53:38.0649 3904 AgereSoftModem - ok
16:53:38.0729 3904 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:53:38.0869 3904 agp440 - ok
16:53:38.0889 3904 Aha154x - ok
16:53:38.0909 3904 aic78u2 - ok
16:53:38.0929 3904 aic78xx - ok
16:53:39.0070 3904 ALCXWDM (4e0aca5290b2966f24c45250a56c2da1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:53:39.0510 3904 ALCXWDM - ok
16:53:39.0560 3904 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
16:53:39.0710 3904 Alerter - ok
16:53:39.0750 3904 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
16:53:39.0811 3904 ALG - ok
16:53:39.0821 3904 AliIde - ok
16:53:39.0841 3904 amsint - ok
16:53:39.0881 3904 AppMgmt (becd5328e7869807d6557be4fe60c72f) C:\WINDOWS\System32\appmgmts.dll
16:53:39.0951 3904 AppMgmt - ok
16:53:39.0991 3904 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:53:40.0151 3904 Arp1394 - ok
16:53:40.0191 3904 asc - ok
16:53:40.0211 3904 asc3350p - ok
16:53:40.0241 3904 asc3550 - ok
16:53:40.0371 3904 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:53:40.0421 3904 aspnet_state - ok
16:53:40.0462 3904 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:53:40.0612 3904 AsyncMac - ok
16:53:40.0662 3904 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:53:40.0792 3904 atapi - ok
16:53:40.0812 3904 Atdisk - ok
16:53:40.0872 3904 Ati HotKey Poller (040c487c63fef0de230539b5d5ce0641) C:\WINDOWS\system32\Ati2evxx.exe
16:53:40.0962 3904 Ati HotKey Poller - ok
16:53:41.0042 3904 ati2mtag (9bb016be998fbe484da76be470aa9c56) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:53:41.0143 3904 ati2mtag - ok
16:53:41.0223 3904 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:53:41.0363 3904 Atmarpc - ok
16:53:41.0433 3904 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
16:53:41.0563 3904 AudioSrv - ok
16:53:41.0603 3904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:53:41.0743 3904 audstub - ok
16:53:41.0793 3904 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
16:53:41.0914 3904 Avc - ok
16:53:41.0964 3904 AVEO (5b0dd6940188900a4f2681092efea6d2) C:\WINDOWS\system32\DRIVERS\AVEOdcnt.sys
16:53:41.0994 3904 AVEO ( UnsignedFile.Multi.Generic ) - warning
16:53:41.0994 3904 AVEO - detected UnsignedFile.Multi.Generic (1)
16:53:42.0044 3904 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:53:42.0084 3904 bcm4sbxp - ok
16:53:42.0174 3904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:53:42.0304 3904 Beep - ok
16:53:42.0434 3904 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe
16:53:42.0444 3904 bgsvcgen - ok
16:53:42.0494 3904 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
16:53:42.0785 3904 BITS - ok
16:53:42.0885 3904 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe
16:53:42.0935 3904 Brother XP spl Service - ok
16:53:42.0985 3904 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
16:53:43.0115 3904 Browser - ok
16:53:43.0195 3904 btaudio (5d0ba6d229996a5f640f571ad478e532) C:\WINDOWS\system32\drivers\btaudio.sys
16:53:43.0236 3904 btaudio ( UnsignedFile.Multi.Generic ) - warning
16:53:43.0236 3904 btaudio - detected UnsignedFile.Multi.Generic (1)
16:53:43.0296 3904 BTDriver (0cd9a9aadabe621b3872e54283cd4bee) C:\WINDOWS\system32\DRIVERS\btport.sys
16:53:43.0306 3904 BTDriver ( UnsignedFile.Multi.Generic ) - warning
16:53:43.0306 3904 BTDriver - detected UnsignedFile.Multi.Generic (1)
16:53:43.0346 3904 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:53:43.0466 3904 BthEnum - ok
16:53:43.0506 3904 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:53:43.0626 3904 BthPan - ok
16:53:43.0686 3904 BTHPORT (3a7a07b55adc58e2001537eb6e0a980d) C:\WINDOWS\system32\Drivers\BTHport.sys
16:53:43.0736 3904 BTHPORT - ok
16:53:43.0796 3904 BthServ (822d1875b12b6219cece1d221349cef4) C:\WINDOWS\System32\bthserv.dll
16:53:43.0916 3904 BthServ - ok
16:53:43.0957 3904 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:53:44.0087 3904 BTHUSB - ok
16:53:44.0207 3904 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:53:44.0347 3904 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0347 3904 BTKRNL - detected UnsignedFile.Multi.Generic (1)
16:53:44.0407 3904 BTSERIAL (ca33ae514a49105f2b6b9bd48c49d4de) C:\WINDOWS\system32\drivers\btserial.sys
16:53:44.0407 3904 BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0407 3904 BTSERIAL - detected UnsignedFile.Multi.Generic (1)
16:53:44.0427 3904 BTSLBCSP (2718bb436b801b32b3bce8b1ee23968d) C:\WINDOWS\system32\drivers\btslbcsp.sys
16:53:44.0507 3904 BTSLBCSP ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0517 3904 BTSLBCSP - detected UnsignedFile.Multi.Generic (1)
16:53:44.0628 3904 btwdins (14ed6f66e516ef4ba45052c232a2350c) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
16:53:44.0648 3904 btwdins ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0648 3904 btwdins - detected UnsignedFile.Multi.Generic (1)
16:53:44.0718 3904 BTWDNDIS (59a6c89408366364ad3d8ab66c771bd5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:53:44.0728 3904 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0728 3904 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
16:53:44.0808 3904 btwmodem (cb66cd60bd2e82507d9ec84d683d39ce) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
16:53:44.0828 3904 btwmodem ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0828 3904 btwmodem - detected UnsignedFile.Multi.Generic (1)
16:53:44.0928 3904 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys
16:53:44.0938 3904 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
16:53:44.0938 3904 BTWUSB - detected UnsignedFile.Multi.Generic (1)
16:53:45.0018 3904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:53:45.0158 3904 cbidf2k - ok
16:53:45.0238 3904 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:53:45.0369 3904 CCDECODE - ok
16:53:45.0379 3904 cd20xrnt - ok
16:53:45.0429 3904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:53:45.0569 3904 Cdaudio - ok
16:53:45.0629 3904 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:53:45.0739 3904 Cdfs - ok
16:53:45.0759 3904 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:53:45.0889 3904 Cdrom - ok
16:53:45.0909 3904 Changer - ok
16:53:45.0939 3904 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
16:53:46.0070 3904 CiSvc - ok
16:53:46.0300 3904 CLCapSvc (0138fdf9018056be2d59612dae2973d6) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
16:53:46.0300 3904 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
16:53:46.0300 3904 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
16:53:46.0420 3904 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
16:53:46.0530 3904 ClipSrv - ok
16:53:46.0670 3904 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:46.0741 3904 clr_optimization_v2.0.50727_32 - ok
16:53:46.0921 3904 CLSched (c19f7d72bf0aa6882cc8a00a826f00cb) C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
16:53:46.0941 3904 CLSched ( UnsignedFile.Multi.Generic ) - warning
16:53:46.0941 3904 CLSched - detected UnsignedFile.Multi.Generic (1)
16:53:47.0051 3904 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:53:47.0181 3904 CmBatt - ok
16:53:47.0211 3904 CmdIde - ok
16:53:47.0261 3904 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:53:47.0402 3904 Compbatt - ok
16:53:47.0452 3904 COMSysApp - ok
16:53:47.0482 3904 Cpqarray - ok
16:53:47.0572 3904 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programme\SystemRequirementsLab\cpudrv.sys
16:53:47.0582 3904 cpudrv - ok
16:53:47.0642 3904 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
16:53:47.0762 3904 CryptSvc - ok
16:53:47.0882 3904 CyberLink Media Library Service (2bb11cd367d49098d57a8638adb5bcf6) C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
16:53:47.0892 3904 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
16:53:47.0892 3904 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
16:53:47.0952 3904 dac2w2k - ok
16:53:47.0962 3904 dac960nt - ok
16:53:48.0042 3904 DcomLaunch (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
16:53:48.0223 3904 DcomLaunch - ok
16:53:48.0333 3904 Dhcp (7c4d218f9017725589adacab82beb0f8) C:\WINDOWS\System32\dhcpcsvc.dll
16:53:48.0403 3904 Dhcp - ok
16:53:48.0453 3904 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:53:48.0583 3904 Disk - ok
16:53:48.0623 3904 dmadmin - ok
16:53:48.0703 3904 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
16:53:48.0944 3904 dmboot - ok
16:53:48.0984 3904 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
16:53:49.0104 3904 dmio - ok
16:53:49.0144 3904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:53:49.0264 3904 dmload - ok
16:53:49.0334 3904 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
16:53:49.0454 3904 dmserver - ok
16:53:49.0505 3904 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:53:49.0625 3904 DMusic - ok
16:53:49.0685 3904 Dnscache (d20c5b5f0d8ac53ffec17ff9b1658a6e) C:\WINDOWS\System32\dnsrslvr.dll
16:53:49.0735 3904 Dnscache - ok
16:53:49.0745 3904 dpti2o - ok
16:53:49.0805 3904 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:53:49.0925 3904 drmkaud - ok
16:53:49.0985 3904 ehRecvr (27434c42a13c11f92ca45840b720d671) C:\WINDOWS\eHome\ehRecvr.exe
16:53:50.0065 3904 ehRecvr - ok
16:53:50.0125 3904 ehSched (fcd56d0506a5aad5e211701f1400597d) C:\WINDOWS\eHome\ehSched.exe
16:53:50.0196 3904 ehSched - ok
16:53:50.0276 3904 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
16:53:50.0386 3904 ERSvc - ok
16:53:50.0436 3904 Eventlog (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
16:53:50.0516 3904 Eventlog - ok
16:53:50.0656 3904 EventSystem (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll
16:53:50.0696 3904 EventSystem - ok
16:53:50.0887 3904 EvtEng (c37b83b51cdf10e5bb6f78a7e4fed11a) C:\Programme\Intel\WiFi\bin\EvtEng.exe
16:53:51.0257 3904 EvtEng - ok
16:53:51.0678 3904 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:53:51.0918 3904 Fastfat - ok
16:53:52.0218 3904 FastUserSwitchingCompatibility (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
16:53:52.0299 3904 FastUserSwitchingCompatibility - ok
16:53:52.0619 3904 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
16:53:52.0769 3904 Fdc - ok
16:53:52.0899 3904 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
16:53:53.0070 3904 Fips - ok
16:53:53.0180 3904 flash (112a2e11b27caa6c249feacf59e98bf6) C:\WINDOWS\system32\drivers\flash.sys
16:53:53.0230 3904 flash ( UnsignedFile.Multi.Generic ) - warning
16:53:53.0230 3904 flash - detected UnsignedFile.Multi.Generic (1)
16:53:53.0330 3904 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:53:53.0500 3904 Flpydisk - ok
16:53:53.0590 3904 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:53:53.0691 3904 FltMgr - ok
16:53:53.0841 3904 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:53.0851 3904 FontCache3.0.0.0 - ok
16:53:53.0931 3904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:53:54.0051 3904 Fs_Rec - ok
16:53:54.0121 3904 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:53:54.0291 3904 Ftdisk - ok
16:53:54.0382 3904 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:53:54.0502 3904 Gpc - ok
16:53:54.0622 3904 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
16:53:54.0632 3904 gupdate - ok
16:53:54.0652 3904 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
16:53:54.0662 3904 gupdatem - ok
16:53:54.0722 3904 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
16:53:54.0732 3904 gusvc - ok
16:53:54.0852 3904 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:53:54.0972 3904 helpsvc - ok
16:53:55.0042 3904 HidServ (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
16:53:55.0163 3904 HidServ - ok
16:53:55.0233 3904 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:53:55.0363 3904 HidUsb - ok
16:53:55.0443 3904 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
16:53:55.0463 3904 Hotkey ( UnsignedFile.Multi.Generic ) - warning
16:53:55.0463 3904 Hotkey - detected UnsignedFile.Multi.Generic (1)
16:53:55.0503 3904 hpn - ok
16:53:55.0573 3904 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
16:53:55.0633 3904 HTTP - ok
16:53:55.0683 3904 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
16:53:55.0794 3904 HTTPFilter - ok
16:53:55.0864 3904 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
16:53:55.0924 3904 hwdatacard - ok
16:53:55.0954 3904 i2omgmt - ok
16:53:55.0974 3904 i2omp - ok
16:53:56.0034 3904 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:53:56.0224 3904 i8042prt - ok
16:53:56.0404 3904 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:56.0455 3904 idsvc - ok
16:53:56.0545 3904 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:53:56.0665 3904 Imapi - ok
16:53:56.0725 3904 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
16:53:56.0885 3904 ImapiService - ok
16:53:56.0905 3904 ini910u - ok
16:53:56.0955 3904 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:53:57.0075 3904 IntelIde - ok
16:53:57.0135 3904 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:53:57.0256 3904 intelppm - ok
16:53:57.0296 3904 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:53:57.0416 3904 Ip6Fw - ok
16:53:57.0466 3904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:53:57.0576 3904 IpFilterDriver - ok
16:53:57.0616 3904 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:53:57.0736 3904 IpInIp - ok
16:53:57.0816 3904 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:53:58.0057 3904 IpNat - ok
16:53:58.0157 3904 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:53:58.0307 3904 IPSec - ok
16:53:58.0367 3904 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
16:53:58.0427 3904 irda - ok
16:53:58.0487 3904 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:53:58.0548 3904 IRENUM - ok
16:53:58.0608 3904 Irmon (5ab3bad0aad5ebba5359a02bcc4f80f8) C:\WINDOWS\System32\irmon.dll
16:53:58.0668 3904 Irmon - ok
16:53:58.0718 3904 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:53:58.0848 3904 isapnp - ok
16:53:59.0018 3904 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Programme\Java\jre6\bin\jqs.exe
16:53:59.0038 3904 JavaQuickStarterService - ok
16:53:59.0128 3904 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:53:59.0259 3904 Kbdclass - ok
16:53:59.0309 3904 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:53:59.0429 3904 kbdhid - ok
16:53:59.0479 3904 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
16:53:59.0569 3904 kmixer - ok
16:53:59.0629 3904 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
16:53:59.0719 3904 KSecDD - ok
16:53:59.0769 3904 lanmanserver (2865fa4ed4471929881c053a6e5a85f6) C:\WINDOWS\System32\srvsvc.dll
16:53:59.0809 3904 lanmanserver - ok
16:53:59.0879 3904 lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll
16:53:59.0970 3904 lanmanworkstation - ok
16:53:59.0980 3904 lbrtfdc - ok
16:54:00.0050 3904 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
16:54:00.0240 3904 LmHosts - ok
16:54:00.0260 3904 mailKmd - ok
16:54:00.0320 3904 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:54:00.0370 3904 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
16:54:00.0370 3904 MarvinBus - detected UnsignedFile.Multi.Generic (1)
16:54:00.0420 3904 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
16:54:00.0550 3904 Messenger - ok
16:54:00.0590 3904 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
16:54:00.0610 3904 MHN - ok
16:54:00.0631 3904 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:54:00.0661 3904 MHNDRV - ok
16:54:00.0711 3904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:54:00.0821 3904 mnmdd - ok
16:54:00.0861 3904 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
16:54:00.0991 3904 mnmsrvc - ok
16:54:01.0051 3904 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
16:54:01.0161 3904 Modem - ok
16:54:01.0211 3904 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:54:01.0322 3904 Mouclass - ok
16:54:01.0652 3904 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:54:01.0782 3904 mouhid - ok
16:54:01.0862 3904 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:54:01.0972 3904 MountMgr - ok
16:54:02.0033 3904 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:54:02.0223 3904 MPE - ok
16:54:02.0243 3904 mraid35x - ok
16:54:02.0283 3904 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:54:02.0343 3904 MRxDAV - ok
16:54:02.0413 3904 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:54:02.0493 3904 MRxSmb - ok
16:54:02.0523 3904 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
16:54:02.0643 3904 MSDTC - ok
16:54:02.0693 3904 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:54:02.0814 3904 MSDV - ok
16:54:02.0864 3904 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:54:03.0004 3904 Msfs - ok
16:54:03.0014 3904 MSIServer - ok
16:54:03.0074 3904 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:54:03.0184 3904 MSKSSRV - ok
16:54:03.0204 3904 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:54:03.0324 3904 MSPCLOCK - ok
16:54:03.0334 3904 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:54:03.0475 3904 MSPQM - ok
16:54:03.0535 3904 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:54:03.0655 3904 mssmbios - ok
16:54:03.0715 3904 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
16:54:03.0825 3904 MSTEE - ok
16:54:03.0875 3904 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:54:03.0995 3904 Mup - ok
16:54:04.0055 3904 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
16:54:04.0065 3904 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
16:54:04.0065 3904 MxlW2k - detected UnsignedFile.Multi.Generic (1)
16:54:04.0106 3904 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:54:04.0296 3904 NABTSFEC - ok
16:54:04.0356 3904 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:54:04.0476 3904 NDIS - ok
16:54:04.0516 3904 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:54:04.0626 3904 NdisIP - ok
16:54:04.0676 3904 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:54:04.0797 3904 NdisTapi - ok
16:54:04.0847 3904 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:54:04.0897 3904 Ndisuio - ok
16:54:04.0937 3904 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:54:05.0077 3904 NdisWan - ok
16:54:05.0107 3904 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:54:05.0227 3904 NDProxy - ok
16:54:05.0267 3904 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:54:05.0377 3904 NetBIOS - ok
16:54:05.0427 3904 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:54:05.0548 3904 NetBT - ok
16:54:05.0578 3904 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
16:54:05.0708 3904 NetDDE - ok
16:54:05.0718 3904 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
16:54:05.0838 3904 NetDDEdsdm - ok
16:54:05.0878 3904 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
16:54:05.0978 3904 Netlogon - ok
16:54:06.0018 3904 Netman (1e5218fbe323c375b488318950e10fb4) C:\WINDOWS\System32\netman.dll
16:54:06.0078 3904 Netman - ok
16:54:06.0239 3904 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:54:06.0249 3904 NetTcpPortSharing - ok
16:54:06.0339 3904 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:54:06.0469 3904 NIC1394 - ok
16:54:06.0569 3904 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
16:54:06.0639 3904 Nla - ok
16:54:06.0679 3904 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\WINDOWS\system32\drivers\ccdcmb.sys
16:54:06.0880 3904 nmwcd - ok
16:54:06.0980 3904 nmwcdc (7312987b6ccde6f6cee32c14bed1ca2e) C:\WINDOWS\system32\drivers\ccdcmbo.sys
16:54:07.0060 3904 nmwcdc - ok
16:54:07.0100 3904 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
16:54:07.0190 3904 nmwcdnsu - ok
16:54:07.0230 3904 nmwcdnsuc (faee7b61c6885b091cec1ff06da2e1ab) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
16:54:07.0290 3904 nmwcdnsuc - ok
16:54:07.0350 3904 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:54:07.0470 3904 Npfs - ok
16:54:07.0510 3904 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
16:54:07.0581 3904 NSCIRDA - ok
16:54:07.0651 3904 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
16:54:07.0741 3904 Ntfs - ok
16:54:07.0781 3904 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
16:54:07.0891 3904 NtLmSsp - ok
16:54:07.0961 3904 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
16:54:08.0161 3904 NtmsSvc - ok
16:54:08.0251 3904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:54:08.0362 3904 Null - ok
16:54:08.0402 3904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:54:08.0522 3904 NwlnkFlt - ok
16:54:08.0542 3904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:54:08.0682 3904 NwlnkFwd - ok
16:54:08.0722 3904 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:54:08.0822 3904 ohci1394 - ok
16:54:08.0932 3904 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:54:08.0942 3904 ose - ok
16:54:09.0043 3904 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
16:54:09.0163 3904 Parport - ok
16:54:09.0223 3904 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:54:09.0333 3904 PartMgr - ok
16:54:09.0383 3904 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:54:09.0503 3904 ParVdm - ok
16:54:09.0563 3904 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:54:09.0593 3904 pccsmcfd - ok
16:54:09.0643 3904 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
16:54:09.0774 3904 PCI - ok
16:54:09.0794 3904 PCIDump - ok
16:54:09.0824 3904 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:54:09.0964 3904 PCIIde - ok
16:54:09.0994 3904 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:54:10.0154 3904 Pcmcia - ok
16:54:10.0224 3904 PDCOMP - ok
16:54:10.0344 3904 PDFRAME - ok
16:54:10.0415 3904 PDRELI - ok
16:54:10.0435 3904 PDRFRAME - ok
16:54:10.0455 3904 perc2 - ok
16:54:10.0475 3904 perc2hib - ok
16:54:10.0545 3904 PlugPlay (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
16:54:10.0585 3904 PlugPlay - ok
16:54:10.0625 3904 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
16:54:10.0725 3904 PolicyAgent - ok
16:54:10.0755 3904 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:54:10.0875 3904 PptpMiniport - ok
16:54:10.0895 3904 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
16:54:11.0005 3904 ProtectedStorage - ok
16:54:11.0025 3904 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:54:11.0136 3904 PSched - ok
16:54:11.0166 3904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:54:11.0276 3904 Ptilink - ok
16:54:11.0346 3904 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:54:11.0356 3904 PxHelp20 - ok
16:54:11.0366 3904 ql1080 - ok
16:54:11.0386 3904 Ql10wnt - ok
16:54:11.0406 3904 ql12160 - ok
16:54:11.0436 3904 ql1240 - ok
16:54:11.0456 3904 ql1280 - ok
16:54:11.0526 3904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:54:11.0636 3904 RasAcd - ok
16:54:11.0676 3904 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
16:54:11.0817 3904 RasAuto - ok
16:54:11.0887 3904 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:54:11.0937 3904 Rasirda - ok
16:54:11.0967 3904 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:54:12.0097 3904 Rasl2tp - ok
16:54:12.0157 3904 RasMan (ffc8343b35fb2df01a5767748efa5b58) C:\WINDOWS\System32\rasmans.dll
16:54:12.0277 3904 RasMan - ok
16:54:12.0387 3904 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:54:12.0508 3904 RasPppoe - ok
16:54:12.0568 3904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:54:12.0678 3904 Raspti - ok
16:54:12.0728 3904 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:54:12.0788 3904 Rdbss - ok
16:54:12.0818 3904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:54:12.0938 3904 RDPCDD - ok
16:54:12.0998 3904 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:54:13.0128 3904 rdpdr - ok
16:54:13.0179 3904 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
16:54:13.0239 3904 RDPWD - ok
16:54:13.0309 3904 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
16:54:13.0429 3904 RDSessMgr - ok
16:54:13.0459 3904 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:54:13.0589 3904 redbook - ok
16:54:13.0729 3904 RegSrvc (c96980cccf84329824623b0b50383703) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
16:54:13.0759 3904 RegSrvc - ok
16:54:13.0910 3904 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
16:54:14.0020 3904 RemoteAccess - ok
16:54:14.0090 3904 RemoteRegistry (ae81cf7d7cfa79cd03e8fb99788a7e09) C:\WINDOWS\system32\regsvc.dll
16:54:14.0270 3904 RemoteRegistry - ok
16:54:14.0350 3904 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:54:14.0470 3904 RFCOMM - ok
16:54:14.0561 3904 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:54:14.0671 3904 ROOTMODEM - ok
16:54:14.0711 3904 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
16:54:14.0821 3904 RpcLocator - ok
16:54:14.0901 3904 RpcSs (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
16:54:15.0001 3904 RpcSs - ok
16:54:15.0051 3904 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
16:54:15.0161 3904 RSVP - ok
16:54:15.0312 3904 S24EventMonitor (0fcb7eeb0e81a777735a5af185f56c2b) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
16:54:15.0412 3904 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
16:54:15.0412 3904 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
16:54:15.0512 3904 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:54:15.0542 3904 s24trans - ok
16:54:15.0582 3904 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
16:54:15.0692 3904 SamSs - ok
16:54:15.0852 3904 SAVAdminService (a8683c9a82a4b5ecb4cd44c867bd79f2) c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
16:54:15.0862 3904 SAVAdminService - ok
16:54:16.0003 3904 SAVOnAccessControl (4f5b28e160e3037d373b863b3b714206) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
16:54:16.0043 3904 SAVOnAccessControl - ok
16:54:16.0083 3904 SAVOnAccessFilter (7ea62c66bbc7c52bac9f6cac9ddc7ff3) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
16:54:16.0103 3904 SAVOnAccessFilter - ok
16:54:16.0243 3904 SAVService (5762aac0451e319d4c649fcc9b8540aa) c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
16:54:16.0253 3904 SAVService - ok
16:54:16.0353 3904 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
16:54:16.0483 3904 SCardSvr - ok
16:54:16.0543 3904 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
16:54:16.0674 3904 Schedule - ok
16:54:16.0764 3904 sdbus (ebe9897eb74c5270f65bdb4164f7fc8a) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:54:16.0804 3904 sdbus - ok
16:54:16.0894 3904 sdcfilter (4f21774e1259a546b992d9eaacdfd778) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
16:54:16.0904 3904 sdcfilter - ok
16:54:17.0014 3904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:54:17.0074 3904 Secdrv - ok
16:54:17.0114 3904 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
16:54:17.0244 3904 seclogon - ok
16:54:17.0284 3904 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
16:54:17.0395 3904 SENS - ok
16:54:17.0465 3904 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
16:54:17.0585 3904 Serial - ok
16:54:17.0725 3904 ServiceLayer (12b41d84a4d058adc60853c365dbfcca) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
16:54:17.0785 3904 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
16:54:17.0785 3904 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
16:54:17.0865 3904 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:54:17.0975 3904 Sfloppy - ok
16:54:18.0046 3904 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
16:54:18.0216 3904 SharedAccess - ok
16:54:18.0296 3904 ShellHWDetection (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
16:54:18.0306 3904 ShellHWDetection - ok
16:54:18.0326 3904 Simbad - ok
16:54:18.0386 3904 SKMScan (e407a8eea2fd4bf560c05c0ebf1793b3) C:\WINDOWS\system32\DRIVERS\skmscan.sys
16:54:18.0396 3904 SKMScan - ok
16:54:18.0456 3904 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:54:18.0576 3904 SLIP - ok
16:54:18.0707 3904 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe
16:54:18.0727 3904 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
16:54:18.0727 3904 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
16:54:18.0837 3904 Sophos AutoUpdate Service (7acb40f3c5f229964a4c143b0bcddbe9) c:\Programme\Sophos\AutoUpdate\ALsvc.exe
16:54:18.0847 3904 Sophos AutoUpdate Service - ok
16:54:18.0957 3904 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
16:54:18.0997 3904 SophosBootDriver - ok
16:54:19.0037 3904 Sparrow - ok
16:54:19.0097 3904 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
16:54:19.0177 3904 splitter - ok
16:54:19.0237 3904 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
16:54:19.0287 3904 Spooler - ok
16:54:19.0377 3904 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\System32\Drivers\sptd.sys
16:54:19.0408 3904 sptd - ok
16:54:19.0458 3904 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
16:54:19.0528 3904 sr - ok
16:54:19.0568 3904 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
16:54:19.0638 3904 srservice - ok
16:54:19.0708 3904 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
16:54:19.0788 3904 Srv - ok
16:54:19.0848 3904 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
16:54:19.0918 3904 SSDPSRV - ok
16:54:20.0078 3904 StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
16:54:20.0109 3904 StarMoney 7.0 OnlineUpdate - ok
16:54:20.0279 3904 stisvc (25e9b30af1fa1b9af1853577f39ff20b) C:\WINDOWS\system32\wiaservc.dll
16:54:20.0349 3904 stisvc - ok
16:54:20.0409 3904 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:54:20.0529 3904 streamip - ok
16:54:20.0589 3904 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:54:20.0699 3904 swenum - ok
16:54:20.0990 3904 swi_service (ed7595b4c895f951ac115d598acec07f) c:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
16:54:21.0420 3904 swi_service - ok
16:54:21.0611 3904 swi_update (13ae7d95a6aa6fb31c7c89b51d4c9ac0) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_update.exe
16:54:22.0242 3904 swi_update - ok
16:54:22.0382 3904 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:54:22.0502 3904 swmidi - ok
16:54:22.0542 3904 SwPrv - ok
16:54:22.0562 3904 symc810 - ok
16:54:22.0582 3904 symc8xx - ok
16:54:22.0592 3904 sym_hi - ok
16:54:22.0612 3904 sym_u3 - ok
16:54:22.0652 3904 SynTP (1a8e6b04907687a8eed75c8031b679fd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:54:22.0712 3904 SynTP - ok
16:54:22.0752 3904 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:54:22.0873 3904 sysaudio - ok
16:54:22.0913 3904 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
16:54:23.0043 3904 SysmonLog - ok
16:54:23.0073 3904 TapiSrv (427d7eb3b453347082c8f4b370065d60) C:\WINDOWS\System32\tapisrv.dll
16:54:23.0133 3904 TapiSrv - ok
16:54:23.0203 3904 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:54:23.0283 3904 Tcpip - ok
16:54:23.0333 3904 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:54:23.0443 3904 TDPIPE - ok
16:54:23.0473 3904 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:54:23.0584 3904 TDTCP - ok
16:54:23.0644 3904 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:54:23.0764 3904 TermDD - ok
16:54:23.0814 3904 TermService (a0e72e14b0e12b9aa3648fdb31bde332) C:\WINDOWS\System32\termsrv.dll
16:54:23.0884 3904 TermService - ok
16:54:24.0004 3904 Themes (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
16:54:24.0024 3904 Themes - ok
16:54:24.0104 3904 tifm21 (1154850749ecd019972d901ea6c6950c) C:\WINDOWS\system32\drivers\tifm21.sys
16:54:24.0194 3904 tifm21 - ok
16:54:24.0285 3904 TlntSvr (58708746b8267033e5cf2b29659e7f74) C:\WINDOWS\system32\tlntsvr.exe
16:54:24.0375 3904 TlntSvr - ok
16:54:24.0425 3904 TosIde - ok
16:54:24.0525 3904 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
16:54:24.0665 3904 TrkWks - ok
16:54:24.0725 3904 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:54:24.0845 3904 Udfs - ok
16:54:24.0885 3904 ultra - ok
16:54:24.0986 3904 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:54:25.0066 3904 UMWdf - ok
16:54:25.0286 3904 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
16:54:25.0626 3904 Update - ok
16:54:25.0997 3904 upnphost (855790c1baced245a6b210af430ed17b) C:\WINDOWS\System32\upnphost.dll
16:54:26.0057 3904 upnphost - ok
16:54:26.0167 3904 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
16:54:26.0297 3904 upperdev - ok
16:54:26.0358 3904 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
16:54:26.0488 3904 UPS - ok
16:54:26.0558 3904 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:54:26.0668 3904 usbccgp - ok
16:54:26.0738 3904 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:54:26.0848 3904 usbehci - ok
16:54:26.0878 3904 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:54:26.0988 3904 usbhub - ok
16:54:27.0038 3904 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:54:27.0159 3904 usbprint - ok
16:54:27.0209 3904 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
16:54:27.0339 3904 usbser - ok
16:54:27.0409 3904 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
16:54:27.0499 3904 UsbserFilt - ok
16:54:27.0549 3904 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:54:27.0669 3904 USBSTOR - ok
16:54:27.0729 3904 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:54:27.0850 3904 usbuhci - ok
16:54:27.0900 3904 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:54:28.0010 3904 VgaSave - ok
16:54:28.0030 3904 ViaIde - ok
16:54:28.0060 3904 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
16:54:28.0230 3904 VolSnap - ok
16:54:28.0410 3904 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
16:54:28.0501 3904 VSS - ok
16:54:28.0641 3904 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
16:54:28.0861 3904 w29n51 - ok
16:54:28.0961 3904 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
16:54:29.0081 3904 W32Time - ok
16:54:29.0132 3904 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:54:29.0242 3904 Wanarp - ok
16:54:29.0282 3904 Wbutton - ok
16:54:29.0342 3904 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:54:29.0372 3904 Wdf01000 - ok
16:54:29.0392 3904 WDICA - ok
16:54:29.0442 3904 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
16:54:29.0522 3904 wdmaud - ok
16:54:29.0562 3904 WebClient (879ecb9a5f14a03960b84edb7207a051) C:\WINDOWS\System32\webclnt.dll
16:54:29.0632 3904 WebClient - ok
16:54:29.0702 3904 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:54:29.0833 3904 winmgmt - ok
16:54:29.0963 3904 WinVNC4 (1a749d1de58a850f20930c34f03bc840) C:\Programme\RealVNC\VNC4\winvnc4.exe
16:54:30.0023 3904 WinVNC4 - ok
16:54:30.0113 3904 WMConnectCDS (f2e9fcb970d02e1647e185da1d2e3ca9) C:\Programme\Windows Media Connect 2\wmccds.exe
16:54:30.0233 3904 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
16:54:30.0233 3904 WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
16:54:30.0373 3904 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
16:54:30.0413 3904 WmdmPmSN - ok
16:54:30.0524 3904 Wmi (80d811741505365b79cbdb1254d5c98b) C:\WINDOWS\System32\advapi32.dll
16:54:30.0654 3904 Wmi - ok
16:54:30.0744 3904 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:54:30.0864 3904 WmiApSrv - ok
16:54:30.0934 3904 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:54:30.0954 3904 WpdUsb - ok
16:54:31.0034 3904 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
16:54:31.0144 3904 wscsvc - ok
16:54:31.0204 3904 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:54:31.0335 3904 WSTCODEC - ok
16:54:31.0405 3904 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
16:54:31.0515 3904 wuauserv - ok
16:54:31.0615 3904 WZCSVC (0acbe3e992d0becb6cef7e80a3edf2ae) C:\WINDOWS\System32\wzcsvc.dll
16:54:31.0745 3904 WZCSVC - ok
16:54:31.0835 3904 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
16:54:31.0835 3904 x10nets ( UnsignedFile.Multi.Generic ) - warning
16:54:31.0835 3904 x10nets - detected UnsignedFile.Multi.Generic (1)
16:54:31.0926 3904 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
16:54:32.0046 3904 xmlprov - ok
16:54:32.0116 3904 XUIF (93692d6b2fcbb63f517642048f5295fb) C:\WINDOWS\system32\Drivers\x10ufx2.sys
16:54:32.0166 3904 XUIF - ok
16:54:32.0296 3904 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:54:32.0566 3904 \Device\Harddisk0\DR0 - ok
16:54:32.0576 3904 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR5
16:54:36.0542 3904 \Device\Harddisk1\DR5 - ok
16:54:36.0552 3904 Boot (0x1200) (13a03b442460d6644556a306b33d71b8) \Device\Harddisk0\DR0\Partition0
16:54:36.0552 3904 \Device\Harddisk0\DR0\Partition0 - ok
16:54:36.0582 3904 Boot (0x1200) (dcf570852afccd17a5dfb00dbbecea3d) \Device\Harddisk0\DR0\Partition1
16:54:36.0582 3904 \Device\Harddisk0\DR0\Partition1 - ok
16:54:36.0612 3904 Boot (0x1200) (2ca6eaf431345917953af17774b5ac35) \Device\Harddisk0\DR0\Partition2
16:54:36.0612 3904 \Device\Harddisk0\DR0\Partition2 - ok
16:54:36.0622 3904 Boot (0x1200) (f817c3f1a53e98c0a7d256566741a495) \Device\Harddisk1\DR5\Partition0
16:54:36.0622 3904 \Device\Harddisk1\DR5\Partition0 - ok
16:54:36.0622 3904 ============================================================
16:54:36.0622 3904 Scan finished
16:54:36.0622 3904 ============================================================
16:54:36.0772 2736 Detected object count: 22
16:54:36.0772 2736 Actual detected object count: 22
16:58:48.0665 2736 AVEO ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0665 2736 AVEO ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0665 2736 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0665 2736 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0675 2736 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0675 2736 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0675 2736 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0675 2736 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0675 2736 BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0675 2736 BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0675 2736 BTSLBCSP ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0675 2736 BTSLBCSP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0685 2736 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0685 2736 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0685 2736 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0685 2736 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0685 2736 btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0685 2736 btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0685 2736 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0685 2736 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0695 2736 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0695 2736 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0695 2736 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0695 2736 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0695 2736 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0695 2736 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0705 2736 flash ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0705 2736 flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0705 2736 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0705 2736 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0715 2736 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0715 2736 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0715 2736 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0715 2736 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0715 2736 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0715 2736 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0715 2736 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0715 2736 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0725 2736 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0725 2736 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0725 2736 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0725 2736 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:48.0725 2736 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:48.0725 2736 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.04.2012, 16:06
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 18:38
| #13 |
| | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden ComboFix hat nach Fertiggestellt Stufe_50 noch: Code:
ATTFilter System file is infected !! Attempting to restore
"C:\WINDOWS\system32\winlogon.exe"
Dann kam ein Fenster, dass er nichts gefunden hat und einen intensiven Scan (oder so ähnlich) durchführen will und ich habe OK geklickt... Jetzt passiert nichts mehr - zumindest ändert sich nichts an dem AutoScan Fenster von ComboFix. Kann ich das Fenster einfach schließen oder soll ich warten? |
|
17.04.2012, 19:04
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Wie lange ist dieses Fenster da so schon?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2012, 19:05
| #15 |
| | Sophos hat Troj/Java-CN und Mal/Generic-L gefunden Nachdem ich auf OK geklickt habe seit ca. 30 Minuten ohne eine Änderung und da die HDD LED auch keine Aktivität zeigt, scheint es nichts zu tun... |
|
| Themen zu Sophos hat Troj/Java-CN und Mal/Generic-L gefunden |
| adobe, dateien, einstellungen, excel, explorer, firefox, google, google earth, home, html, mal/generic-l, monitor, mozilla, notebook, pdf, plug-in, programme, realplayer, rundll, senden, software, sophos, starmoney, svchost, system, temp, usb, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
