|
Plagegeister aller Art und deren Bekämpfung: Extreme Internet/RechnerverlangsamungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.05.2012, 17:11 | #1 |
| Extreme Internet/Rechnerverlangsamung Guten Tag, ich entschuldige mich hiermit im Voraus für alle formalen Fehler, die ich hier begehe/begehen werde. Da ich neu bin ist mir hier der genaue Ablauf nicht 100% bekannt. Ich versuche nun die Situation zu beschreiben: Zunächst ist mir der genaue Zeitpunkt des Eintretens und das Wie/Was unbekannt, da ich leider übers Wochenende nicht zuhause war und den genauen Werdegang nicht nachvollziehen kann ( da Verwandter am Rechner war). Fazit mit folgenden Symptomen ist: 1) Ein extrem verlangsamter, teilweise eingefrorener Rechner 2) Ein extrem verlangsamtes, teilweise abbrechendes Internet Antivir drüberlaufen lassen, aber 'EXP/Java.Blacole.CZ' [exploit] war das einzige, was gefunden wurde. Problem besteht weiterhin. Ich schätze, ich werde hier versch. Logs posten müssen. Es wäre freundlich, wenn ihr kurz einen DL-Link in eure Posts einfügen würdet, da sich die Suche mit meinem Inet gerade als etwas "schwierig" erweist. Danke fürs Verständnis.. mfg 1. Scan mit mbam Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: ACER-F5DADEF16C [Administrator] 21.05.2012 18:28:44 mbam-log-2012-05-21 (18-40-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244716 Laufzeit: 11 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_for_aol.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\538078.Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. (Ende) Danach meldete sich auch plötzlich avira 2x : In der Datei 'C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_for_aol.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Datei löschen In der Datei 'C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\538078.Uninstall\Uninstall.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Datei löschen 2. Scan drüberlaufen lassen Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: ACER-F5DADEF16C [Administrator] 21.05.2012 18:49:15 mbam-log-2012-05-21 (18-49-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244551 Laufzeit: 11 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von BraucheHilf (21.05.2012 um 18:06 Uhr) |
21.05.2012, 19:43 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
23.05.2012, 15:23 | #3 |
| Extreme Internet/RechnerverlangsamungCode:
ATTFilter # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-21 09:26:07 # local_time=2012-05-21 11:26:07 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775141 100 100 37761 113150351 31156 0 # compatibility_mode=8192 67108863 100 0 473 473 0 0 # scanned=12915 # found=0 # cleaned=0 # scan_time=523 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=980e2cdd60721b4f8310ebe5aad30622 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-23 02:19:23 # local_time=2012-05-23 04:19:23 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775141 100 100 180021 113292611 173416 0 # compatibility_mode=8192 67108863 100 0 142733 142733 0 0 # scanned=158408 # found=7 # cleaned=0 # scan_time=5457 C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\aTube_Catcher_Installer.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\A56E4DA7-BAB0-7891-9508-56FD958CA7ED\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\ICReinstall\Facemoods.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\is1293846689\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Programme\Ocean Technologies & Media\GG E-Sports Platform\plugins\FixedUpdatePlugin.dll probably a variant of Win32/TrojanDownloader.Agent.JOPAUPF trojan (unable to clean) 00000000000000000000000000000000 I D:\Eigene Dateien\HL2_UK\Steam.dll.bak probably a variant of Win32/Agent.JBGSCWH trojan (unable to clean) 00000000000000000000000000000000 I mfg |
23.05.2012, 20:00 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2012, 20:35 | #5 |
| Extreme Internet/Rechnerverlangsamung OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 21:20:54 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 631,25 Mb Available Physical Memory | 61,68% Memory free 2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,27% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,91 Gb Total Space | 20,18 Gb Free Space | 21,49% Space Free | Partition Type: NTFS Drive D: | 92,38 Gb Total Space | 59,34 Gb Free Space | 64,23% Space Free | Partition Type: FAT32 Computer Name: ACER-F5DADEF16C | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.23 21:19:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe PRC - [2009.08.05 15:32:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008.02.01 04:00:54 | 003,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\postgres.exe PRC - [2004.11.09 22:36:02 | 000,497,240 | ---- | M] (America Online, Inc) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe PRC - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe PRC - [2003.06.17 17:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe ========== Modules (No Company Name) ========== MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.10.14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2009.01.28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2005.08.05 15:26:04 | 000,239,104 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll MOD - [2005.08.05 15:26:04 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax MOD - [2005.08.05 15:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax MOD - [2005.08.05 14:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax MOD - [2005.08.05 14:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax MOD - [2004.11.09 21:36:12 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\aol\ACS\DE\DialerRes.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.05.21 21:40:19 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009.08.05 15:32:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2005.06.21 00:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- I:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010.09.04 15:10:53 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\PRFCC8.tmp -- (GarenaPEngine) DRV - [2010.01.30 13:41:21 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2007.04.10 13:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.06 18:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.06.13 20:09:14 | 000,969,728 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.01.25 07:56:47 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\krdpdre.sys -- (krdpdre) DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=a0ed97790000000000000019dbc2cad6 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=30d11c04-714e-49fc-b675-c4596f09a4f5&apn_sauid=0A4B73D3-1F66-4D8B-94DD-DD0187EA0C7F IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Programme\Octoshape Streaming Services\Besitzer\octoprogram-L03-NMS1010120_SUA_001\npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.21 23:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.11 15:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2012.05.21 18:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\extensions [2012.04.11 15:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.21 21:40:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.21 21:40:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.21 17:44:43 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.05.21 21:40:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.05.21 21:40:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.05.21 21:40:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.21 21:40:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.21 21:40:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (America Online, Inc) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF18D33F-54F0-4846-9CAB-A38BFE1176F5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.02.14 14:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "RichVideo" MsConfig - Services: "LightScribeService" MsConfig - Services: "Browser Defender Update Service" MsConfig - Services: "sdCoreService" MsConfig - Services: "sdAuxService" MsConfig - Services: "Brother XP spl Service" MsConfig - Services: "SkypeUpdate" MsConfig - Services: "SystemStore" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe - (Brother Industries, Ltd.) MsConfig - StartUpFolder: C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk - C:\Programme\AOL 9.0\aoltray.exe - (America Online, Inc.) MsConfig - StartUpFolder: C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: ApnUpdater - hkey= - key= - File not found MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DVDTray - hkey= - key= - C:\Programme\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company) MsConfig - StartUpReg: DW6 - hkey= - key= - File not found MsConfig - StartUpReg: Guard.Mail.ru.gui - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: ISTray - hkey= - key= - File not found MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe () MsConfig - StartUpReg: Performance Center - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: RealTray - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 1 MsConfig - State: "win.ini" - 2 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - lhacm.acm File not found Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 21:19:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.05.23 20:57:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\58 [2012.05.21 23:45:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\You've Got Pictures Screensaver [2012.05.21 23:45:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache [2012.05.21 23:45:08 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe [2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime [2012.05.21 23:43:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AOL [2012.05.21 23:43:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\aolshare [2012.05.21 23:43:29 | 000,000,000 | ---D | C] -- C:\Programme\AOL 9.0 [2012.05.21 23:09:31 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.05.21 21:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.05.21 21:40:23 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.05.21 20:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Simply Super Software [2012.05.21 18:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.21 18:17:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.21 18:17:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.21 17:44:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon [2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon [2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.05.21 09:36:59 | 000,000,000 | ---D | C] -- C:\Programme\Freemium [2012.05.11 14:34:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\TubeBox [2012.05.11 14:32:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox [2012.05.11 14:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemium TubeBox [2012.05.11 14:31:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [14 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.23 21:19:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.05.23 20:58:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.05.23 20:58:43 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.23 17:42:35 | 000,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.05.23 17:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.23 17:40:56 | 000,000,209 | ---- | M] () -- C:\boot.ini [2012.05.23 13:42:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.21 23:45:28 | 000,000,725 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk [2012.05.21 23:45:17 | 000,000,574 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AOL 9.0.lnk [2012.05.21 23:37:12 | 000,051,750 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wklnhst.dat [2012.05.21 17:45:00 | 000,000,237 | ---- | M] () -- C:\user.js [2012.05.21 12:54:09 | 000,000,006 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2012.05.21 09:38:54 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.17 01:32:54 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini [2012.05.10 00:05:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.05.09 23:59:03 | 000,528,964 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.09 23:59:03 | 000,504,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.09 23:59:03 | 000,106,428 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.09 23:59:03 | 000,088,914 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [14 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.21 23:45:17 | 000,000,574 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AOL 9.0.lnk [2012.05.21 17:44:59 | 000,000,237 | ---- | C] () -- C:\user.js [2012.05.21 10:49:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2012.02.16 18:54:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.13 01:36:36 | 000,223,446 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.11.12 18:02:15 | 000,421,475 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1214440339-484763869-839522115-1003-0.dat [2011.05.27 14:18:36 | 000,045,202 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\room_v3.dat [2011.04.16 15:06:59 | 000,046,658 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\room.dat [2011.03.10 18:29:31 | 000,248,579 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2010.11.21 15:51:12 | 000,000,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat [2010.09.04 21:33:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI ========== LOP Check ========== [2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.01.20 19:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.01.01 16:15:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jlcm [2009.07.17 20:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLive [2012.05.21 20:07:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.08.02 14:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2011.08.01 23:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XHEO INC [2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon [2009.04.25 21:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon [2012.05.11 14:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium [2011.08.01 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HEM Data [2011.09.17 12:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HoldemManager [2012.02.17 18:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ [2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar [2009.04.17 16:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQLite [2011.10.18 17:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jens Lorek [2011.11.24 19:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PacificPoker [2010.10.03 21:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RayV [2011.08.02 00:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Roaming [2010.09.11 21:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer [2009.08.15 14:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Viewpoint [2012.01.20 19:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B} ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.04.15 19:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe [2012.05.21 23:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AOL [2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon [2008.02.20 23:22:05 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Brother [2008.02.14 15:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CyberLink [2009.04.25 21:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon [2008.12.25 00:02:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\dvdcss [2012.05.11 14:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium [2008.04.16 17:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help [2011.08.01 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HEM Data [2011.09.17 12:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HoldemManager [2012.02.17 18:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ [2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar [2009.04.17 16:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQLite [2008.02.14 14:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities [2008.02.15 14:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield [2011.10.18 17:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jens Lorek [2008.02.15 14:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia [2010.02.21 14:41:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes [2012.04.15 19:35:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft [2009.04.14 16:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mIRC [2012.04.11 15:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla [2011.09.05 23:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla-Cache [2011.11.24 19:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PacificPoker [2010.10.03 21:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RayV [2011.08.02 00:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Roaming [2012.04.16 15:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype [2011.08.08 00:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\skypePM [2008.02.18 18:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun [2010.10.12 19:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\teamspeak2 [2010.09.11 21:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer [2008.10.27 18:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ventrilo [2009.08.15 14:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Viewpoint [2008.04.17 16:50:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\vlc [2008.02.17 18:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\WinRAR [2012.05.21 23:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\You've Got Pictures Screensaver < %APPDATA%\*.exe /s > [2008.09.03 17:11:11 | 000,323,936 | ---- | M] (Octoshape ApS) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe [2011.10.18 17:17:02 | 000,034,494 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_6FEFF9B68218417F98F549.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_B06349111D5E7CEE2A3C50.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_BBE843A4210D005E08B21E.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_ECF5B0A15121D905E30873.exe [2012.01.27 20:54:09 | 000,034,494 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.02.14 15:09:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.02.14 15:09:47 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.02.14 15:09:47 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [20 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 @Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > [/code] |
23.05.2012, 21:16 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip) IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=a0ed97790000000000000019dbc2cad6 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=30d11c04-714e-49fc-b675-c4596f09a4f5&apn_sauid=0A4B73D3-1F66-4D8B-94DD-DD0187EA0C7F IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" [2012.05.21 17:44:43 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.02.14 14:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] [2012.05.21 17:44:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon [2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon [2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.05.21 17:44:59 | 000,000,237 | ---- | C] () -- C:\user.js [2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 @Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Extreme Internet/Rechnerverlangsamung |
23.05.2012, 21:43 | #7 |
| Extreme Internet/RechnerverlangsamungCode:
ATTFilter All processes killed ========== OTL ========== Error: Unable to stop service xpsec! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully. File C:\WINDOWS\system32\drivers\xpsec.sys not found. Error: Unable to stop service xcpip! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully. File C:\WINDOWS\system32\drivers\xcpip.sys not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found. HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" removed from browser.startup.homepage Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" removed from keyword.URL C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\HtmlScreens folder moved successfully. C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup folder moved successfully. C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon folder moved successfully. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon folder moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon folder moved successfully. C:\user.js moved successfully. C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar folder moved successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Flash cache emptied: 35 bytes User: Besitzer ->Temp folder emptied: 6561470023 bytes ->Temporary Internet Files folder emptied: 29117068 bytes ->Java cache emptied: 22755315 bytes ->FireFox cache emptied: 149074359 bytes ->Flash cache emptied: 9790558 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 352980 bytes User: mrpgrey ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1225817 bytes %systemroot%\System32 .tmp files removed: 21690943 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24518743 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6.504,00 mb [EMPTYFLASH] User: All Users ->Flash cache emptied: 0 bytes User: Besitzer ->Flash cache emptied: 0 bytes User: Default User User: LocalService User: mrpgrey User: NetworkService User: postgres Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.1 log created on 05232012_223112 Files\Folders moved on Reboot... C:\WINDOWS\temp\1e39981a moved successfully. C:\WINDOWS\temp\1e4d8fcc moved successfully. C:\WINDOWS\temp\2c96148e moved successfully. C:\WINDOWS\temp\c9d8ca moved successfully. Registry entries deleted on Reboot... Sry 4 Doppelpost, habs nun nochmal ohne Guard gemacht. Code:
ATTFilter All processes killed ========== OTL ========== Error: Unable to stop service xpsec! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully. File C:\WINDOWS\system32\drivers\xpsec.sys not found. Error: Unable to stop service xcpip! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully. File C:\WINDOWS\system32\drivers\xcpip.sys not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found. HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found. HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" removed from browser.startup.homepage Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" removed from keyword.URL File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\AUTOEXEC.BAT not found. Folder C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\ not found. Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon\ not found. Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon\ not found. File C:\user.js not found. Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar\ not found. Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 . Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 . Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 . ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Flash cache emptied: 35 bytes User: Besitzer ->Temp folder emptied: 916853 bytes ->Temporary Internet Files folder emptied: 8694633 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 39320039 bytes ->Flash cache emptied: 947 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33505 bytes User: mrpgrey ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66349 bytes RecycleBin emptied: 574 bytes Total Files Cleaned = 47,00 mb [EMPTYFLASH] User: All Users ->Flash cache emptied: 0 bytes User: Besitzer ->Flash cache emptied: 0 bytes User: Default User User: LocalService User: mrpgrey User: NetworkService User: postgres Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.1 log created on 05232012_233349 Files\Folders moved on Reboot... C:\WINDOWS\temp\25b5db7f moved successfully. C:\WINDOWS\temp\5fc344f3 moved successfully. C:\WINDOWS\temp\714bc546 moved successfully. C:\WINDOWS\temp\de24e5c moved successfully. Registry entries deleted on Reboot... Geändert von BraucheHilf (23.05.2012 um 22:33 Uhr) |
24.05.2012, 11:18 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
24.05.2012, 11:33 | #9 |
| Extreme Internet/RechnerverlangsamungCode:
ATTFilter 12:29:24.0953 5904 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 12:29:25.0203 5904 ============================================================ 12:29:25.0203 5904 Current date / time: 2012/05/24 12:29:25.0203 12:29:25.0203 5904 SystemInfo: 12:29:25.0203 5904 12:29:25.0203 5904 OS Version: 5.1.2600 ServicePack: 3.0 12:29:25.0203 5904 Product type: Workstation 12:29:25.0203 5904 ComputerName: ACER-F5DADEF16C 12:29:25.0203 5904 UserName: Besitzer 12:29:25.0203 5904 Windows directory: C:\WINDOWS 12:29:25.0203 5904 System windows directory: C:\WINDOWS 12:29:25.0203 5904 Processor architecture: Intel x86 12:29:25.0203 5904 Number of processors: 2 12:29:25.0203 5904 Page size: 0x1000 12:29:25.0203 5904 Boot type: Normal boot 12:29:25.0203 5904 ============================================================ 12:29:26.0671 5904 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 12:29:26.0734 5904 ============================================================ 12:29:26.0734 5904 \Device\Harddisk0\DR0: 12:29:26.0734 5904 MBR partitions: 12:29:26.0734 5904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBBD13E4 12:29:26.0750 5904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xBBD1462, BlocksNum 0xB8CC95F 12:29:26.0750 5904 ============================================================ 12:29:26.0750 5904 D: <-> \Device\Harddisk0\DR0\Partition1 12:29:26.0765 5904 C: <-> \Device\Harddisk0\DR0\Partition0 12:29:26.0765 5904 ============================================================ 12:29:26.0765 5904 Initialize success 12:29:26.0765 5904 ============================================================ 12:30:18.0734 4480 ============================================================ 12:30:18.0734 4480 Scan started 12:30:18.0734 4480 Mode: Manual; SigCheck; TDLFS; 12:30:18.0734 4480 ============================================================ 12:30:19.0062 4480 3xHybrid (b985bd6230ac8cc7526d89ef92ce05be) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys 12:30:19.0234 4480 3xHybrid - ok 12:30:19.0234 4480 Abiosdsk - ok 12:30:19.0250 4480 abp480n5 - ok 12:30:19.0296 4480 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:30:19.0406 4480 ACPI - ok 12:30:19.0453 4480 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:30:20.0218 4480 ACPIEC - ok 12:30:20.0218 4480 adpu160m - ok 12:30:20.0250 4480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:30:20.0375 4480 aec - ok 12:30:20.0406 4480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 12:30:20.0437 4480 AFD - ok 12:30:20.0437 4480 Aha154x - ok 12:30:20.0437 4480 aic78u2 - ok 12:30:20.0453 4480 aic78xx - ok 12:30:20.0484 4480 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 12:30:20.0640 4480 Alerter - ok 12:30:20.0656 4480 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 12:30:20.0718 4480 ALG - ok 12:30:20.0718 4480 AliIde - ok 12:30:20.0765 4480 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 12:30:20.0765 4480 AmdK8 - ok 12:30:20.0765 4480 amsint - ok 12:30:20.0875 4480 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe 12:30:20.0890 4480 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning 12:30:20.0890 4480 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1) 12:30:20.0937 4480 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe 12:30:20.0953 4480 AntiVirService ( UnsignedFile.Multi.Generic ) - warning 12:30:20.0953 4480 AntiVirService - detected UnsignedFile.Multi.Generic (1) 12:30:21.0031 4480 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe 12:30:21.0031 4480 AOL ACS - ok 12:30:21.0078 4480 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll 12:30:21.0140 4480 AppMgmt - ok 12:30:21.0156 4480 asc - ok 12:30:21.0156 4480 asc3350p - ok 12:30:21.0171 4480 asc3550 - ok 12:30:21.0296 4480 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 12:30:21.0375 4480 aspnet_state - ok 12:30:21.0390 4480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:30:21.0515 4480 AsyncMac - ok 12:30:21.0531 4480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:30:21.0687 4480 atapi - ok 12:30:21.0703 4480 Atdisk - ok 12:30:21.0718 4480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:30:21.0875 4480 Atmarpc - ok 12:30:21.0921 4480 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 12:30:22.0078 4480 AudioSrv - ok 12:30:22.0109 4480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:30:22.0250 4480 audstub - ok 12:30:22.0281 4480 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 12:30:22.0296 4480 avgio - ok 12:30:22.0328 4480 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 12:30:22.0375 4480 avgntflt - ok 12:30:22.0406 4480 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 12:30:22.0406 4480 avipbb - ok 12:30:22.0453 4480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:30:22.0609 4480 Beep - ok 12:30:22.0656 4480 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 12:30:22.0875 4480 BITS - ok 12:30:22.0906 4480 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe 12:30:22.0906 4480 Brother XP spl Service - ok 12:30:22.0968 4480 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 12:30:23.0125 4480 Browser - ok 12:30:23.0156 4480 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 12:30:23.0156 4480 BrScnUsb - ok 12:30:23.0187 4480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:30:23.0343 4480 cbidf2k - ok 12:30:23.0359 4480 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 12:30:23.0515 4480 CCDECODE - ok 12:30:23.0531 4480 cd20xrnt - ok 12:30:23.0531 4480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:30:23.0687 4480 Cdaudio - ok 12:30:23.0703 4480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:30:23.0875 4480 Cdfs - ok 12:30:23.0890 4480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:30:24.0046 4480 Cdrom - ok 12:30:24.0046 4480 Changer - ok 12:30:24.0078 4480 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 12:30:24.0234 4480 CiSvc - ok 12:30:24.0265 4480 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 12:30:24.0437 4480 ClipSrv - ok 12:30:24.0640 4480 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:30:24.0859 4480 clr_optimization_v2.0.50727_32 - ok 12:30:24.0890 4480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:30:24.0953 4480 clr_optimization_v4.0.30319_32 - ok 12:30:24.0953 4480 CmdIde - ok 12:30:24.0953 4480 COMSysApp - ok 12:30:24.0968 4480 Cpqarray - ok 12:30:25.0000 4480 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 12:30:25.0156 4480 CryptSvc - ok 12:30:25.0156 4480 dac2w2k - ok 12:30:25.0171 4480 dac960nt - ok 12:30:25.0218 4480 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 12:30:25.0281 4480 DcomLaunch - ok 12:30:25.0312 4480 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 12:30:25.0484 4480 Dhcp - ok 12:30:25.0515 4480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 12:30:25.0656 4480 Disk - ok 12:30:25.0656 4480 dmadmin - ok 12:30:25.0718 4480 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 12:30:25.0921 4480 dmboot - ok 12:30:25.0937 4480 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 12:30:26.0062 4480 dmio - ok 12:30:26.0078 4480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:30:26.0250 4480 dmload - ok 12:30:26.0281 4480 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 12:30:26.0421 4480 dmserver - ok 12:30:26.0437 4480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:30:26.0593 4480 DMusic - ok 12:30:26.0625 4480 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 12:30:26.0640 4480 Dnscache - ok 12:30:26.0687 4480 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 12:30:26.0828 4480 Dot3svc - ok 12:30:26.0828 4480 dpti2o - ok 12:30:26.0843 4480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:30:26.0984 4480 drmkaud - ok 12:30:27.0000 4480 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 12:30:27.0156 4480 EapHost - ok 12:30:27.0234 4480 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe 12:30:27.0250 4480 ehRecvr - ok 12:30:27.0296 4480 ehSched (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe 12:30:27.0312 4480 ehSched - ok 12:30:27.0343 4480 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 12:30:27.0500 4480 ERSvc - ok 12:30:27.0546 4480 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 12:30:27.0578 4480 Eventlog - ok 12:30:27.0640 4480 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 12:30:27.0671 4480 EventSystem - ok 12:30:27.0718 4480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:30:27.0875 4480 Fastfat - ok 12:30:27.0921 4480 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 12:30:27.0937 4480 FastUserSwitchingCompatibility - ok 12:30:28.0000 4480 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe 12:30:28.0156 4480 Fax - ok 12:30:28.0171 4480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 12:30:28.0328 4480 Fdc - ok 12:30:28.0375 4480 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 12:30:28.0531 4480 Fips - ok 12:30:28.0593 4480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 12:30:28.0765 4480 Flpydisk - ok 12:30:28.0812 4480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 12:30:28.0968 4480 FltMgr - ok 12:30:29.0140 4480 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 12:30:29.0156 4480 FontCache3.0.0.0 - ok 12:30:29.0171 4480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:30:29.0328 4480 Fs_Rec - ok 12:30:29.0343 4480 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:30:29.0484 4480 Ftdisk - ok 12:30:29.0609 4480 GarenaPEngine - ok 12:30:29.0640 4480 GGSAFERDriver - ok 12:30:29.0656 4480 GMSIPCI - ok 12:30:29.0687 4480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:30:29.0843 4480 Gpc - ok 12:30:29.0890 4480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:30:30.0015 4480 HDAudBus - ok 12:30:30.0062 4480 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 12:30:30.0218 4480 helpsvc - ok 12:30:30.0218 4480 HidServ - ok 12:30:30.0234 4480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:30:30.0375 4480 HidUsb - ok 12:30:30.0421 4480 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 12:30:30.0578 4480 hkmsvc - ok 12:30:30.0578 4480 hpn - ok 12:30:30.0625 4480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 12:30:30.0671 4480 HTTP - ok 12:30:30.0687 4480 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 12:30:30.0796 4480 HTTPFilter - ok 12:30:30.0796 4480 i2omgmt - ok 12:30:30.0812 4480 i2omp - ok 12:30:30.0843 4480 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:30:30.0984 4480 i8042prt - ok 12:30:31.0078 4480 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:30:31.0125 4480 idsvc - ok 12:30:31.0140 4480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:30:31.0265 4480 Imapi - ok 12:30:31.0312 4480 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 12:30:31.0468 4480 ImapiService - ok 12:30:31.0468 4480 ini910u - ok 12:30:31.0796 4480 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys 12:30:31.0984 4480 IntcAzAudAddService - ok 12:30:32.0078 4480 IntelIde - ok 12:30:32.0109 4480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 12:30:32.0265 4480 Ip6Fw - ok 12:30:32.0296 4480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:30:32.0453 4480 IpFilterDriver - ok 12:30:32.0484 4480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:30:32.0625 4480 IpInIp - ok 12:30:32.0640 4480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:30:32.0796 4480 IpNat - ok 12:30:32.0812 4480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:30:32.0984 4480 IPSec - ok 12:30:33.0000 4480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:30:33.0062 4480 IRENUM - ok 12:30:33.0078 4480 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:30:33.0218 4480 isapnp - ok 12:30:33.0359 4480 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe 12:30:33.0375 4480 JavaQuickStarterService - ok 12:30:33.0375 4480 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:30:33.0531 4480 Kbdclass - ok 12:30:33.0531 4480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:30:33.0703 4480 kmixer - ok 12:30:33.0812 4480 krdpdre - ok 12:30:33.0859 4480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 12:30:33.0875 4480 KSecDD - ok 12:30:33.0921 4480 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 12:30:33.0953 4480 lanmanserver - ok 12:30:33.0984 4480 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 12:30:34.0000 4480 lanmanworkstation - ok 12:30:34.0015 4480 lbrtfdc - ok 12:30:34.0078 4480 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 12:30:34.0093 4480 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 12:30:34.0093 4480 LightScribeService - detected UnsignedFile.Multi.Generic (1) 12:30:34.0109 4480 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 12:30:34.0281 4480 LmHosts - ok 12:30:34.0343 4480 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe 12:30:34.0375 4480 McrdSvc - ok 12:30:34.0375 4480 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 12:30:34.0515 4480 Messenger - ok 12:30:34.0546 4480 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll 12:30:34.0562 4480 MHN ( UnsignedFile.Multi.Generic ) - warning 12:30:34.0562 4480 MHN - detected UnsignedFile.Multi.Generic (1) 12:30:34.0578 4480 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 12:30:34.0578 4480 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 12:30:34.0578 4480 MHNDRV - detected UnsignedFile.Multi.Generic (1) 12:30:34.0609 4480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:30:34.0765 4480 mnmdd - ok 12:30:34.0796 4480 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 12:30:34.0953 4480 mnmsrvc - ok 12:30:34.0984 4480 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 12:30:35.0140 4480 Modem - ok 12:30:35.0156 4480 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:30:35.0312 4480 Mouclass - ok 12:30:35.0343 4480 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:30:35.0484 4480 mouhid - ok 12:30:35.0500 4480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 12:30:35.0656 4480 MountMgr - ok 12:30:35.0687 4480 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 12:30:35.0703 4480 MozillaMaintenance - ok 12:30:35.0718 4480 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 12:30:35.0859 4480 MPE - ok 12:30:35.0859 4480 mraid35x - ok 12:30:35.0906 4480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:30:36.0031 4480 MRxDAV - ok 12:30:36.0093 4480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:30:36.0125 4480 MRxSmb - ok 12:30:36.0156 4480 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 12:30:36.0312 4480 MSDTC - ok 12:30:36.0328 4480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:30:36.0468 4480 Msfs - ok 12:30:36.0468 4480 MSIServer - ok 12:30:36.0484 4480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:30:36.0625 4480 MSKSSRV - ok 12:30:36.0703 4480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:30:36.0859 4480 MSPCLOCK - ok 12:30:36.0875 4480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:30:37.0031 4480 MSPQM - ok 12:30:37.0046 4480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:30:37.0187 4480 mssmbios - ok 12:30:37.0218 4480 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 12:30:37.0343 4480 MSTEE - ok 12:30:37.0421 4480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 12:30:37.0484 4480 Mup - ok 12:30:37.0515 4480 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 12:30:37.0703 4480 NABTSFEC - ok 12:30:37.0750 4480 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 12:30:37.0859 4480 napagent - ok 12:30:37.0937 4480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:30:38.0093 4480 NDIS - ok 12:30:38.0125 4480 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 12:30:38.0281 4480 NdisIP - ok 12:30:38.0328 4480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:30:38.0343 4480 NdisTapi - ok 12:30:38.0375 4480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:30:38.0515 4480 Ndisuio - ok 12:30:38.0531 4480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:30:38.0703 4480 NdisWan - ok 12:30:38.0750 4480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 12:30:38.0796 4480 NDProxy - ok 12:30:38.0828 4480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:30:38.0953 4480 NetBIOS - ok 12:30:38.0968 4480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:30:39.0093 4480 NetBT - ok 12:30:39.0156 4480 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 12:30:39.0312 4480 NetDDE - ok 12:30:39.0312 4480 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 12:30:39.0453 4480 NetDDEdsdm - ok 12:30:39.0484 4480 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 12:30:39.0625 4480 Netlogon - ok 12:30:39.0640 4480 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 12:30:39.0781 4480 Netman - ok 12:30:39.0890 4480 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:30:39.0890 4480 NetTcpPortSharing - ok 12:30:39.0937 4480 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 12:30:39.0968 4480 Nla - ok 12:30:40.0015 4480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:30:40.0156 4480 Npfs - ok 12:30:40.0203 4480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:30:40.0375 4480 Ntfs - ok 12:30:40.0390 4480 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 12:30:40.0546 4480 NtLmSsp - ok 12:30:40.0609 4480 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 12:30:40.0750 4480 NtmsSvc - ok 12:30:40.0781 4480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:30:40.0906 4480 Null - ok 12:30:41.0171 4480 nv (10458bfc0968e7e69d77f292942b27b1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12:30:41.0281 4480 nv - ok 12:30:41.0390 4480 NVSvc (f6fca6047879de7a2964757eb8b2101b) C:\WINDOWS\system32\nvsvc32.exe 12:30:41.0406 4480 NVSvc - ok 12:30:41.0437 4480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:30:41.0578 4480 NwlnkFlt - ok 12:30:41.0593 4480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:30:41.0765 4480 NwlnkFwd - ok 12:30:41.0812 4480 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 12:30:41.0937 4480 Parport - ok 12:30:41.0968 4480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:30:42.0140 4480 PartMgr - ok 12:30:42.0171 4480 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 12:30:42.0296 4480 ParVdm - ok 12:30:42.0296 4480 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 12:30:42.0468 4480 PCI - ok 12:30:42.0468 4480 PCIDump - ok 12:30:42.0484 4480 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:30:42.0625 4480 PCIIde - ok 12:30:42.0656 4480 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:30:42.0875 4480 Pcmcia - ok 12:30:42.0875 4480 PDCOMP - ok 12:30:42.0875 4480 PDFRAME - ok 12:30:42.0890 4480 PDRELI - ok 12:30:42.0890 4480 PDRFRAME - ok 12:30:42.0890 4480 perc2 - ok 12:30:42.0906 4480 perc2hib - ok 12:30:43.0031 4480 pgsql-8.3 - ok 12:30:43.0093 4480 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 12:30:43.0125 4480 PlugPlay - ok 12:30:43.0218 4480 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 12:30:43.0343 4480 PolicyAgent - ok 12:30:43.0375 4480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:30:43.0500 4480 PptpMiniport - ok 12:30:43.0515 4480 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 12:30:43.0656 4480 Processor - ok 12:30:43.0671 4480 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 12:30:43.0796 4480 ProtectedStorage - ok 12:30:43.0812 4480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:30:43.0968 4480 PSched - ok 12:30:44.0000 4480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:30:44.0125 4480 Ptilink - ok 12:30:44.0156 4480 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys 12:30:44.0171 4480 PxHelp20 - ok 12:30:44.0171 4480 ql1080 - ok 12:30:44.0171 4480 Ql10wnt - ok 12:30:44.0187 4480 ql12160 - ok 12:30:44.0187 4480 ql1240 - ok 12:30:44.0187 4480 ql1280 - ok 12:30:44.0218 4480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:30:44.0343 4480 RasAcd - ok 12:30:44.0375 4480 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 12:30:44.0546 4480 RasAuto - ok 12:30:44.0562 4480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:30:44.0687 4480 Rasl2tp - ok 12:30:44.0734 4480 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 12:30:44.0859 4480 RasMan - ok 12:30:44.0875 4480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:30:45.0015 4480 RasPppoe - ok 12:30:45.0031 4480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:30:45.0171 4480 Raspti - ok 12:30:45.0203 4480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:30:45.0328 4480 Rdbss - ok 12:30:45.0328 4480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:30:45.0468 4480 RDPCDD - ok 12:30:45.0500 4480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:30:45.0625 4480 rdpdr - ok 12:30:45.0687 4480 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 12:30:45.0718 4480 RDPWD - ok 12:30:45.0750 4480 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 12:30:45.0890 4480 RDSessMgr - ok 12:30:46.0015 4480 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:30:46.0171 4480 redbook - ok 12:30:46.0187 4480 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 12:30:46.0328 4480 RemoteAccess - ok 12:30:46.0359 4480 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll 12:30:46.0500 4480 RemoteRegistry - ok 12:30:46.0625 4480 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Programme\CyberLink\Shared Files\RichVideo.exe 12:30:46.0640 4480 RichVideo ( UnsignedFile.Multi.Generic ) - warning 12:30:46.0640 4480 RichVideo - detected UnsignedFile.Multi.Generic (1) 12:30:46.0671 4480 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 12:30:46.0812 4480 RpcLocator - ok 12:30:46.0859 4480 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 12:30:46.0875 4480 RpcSs - ok 12:30:46.0921 4480 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 12:30:47.0046 4480 RSVP - ok 12:30:47.0093 4480 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 12:30:47.0125 4480 RTLE8023xp - ok 12:30:47.0171 4480 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 12:30:47.0312 4480 SamSs - ok 12:30:47.0343 4480 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 12:30:47.0484 4480 SCardSvr - ok 12:30:47.0531 4480 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 12:30:47.0703 4480 Schedule - ok 12:30:47.0718 4480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:30:47.0781 4480 Secdrv - ok 12:30:47.0796 4480 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 12:30:47.0921 4480 seclogon - ok 12:30:47.0937 4480 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 12:30:48.0078 4480 SENS - ok 12:30:48.0109 4480 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys 12:30:48.0265 4480 Serial - ok 12:30:48.0296 4480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:30:48.0437 4480 Sfloppy - ok 12:30:48.0484 4480 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 12:30:48.0609 4480 SharedAccess - ok 12:30:48.0656 4480 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 12:30:48.0671 4480 ShellHWDetection - ok 12:30:48.0687 4480 Simbad - ok 12:30:48.0750 4480 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe 12:30:48.0765 4480 SkypeUpdate - ok 12:30:48.0796 4480 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 12:30:48.0937 4480 SLIP - ok 12:30:48.0937 4480 Sparrow - ok 12:30:48.0953 4480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:30:49.0109 4480 splitter - ok 12:30:49.0140 4480 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 12:30:49.0156 4480 Spooler - ok 12:30:49.0171 4480 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 12:30:49.0234 4480 sr - ok 12:30:49.0265 4480 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 12:30:49.0343 4480 srservice - ok 12:30:49.0375 4480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 12:30:49.0421 4480 Srv - ok 12:30:49.0437 4480 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 12:30:49.0500 4480 SSDPSRV - ok 12:30:49.0546 4480 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 12:30:49.0546 4480 ssmdrv - ok 12:30:49.0609 4480 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 12:30:49.0718 4480 stisvc - ok 12:30:49.0750 4480 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 12:30:49.0890 4480 streamip - ok 12:30:49.0906 4480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:30:50.0031 4480 swenum - ok 12:30:50.0046 4480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:30:50.0187 4480 swmidi - ok 12:30:50.0187 4480 SwPrv - ok 12:30:50.0187 4480 symc810 - ok 12:30:50.0203 4480 symc8xx - ok 12:30:50.0203 4480 sym_hi - ok 12:30:50.0203 4480 sym_u3 - ok 12:30:50.0234 4480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:30:50.0375 4480 sysaudio - ok 12:30:50.0406 4480 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 12:30:50.0546 4480 SysmonLog - ok 12:30:50.0640 4480 SystemStore (1a78d70d7a02c920a18843426682899b) C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe 12:30:50.0656 4480 SystemStore ( UnsignedFile.Multi.Generic ) - warning 12:30:50.0656 4480 SystemStore - detected UnsignedFile.Multi.Generic (1) 12:30:50.0703 4480 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 12:30:50.0812 4480 TapiSrv - ok 12:30:50.0875 4480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:30:50.0921 4480 Tcpip - ok 12:30:50.0953 4480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:30:51.0109 4480 TDPIPE - ok 12:30:51.0125 4480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:30:51.0250 4480 TDTCP - ok 12:30:51.0312 4480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:30:51.0421 4480 TermDD - ok 12:30:51.0484 4480 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 12:30:51.0640 4480 TermService - ok 12:30:51.0640 4480 TfFsMon - ok 12:30:51.0640 4480 TfNetMon - ok 12:30:51.0656 4480 TfSysMon - ok 12:30:51.0687 4480 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 12:30:51.0703 4480 Themes - ok 12:30:51.0750 4480 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe 12:30:51.0812 4480 TlntSvr - ok 12:30:51.0812 4480 TosIde - ok 12:30:51.0843 4480 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 12:30:52.0000 4480 TrkWks - ok 12:30:52.0031 4480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:30:52.0156 4480 Udfs - ok 12:30:52.0171 4480 ultra - ok 12:30:52.0203 4480 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe 12:30:52.0218 4480 UMWdf - ok 12:30:52.0281 4480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:30:52.0421 4480 Update - ok 12:30:52.0468 4480 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 12:30:52.0531 4480 upnphost - ok 12:30:52.0562 4480 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 12:30:52.0703 4480 UPS - ok 12:30:52.0718 4480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:30:52.0875 4480 usbccgp - ok 12:30:52.0906 4480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:30:53.0046 4480 usbehci - ok 12:30:53.0078 4480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:30:53.0218 4480 usbhub - ok 12:30:53.0234 4480 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 12:30:53.0343 4480 usbohci - ok 12:30:53.0359 4480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 12:30:53.0484 4480 usbprint - ok 12:30:53.0500 4480 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:30:53.0625 4480 usbstor - ok 12:30:53.0640 4480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:30:53.0750 4480 VgaSave - ok 12:30:53.0765 4480 ViaIde - ok 12:30:53.0781 4480 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 12:30:53.0906 4480 VolSnap - ok 12:30:53.0968 4480 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 12:30:54.0015 4480 VSS - ok 12:30:54.0062 4480 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 12:30:54.0187 4480 W32Time - ok 12:30:54.0218 4480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:30:54.0343 4480 Wanarp - ok 12:30:54.0375 4480 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 12:30:54.0406 4480 wanatw - ok 12:30:54.0406 4480 WDICA - ok 12:30:54.0437 4480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:30:54.0578 4480 wdmaud - ok 12:30:54.0609 4480 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 12:30:54.0765 4480 WebClient - ok 12:30:54.0843 4480 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 12:30:54.0953 4480 winmgmt - ok 12:30:55.0000 4480 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll 12:30:55.0015 4480 WmdmPmSN - ok 12:30:55.0093 4480 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll 12:30:55.0125 4480 Wmi - ok 12:30:55.0156 4480 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 12:30:55.0265 4480 WmiApSrv - ok 12:30:55.0453 4480 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 12:30:55.0515 4480 WPFFontCache_v0400 - ok 12:30:55.0578 4480 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:30:55.0703 4480 WS2IFSL - ok 12:30:55.0750 4480 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 12:30:55.0875 4480 wscsvc - ok 12:30:55.0921 4480 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 12:30:56.0031 4480 WSTCODEC - ok 12:30:56.0046 4480 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 12:30:56.0156 4480 wuauserv - ok 12:30:56.0218 4480 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 12:30:56.0375 4480 WZCSVC - ok 12:30:56.0390 4480 xcpip - ok 12:30:56.0406 4480 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 12:30:56.0531 4480 xmlprov - ok 12:30:56.0531 4480 xpsec - ok 12:30:56.0562 4480 MBR (0x1B8) (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk0\DR0 12:30:56.0562 4480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected 12:30:56.0562 4480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0) 12:30:56.0640 4480 Boot (0x1200) (b137f492af53146361b746e889df95bb) \Device\Harddisk0\DR0\Partition0 12:30:56.0640 4480 \Device\Harddisk0\DR0\Partition0 - ok 12:30:56.0656 4480 Boot (0x1200) (c6ae6dc64faf9b3d8a9ccac454dd624f) \Device\Harddisk0\DR0\Partition1 12:30:56.0656 4480 \Device\Harddisk0\DR0\Partition1 - ok 12:30:56.0656 4480 ============================================================ 12:30:56.0656 4480 Scan finished 12:30:56.0656 4480 ============================================================ 12:30:56.0781 1812 Detected object count: 8 12:30:56.0781 1812 Actual detected object count: 8 12:31:51.0015 1812 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user 12:31:51.0015 1812 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:31:51.0015 1812 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user 12:31:51.0015 1812 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:31:51.0015 1812 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 12:31:51.0015 1812 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:31:51.0015 1812 MHN ( UnsignedFile.Multi.Generic ) - skipped by user 12:31:51.0015 1812 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:31:51.0015 1812 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user 12:31:51.0015 1812 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:31:51.0031 1812 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 12:31:51.0031 1812 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:31:51.0031 1812 SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user 12:31:51.0031 1812 SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:31:51.0031 1812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user 12:31:51.0031 1812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip |
24.05.2012, 21:42 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/RechnerverlangsamungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.05.2012, 15:51 | #11 |
| Extreme Internet/Rechnerverlangsamung besser später als nie.. Code:
ATTFilter 16:47:56.0750 3608 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31 16:47:57.0312 3608 ============================================================ 16:47:57.0312 3608 Current date / time: 2012/05/28 16:47:57.0312 16:47:57.0312 3608 SystemInfo: 16:47:57.0312 3608 16:47:57.0312 3608 OS Version: 5.1.2600 ServicePack: 3.0 16:47:57.0312 3608 Product type: Workstation 16:47:57.0312 3608 ComputerName: ACER-F5DADEF16C 16:47:57.0312 3608 UserName: Besitzer 16:47:57.0312 3608 Windows directory: C:\WINDOWS 16:47:57.0312 3608 System windows directory: C:\WINDOWS 16:47:57.0312 3608 Processor architecture: Intel x86 16:47:57.0312 3608 Number of processors: 2 16:47:57.0312 3608 Page size: 0x1000 16:47:57.0312 3608 Boot type: Normal boot 16:47:57.0312 3608 ============================================================ 16:48:00.0453 3608 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 16:48:00.0546 3608 Drive \Device\Harddisk6\DR13 - Size: 0x1DD60000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 16:48:00.0546 3608 ============================================================ 16:48:00.0546 3608 \Device\Harddisk0\DR0: 16:48:00.0546 3608 MBR partitions: 16:48:00.0546 3608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBBD13E4 16:48:00.0562 3608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xBBD1462, BlocksNum 0xB8CC95F 16:48:00.0562 3608 \Device\Harddisk6\DR13: 16:48:00.0562 3608 MBR partitions: 16:48:00.0562 3608 \Device\Harddisk6\DR13\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0xEEAE0 16:48:00.0562 3608 ============================================================ 16:48:00.0562 3608 D: <-> \Device\Harddisk0\DR0\Partition1 16:48:00.0593 3608 C: <-> \Device\Harddisk0\DR0\Partition0 16:48:00.0593 3608 ============================================================ 16:48:00.0593 3608 Initialize success 16:48:00.0593 3608 ============================================================ 16:48:04.0281 2116 ============================================================ 16:48:04.0281 2116 Scan started 16:48:04.0281 2116 Mode: Manual; SigCheck; TDLFS; 16:48:04.0281 2116 ============================================================ 16:48:05.0218 2116 3xHybrid (b985bd6230ac8cc7526d89ef92ce05be) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys 16:48:06.0500 2116 3xHybrid - ok 16:48:06.0515 2116 Abiosdsk - ok 16:48:06.0515 2116 abp480n5 - ok 16:48:06.0562 2116 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:48:07.0343 2116 ACPI - ok 16:48:07.0359 2116 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:48:07.0531 2116 ACPIEC - ok 16:48:07.0531 2116 adpu160m - ok 16:48:07.0578 2116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 16:48:07.0750 2116 aec - ok 16:48:07.0765 2116 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 16:48:07.0812 2116 AFD - ok 16:48:07.0812 2116 Aha154x - ok 16:48:07.0828 2116 aic78u2 - ok 16:48:07.0828 2116 aic78xx - ok 16:48:07.0859 2116 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 16:48:08.0031 2116 Alerter - ok 16:48:08.0046 2116 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 16:48:08.0125 2116 ALG - ok 16:48:08.0125 2116 AliIde - ok 16:48:08.0156 2116 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 16:48:08.0203 2116 AmdK8 - ok 16:48:08.0203 2116 amsint - ok 16:48:08.0296 2116 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe 16:48:08.0312 2116 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning 16:48:08.0312 2116 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1) 16:48:08.0359 2116 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe 16:48:08.0390 2116 AntiVirService ( UnsignedFile.Multi.Generic ) - warning 16:48:08.0390 2116 AntiVirService - detected UnsignedFile.Multi.Generic (1) 16:48:08.0453 2116 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe 16:48:08.0468 2116 AOL ACS - ok 16:48:08.0515 2116 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll 16:48:08.0593 2116 AppMgmt - ok 16:48:08.0609 2116 asc - ok 16:48:08.0609 2116 asc3350p - ok 16:48:08.0609 2116 asc3550 - ok 16:48:08.0734 2116 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 16:48:08.0750 2116 aspnet_state - ok 16:48:08.0781 2116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:48:08.0921 2116 AsyncMac - ok 16:48:08.0937 2116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:48:09.0109 2116 atapi - ok 16:48:09.0109 2116 Atdisk - ok 16:48:09.0125 2116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:48:09.0312 2116 Atmarpc - ok 16:48:09.0343 2116 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 16:48:09.0515 2116 AudioSrv - ok 16:48:09.0546 2116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:48:09.0718 2116 audstub - ok 16:48:09.0750 2116 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 16:48:09.0765 2116 avgio - ok 16:48:09.0796 2116 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 16:48:09.0859 2116 avgntflt - ok 16:48:09.0890 2116 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 16:48:09.0906 2116 avipbb - ok 16:48:09.0921 2116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:48:10.0109 2116 Beep - ok 16:48:10.0156 2116 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 16:48:10.0406 2116 BITS - ok 16:48:10.0421 2116 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe 16:48:10.0468 2116 Brother XP spl Service - ok 16:48:10.0500 2116 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 16:48:10.0687 2116 Browser - ok 16:48:10.0906 2116 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 16:48:10.0937 2116 BrScnUsb - ok 16:48:10.0968 2116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:48:11.0140 2116 cbidf2k - ok 16:48:11.0156 2116 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 16:48:11.0328 2116 CCDECODE - ok 16:48:11.0328 2116 cd20xrnt - ok 16:48:11.0359 2116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:48:11.0531 2116 Cdaudio - ok 16:48:11.0562 2116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 16:48:11.0750 2116 Cdfs - ok 16:48:11.0781 2116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:48:11.0953 2116 Cdrom - ok 16:48:11.0953 2116 Changer - ok 16:48:11.0984 2116 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 16:48:12.0140 2116 CiSvc - ok 16:48:12.0187 2116 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 16:48:12.0390 2116 ClipSrv - ok 16:48:12.0484 2116 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:48:12.0562 2116 clr_optimization_v2.0.50727_32 - ok 16:48:12.0625 2116 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:48:12.0703 2116 clr_optimization_v4.0.30319_32 - ok 16:48:12.0703 2116 CmdIde - ok 16:48:12.0718 2116 COMSysApp - ok 16:48:12.0718 2116 Cpqarray - ok 16:48:12.0750 2116 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 16:48:12.0890 2116 CryptSvc - ok 16:48:12.0906 2116 dac2w2k - ok 16:48:12.0906 2116 dac960nt - ok 16:48:12.0968 2116 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 16:48:13.0046 2116 DcomLaunch - ok 16:48:13.0078 2116 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 16:48:13.0265 2116 Dhcp - ok 16:48:13.0281 2116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 16:48:13.0484 2116 Disk - ok 16:48:13.0484 2116 dmadmin - ok 16:48:13.0546 2116 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 16:48:13.0750 2116 dmboot - ok 16:48:13.0765 2116 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 16:48:13.0921 2116 dmio - ok 16:48:13.0937 2116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:48:14.0109 2116 dmload - ok 16:48:14.0140 2116 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 16:48:14.0312 2116 dmserver - ok 16:48:14.0328 2116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 16:48:14.0484 2116 DMusic - ok 16:48:14.0515 2116 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 16:48:14.0562 2116 Dnscache - ok 16:48:14.0625 2116 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 16:48:14.0781 2116 Dot3svc - ok 16:48:14.0781 2116 dpti2o - ok 16:48:14.0781 2116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 16:48:14.0953 2116 drmkaud - ok 16:48:15.0046 2116 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 16:48:15.0234 2116 EapHost - ok 16:48:15.0734 2116 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe 16:48:15.0937 2116 ehRecvr - ok 16:48:16.0000 2116 ehSched (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe 16:48:16.0062 2116 ehSched - ok 16:48:16.0125 2116 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 16:48:16.0281 2116 ERSvc - ok 16:48:16.0312 2116 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 16:48:16.0343 2116 Eventlog - ok 16:48:16.0406 2116 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 16:48:16.0484 2116 EventSystem - ok 16:48:16.0515 2116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 16:48:16.0703 2116 Fastfat - ok 16:48:16.0734 2116 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 16:48:16.0796 2116 FastUserSwitchingCompatibility - ok 16:48:16.0843 2116 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe 16:48:17.0015 2116 Fax - ok 16:48:17.0031 2116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 16:48:17.0203 2116 Fdc - ok 16:48:17.0234 2116 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 16:48:17.0390 2116 Fips - ok 16:48:17.0406 2116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 16:48:17.0578 2116 Flpydisk - ok 16:48:17.0609 2116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 16:48:17.0750 2116 FltMgr - ok 16:48:17.0859 2116 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 16:48:17.0875 2116 FontCache3.0.0.0 - ok 16:48:17.0906 2116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:48:18.0062 2116 Fs_Rec - ok 16:48:18.0078 2116 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:48:18.0234 2116 Ftdisk - ok 16:48:18.0312 2116 GarenaPEngine - ok 16:48:18.0359 2116 GGSAFERDriver - ok 16:48:18.0359 2116 GMSIPCI - ok 16:48:18.0421 2116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:48:18.0593 2116 Gpc - ok 16:48:18.0625 2116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 16:48:18.0765 2116 HDAudBus - ok 16:48:18.0796 2116 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 16:48:18.0968 2116 helpsvc - ok 16:48:18.0984 2116 HidServ - ok 16:48:19.0015 2116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:48:19.0234 2116 HidUsb - ok 16:48:19.0265 2116 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 16:48:19.0421 2116 hkmsvc - ok 16:48:19.0421 2116 hpn - ok 16:48:19.0468 2116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 16:48:19.0531 2116 HTTP - ok 16:48:19.0546 2116 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 16:48:19.0718 2116 HTTPFilter - ok 16:48:19.0718 2116 i2omgmt - ok 16:48:19.0718 2116 i2omp - ok 16:48:19.0750 2116 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:48:19.0906 2116 i8042prt - ok 16:48:20.0000 2116 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:48:20.0062 2116 idsvc - ok 16:48:20.0078 2116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 16:48:20.0218 2116 Imapi - ok 16:48:20.0250 2116 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 16:48:20.0406 2116 ImapiService - ok 16:48:20.0406 2116 ini910u - ok 16:48:20.0703 2116 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys 16:48:20.0984 2116 IntcAzAudAddService - ok 16:48:21.0062 2116 IntelIde - ok 16:48:21.0093 2116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 16:48:21.0281 2116 Ip6Fw - ok 16:48:21.0296 2116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:48:21.0468 2116 IpFilterDriver - ok 16:48:21.0500 2116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:48:21.0656 2116 IpInIp - ok 16:48:21.0671 2116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:48:21.0828 2116 IpNat - ok 16:48:21.0843 2116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:48:22.0031 2116 IPSec - ok 16:48:22.0046 2116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:48:22.0109 2116 IRENUM - ok 16:48:22.0125 2116 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:48:22.0296 2116 isapnp - ok 16:48:22.0437 2116 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe 16:48:22.0453 2116 JavaQuickStarterService - ok 16:48:22.0468 2116 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:48:22.0656 2116 Kbdclass - ok 16:48:22.0671 2116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 16:48:22.0828 2116 kmixer - ok 16:48:22.0921 2116 krdpdre - ok 16:48:22.0953 2116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 16:48:23.0046 2116 KSecDD - ok 16:48:23.0093 2116 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 16:48:23.0125 2116 lanmanserver - ok 16:48:23.0156 2116 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 16:48:23.0203 2116 lanmanworkstation - ok 16:48:23.0203 2116 lbrtfdc - ok 16:48:23.0281 2116 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 16:48:23.0281 2116 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 16:48:23.0281 2116 LightScribeService - detected UnsignedFile.Multi.Generic (1) 16:48:23.0312 2116 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 16:48:23.0468 2116 LmHosts - ok 16:48:23.0531 2116 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe 16:48:23.0562 2116 McrdSvc - ok 16:48:23.0593 2116 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 16:48:23.0765 2116 Messenger - ok 16:48:23.0796 2116 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll 16:48:23.0812 2116 MHN ( UnsignedFile.Multi.Generic ) - warning 16:48:23.0812 2116 MHN - detected UnsignedFile.Multi.Generic (1) 16:48:23.0828 2116 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 16:48:23.0828 2116 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 16:48:23.0828 2116 MHNDRV - detected UnsignedFile.Multi.Generic (1) 16:48:23.0859 2116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:48:23.0984 2116 mnmdd - ok 16:48:24.0031 2116 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 16:48:24.0218 2116 mnmsrvc - ok 16:48:24.0250 2116 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 16:48:24.0421 2116 Modem - ok 16:48:24.0437 2116 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:48:24.0625 2116 Mouclass - ok 16:48:24.0656 2116 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:48:24.0796 2116 mouhid - ok 16:48:24.0796 2116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 16:48:24.0968 2116 MountMgr - ok 16:48:25.0015 2116 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 16:48:25.0046 2116 MozillaMaintenance - ok 16:48:25.0046 2116 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 16:48:25.0218 2116 MPE - ok 16:48:25.0218 2116 mraid35x - ok 16:48:25.0250 2116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:48:25.0390 2116 MRxDAV - ok 16:48:25.0453 2116 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:48:25.0531 2116 MRxSmb - ok 16:48:25.0546 2116 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 16:48:25.0703 2116 MSDTC - ok 16:48:25.0718 2116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 16:48:25.0875 2116 Msfs - ok 16:48:25.0875 2116 MSIServer - ok 16:48:25.0906 2116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:48:26.0046 2116 MSKSSRV - ok 16:48:26.0046 2116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:48:26.0187 2116 MSPCLOCK - ok 16:48:26.0218 2116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 16:48:26.0359 2116 MSPQM - ok 16:48:26.0390 2116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:48:26.0562 2116 mssmbios - ok 16:48:26.0609 2116 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 16:48:26.0750 2116 MSTEE - ok 16:48:26.0781 2116 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 16:48:26.0828 2116 Mup - ok 16:48:26.0843 2116 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 16:48:26.0984 2116 NABTSFEC - ok 16:48:27.0031 2116 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 16:48:27.0187 2116 napagent - ok 16:48:27.0234 2116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 16:48:27.0390 2116 NDIS - ok 16:48:27.0406 2116 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 16:48:27.0562 2116 NdisIP - ok 16:48:27.0593 2116 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:48:27.0625 2116 NdisTapi - ok 16:48:27.0656 2116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:48:27.0812 2116 Ndisuio - ok 16:48:27.0828 2116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:48:27.0984 2116 NdisWan - ok 16:48:28.0000 2116 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 16:48:28.0046 2116 NDProxy - ok 16:48:28.0078 2116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:48:28.0203 2116 NetBIOS - ok 16:48:28.0234 2116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:48:28.0390 2116 NetBT - ok 16:48:28.0437 2116 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 16:48:28.0593 2116 NetDDE - ok 16:48:28.0609 2116 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 16:48:28.0750 2116 NetDDEdsdm - ok 16:48:28.0781 2116 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 16:48:28.0953 2116 Netlogon - ok 16:48:28.0984 2116 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 16:48:29.0140 2116 Netman - ok 16:48:29.0250 2116 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:48:29.0265 2116 NetTcpPortSharing - ok 16:48:29.0312 2116 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 16:48:29.0359 2116 Nla - ok 16:48:29.0390 2116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 16:48:29.0546 2116 Npfs - ok 16:48:29.0625 2116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 16:48:29.0781 2116 Ntfs - ok 16:48:29.0796 2116 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 16:48:29.0937 2116 NtLmSsp - ok 16:48:29.0984 2116 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 16:48:30.0140 2116 NtmsSvc - ok 16:48:30.0171 2116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:48:30.0328 2116 Null - ok 16:48:30.0593 2116 nv (10458bfc0968e7e69d77f292942b27b1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:48:30.0812 2116 nv - ok 16:48:30.0921 2116 NVSvc (f6fca6047879de7a2964757eb8b2101b) C:\WINDOWS\system32\nvsvc32.exe 16:48:30.0953 2116 NVSvc - ok 16:48:31.0015 2116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:48:31.0171 2116 NwlnkFlt - ok 16:48:31.0187 2116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:48:31.0343 2116 NwlnkFwd - ok 16:48:31.0421 2116 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 16:48:31.0437 2116 ose - ok 16:48:31.0453 2116 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 16:48:31.0609 2116 Parport - ok 16:48:31.0640 2116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 16:48:31.0796 2116 PartMgr - ok 16:48:31.0828 2116 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 16:48:31.0953 2116 ParVdm - ok 16:48:31.0953 2116 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 16:48:32.0109 2116 PCI - ok 16:48:32.0109 2116 PCIDump - ok 16:48:32.0125 2116 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 16:48:32.0281 2116 PCIIde - ok 16:48:32.0312 2116 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:48:32.0437 2116 Pcmcia - ok 16:48:32.0437 2116 PDCOMP - ok 16:48:32.0437 2116 PDFRAME - ok 16:48:32.0453 2116 PDRELI - ok 16:48:32.0453 2116 PDRFRAME - ok 16:48:32.0453 2116 perc2 - ok 16:48:32.0453 2116 perc2hib - ok 16:48:32.0593 2116 pgsql-8.3 - ok 16:48:32.0625 2116 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 16:48:32.0640 2116 PlugPlay - ok 16:48:32.0671 2116 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 16:48:32.0812 2116 PolicyAgent - ok 16:48:32.0828 2116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:48:32.0984 2116 PptpMiniport - ok 16:48:33.0000 2116 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 16:48:33.0156 2116 Processor - ok 16:48:33.0171 2116 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 16:48:33.0296 2116 ProtectedStorage - ok 16:48:33.0312 2116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 16:48:33.0437 2116 PSched - ok 16:48:33.0453 2116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:48:33.0578 2116 Ptilink - ok 16:48:33.0625 2116 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:48:33.0625 2116 PxHelp20 - ok 16:48:33.0640 2116 ql1080 - ok 16:48:33.0640 2116 Ql10wnt - ok 16:48:33.0640 2116 ql12160 - ok 16:48:33.0656 2116 ql1240 - ok 16:48:33.0656 2116 ql1280 - ok 16:48:33.0656 2116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:48:33.0781 2116 RasAcd - ok 16:48:33.0828 2116 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 16:48:33.0968 2116 RasAuto - ok 16:48:34.0000 2116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:48:34.0218 2116 Rasl2tp - ok 16:48:34.0265 2116 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 16:48:34.0437 2116 RasMan - ok 16:48:34.0437 2116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:48:34.0593 2116 RasPppoe - ok 16:48:34.0625 2116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:48:34.0750 2116 Raspti - ok 16:48:34.0781 2116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:48:34.0937 2116 Rdbss - ok 16:48:34.0953 2116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:48:35.0062 2116 RDPCDD - ok 16:48:35.0093 2116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 16:48:35.0218 2116 rdpdr - ok 16:48:35.0265 2116 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 16:48:35.0312 2116 RDPWD - ok 16:48:35.0359 2116 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 16:48:35.0500 2116 RDSessMgr - ok 16:48:35.0531 2116 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:48:35.0671 2116 redbook - ok 16:48:35.0703 2116 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 16:48:35.0843 2116 RemoteAccess - ok 16:48:35.0859 2116 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll 16:48:36.0015 2116 RemoteRegistry - ok 16:48:36.0140 2116 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Programme\CyberLink\Shared Files\RichVideo.exe 16:48:36.0156 2116 RichVideo ( UnsignedFile.Multi.Generic ) - warning 16:48:36.0156 2116 RichVideo - detected UnsignedFile.Multi.Generic (1) 16:48:36.0171 2116 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 16:48:36.0328 2116 RpcLocator - ok 16:48:36.0390 2116 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 16:48:36.0421 2116 RpcSs - ok 16:48:36.0453 2116 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 16:48:36.0593 2116 RSVP - ok 16:48:36.0640 2116 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 16:48:36.0687 2116 RTLE8023xp - ok 16:48:36.0718 2116 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 16:48:36.0875 2116 SamSs - ok 16:48:36.0921 2116 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 16:48:37.0078 2116 SCardSvr - ok 16:48:37.0125 2116 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 16:48:37.0265 2116 Schedule - ok 16:48:37.0296 2116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:48:37.0359 2116 Secdrv - ok 16:48:37.0390 2116 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 16:48:37.0578 2116 seclogon - ok 16:48:37.0593 2116 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 16:48:37.0750 2116 SENS - ok 16:48:37.0781 2116 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys 16:48:37.0921 2116 Serial - ok 16:48:37.0937 2116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 16:48:38.0093 2116 Sfloppy - ok 16:48:38.0156 2116 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 16:48:38.0296 2116 SharedAccess - ok 16:48:38.0343 2116 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 16:48:38.0359 2116 ShellHWDetection - ok 16:48:38.0359 2116 Simbad - ok 16:48:38.0437 2116 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe 16:48:38.0453 2116 SkypeUpdate - ok 16:48:38.0500 2116 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 16:48:38.0671 2116 SLIP - ok 16:48:38.0671 2116 Sparrow - ok 16:48:38.0687 2116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 16:48:38.0828 2116 splitter - ok 16:48:38.0875 2116 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 16:48:38.0906 2116 Spooler - ok 16:48:38.0937 2116 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 16:48:39.0000 2116 sr - ok 16:48:39.0046 2116 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 16:48:39.0109 2116 srservice - ok 16:48:39.0140 2116 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 16:48:39.0187 2116 Srv - ok 16:48:39.0234 2116 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 16:48:39.0296 2116 SSDPSRV - ok 16:48:39.0328 2116 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 16:48:39.0343 2116 ssmdrv - ok 16:48:39.0406 2116 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 16:48:39.0562 2116 stisvc - ok 16:48:39.0609 2116 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 16:48:39.0781 2116 streamip - ok 16:48:39.0796 2116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:48:39.0921 2116 swenum - ok 16:48:39.0937 2116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 16:48:40.0078 2116 swmidi - ok 16:48:40.0078 2116 SwPrv - ok 16:48:40.0093 2116 symc810 - ok 16:48:40.0093 2116 symc8xx - ok 16:48:40.0093 2116 sym_hi - ok 16:48:40.0109 2116 sym_u3 - ok 16:48:40.0125 2116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 16:48:40.0250 2116 sysaudio - ok 16:48:40.0281 2116 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 16:48:40.0453 2116 SysmonLog - ok 16:48:40.0546 2116 SystemStore (1a78d70d7a02c920a18843426682899b) C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe 16:48:40.0562 2116 SystemStore ( UnsignedFile.Multi.Generic ) - warning 16:48:40.0562 2116 SystemStore - detected UnsignedFile.Multi.Generic (1) 16:48:40.0609 2116 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 16:48:40.0750 2116 TapiSrv - ok 16:48:40.0796 2116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:48:40.0843 2116 Tcpip - ok 16:48:40.0890 2116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:48:41.0046 2116 TDPIPE - ok 16:48:41.0046 2116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 16:48:41.0187 2116 TDTCP - ok 16:48:41.0218 2116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:48:41.0375 2116 TermDD - ok 16:48:41.0421 2116 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 16:48:41.0578 2116 TermService - ok 16:48:41.0578 2116 TfFsMon - ok 16:48:41.0593 2116 TfNetMon - ok 16:48:41.0593 2116 TfSysMon - ok 16:48:41.0640 2116 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 16:48:41.0640 2116 Themes - ok 16:48:41.0687 2116 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe 16:48:41.0750 2116 TlntSvr - ok 16:48:41.0750 2116 TosIde - ok 16:48:41.0796 2116 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 16:48:41.0937 2116 TrkWks - ok 16:48:41.0968 2116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 16:48:42.0109 2116 Udfs - ok 16:48:42.0125 2116 ultra - ok 16:48:42.0156 2116 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe 16:48:42.0203 2116 UMWdf - ok 16:48:42.0250 2116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 16:48:42.0390 2116 Update - ok 16:48:42.0437 2116 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 16:48:42.0515 2116 upnphost - ok 16:48:42.0546 2116 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 16:48:42.0718 2116 UPS - ok 16:48:42.0765 2116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:48:42.0906 2116 usbccgp - ok 16:48:42.0953 2116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:48:43.0078 2116 usbehci - ok 16:48:43.0093 2116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:48:43.0250 2116 usbhub - ok 16:48:43.0265 2116 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 16:48:43.0406 2116 usbohci - ok 16:48:43.0421 2116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:48:43.0593 2116 usbprint - ok 16:48:43.0609 2116 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:48:43.0765 2116 usbstor - ok 16:48:43.0765 2116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 16:48:43.0875 2116 VgaSave - ok 16:48:43.0890 2116 ViaIde - ok 16:48:43.0921 2116 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 16:48:44.0109 2116 VolSnap - ok 16:48:44.0171 2116 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 16:48:44.0265 2116 VSS - ok 16:48:44.0312 2116 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 16:48:44.0453 2116 W32Time - ok 16:48:44.0484 2116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:48:44.0640 2116 Wanarp - ok 16:48:44.0687 2116 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 16:48:44.0734 2116 wanatw - ok 16:48:44.0734 2116 WDICA - ok 16:48:44.0750 2116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 16:48:44.0890 2116 wdmaud - ok 16:48:44.0921 2116 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 16:48:45.0093 2116 WebClient - ok 16:48:45.0187 2116 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 16:48:45.0328 2116 winmgmt - ok 16:48:45.0359 2116 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll 16:48:45.0390 2116 WmdmPmSN - ok 16:48:45.0453 2116 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll 16:48:45.0531 2116 Wmi - ok 16:48:45.0562 2116 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 16:48:45.0703 2116 WmiApSrv - ok 16:48:45.0875 2116 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:48:45.0921 2116 WPFFontCache_v0400 - ok 16:48:45.0968 2116 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:48:46.0109 2116 WS2IFSL - ok 16:48:46.0312 2116 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 16:48:46.0500 2116 wscsvc - ok 16:48:46.0578 2116 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 16:48:46.0703 2116 WSTCODEC - ok 16:48:46.0718 2116 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 16:48:46.0875 2116 wuauserv - ok 16:48:47.0296 2116 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 16:48:47.0500 2116 WZCSVC - ok 16:48:47.0500 2116 xcpip - ok 16:48:47.0531 2116 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 16:48:47.0687 2116 xmlprov - ok 16:48:47.0687 2116 xpsec - ok 16:48:47.0703 2116 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 16:48:48.0203 2116 \Device\Harddisk0\DR0 - ok 16:48:48.0218 2116 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR13 16:48:49.0187 2116 \Device\Harddisk6\DR13 - ok 16:48:49.0203 2116 Boot (0x1200) (b137f492af53146361b746e889df95bb) \Device\Harddisk0\DR0\Partition0 16:48:49.0218 2116 \Device\Harddisk0\DR0\Partition0 - ok 16:48:49.0250 2116 Boot (0x1200) (c50d5712cef1a0b1dcb6fe8945cb8afd) \Device\Harddisk0\DR0\Partition1 16:48:49.0250 2116 \Device\Harddisk0\DR0\Partition1 - ok 16:48:49.0265 2116 Boot (0x1200) (eca493ba57436cb4a85cd0f9f24e0487) \Device\Harddisk6\DR13\Partition0 16:48:49.0265 2116 \Device\Harddisk6\DR13\Partition0 - ok 16:48:49.0265 2116 ============================================================ 16:48:49.0265 2116 Scan finished 16:48:49.0265 2116 ============================================================ 16:48:49.0375 2636 Detected object count: 7 16:48:49.0375 2636 Actual detected object count: 7 16:48:53.0281 2636 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:53.0281 2636 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:48:53.0296 2636 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:53.0296 2636 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:48:53.0296 2636 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:53.0296 2636 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:48:53.0296 2636 MHN ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:53.0296 2636 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:48:53.0296 2636 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:53.0296 2636 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:48:53.0296 2636 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:53.0296 2636 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:48:53.0296 2636 SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:53.0296 2636 SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:49:02.0171 3532 Deinitialize success |
29.05.2012, 08:18 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
30.05.2012, 12:37 | #13 |
| Extreme Internet/Rechnerverlangsamung Combofix Logfile: Code:
ATTFilter ComboFix 12-05-30.02 - Besitzer 30.05.2012 13:14:14.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.540 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} * Neuer Wiederherstellungspunkt wurde erstellt . Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\DFC5A2B2.TMP c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\~ygw.tmp c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Desktopicon c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Roaming c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Roaming\HoldemManager\config\FTPRushTables.xml c:\dokumente und einstellungen\Besitzer\WINDOWS c:\dokumente und einstellungen\mrpgrey\ntuser.tmp c:\windows\IsUn0407.exe c:\windows\unin0407.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-30 )))))))))))))))))))))))))))))) . . 2012-05-28 12:49 . 2012-05-28 12:49 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-24 13:44 . 2012-05-24 13:44 1409 ----a-w- c:\windows\QTFont.for 2012-05-23 21:18 . 2012-05-23 21:18 -------- d-----w- c:\programme\AOL 9.0 VR 2012-05-23 20:31 . 2012-05-23 20:31 -------- d-----w- C:\_OTL 2012-05-21 21:44 . 2004-05-10 19:05 153088 ----a-w- c:\windows\system32\jgdwmie.dll 2012-05-21 21:44 . 2004-05-10 19:05 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-05-21 21:43 . 2012-05-23 21:25 -------- d-----w- c:\programme\Gemeinsame Dateien\aolshare 2012-05-21 21:43 . 2012-05-23 12:10 -------- d-----w- c:\programme\AOL 9.0 2012-05-21 18:11 . 2012-05-21 18:11 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache 2012-05-21 07:37 . 2012-05-21 07:37 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-21 07:36 . 2012-05-21 07:37 -------- d-----w- c:\programme\Freemium 2012-05-11 12:32 . 2012-05-11 12:32 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox 2012-05-11 12:31 . 2012-05-11 12:31 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Freemium . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-23 20:20 . 2011-06-24 16:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:51 . 2004-08-04 00:50 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:51 . 2004-08-10 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:51 . 2004-08-10 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-05-21 19:40 . 2012-04-11 13:11 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOL Fast Start"="c:\programme\AOL 9.0 VRa\AOL.EXE" [2007-06-21 50480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456] "nwiz"="nwiz.exe" [2005-06-15 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016] "Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952] "HostManager"="c:\programme\Gemeinsame Dateien\AOL\1337806936\ee\AOLSoftware.exe" [2006-09-26 50736] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-05-21 98304] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk backup=c:\windows\pss\Status Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup . [HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-04-04 05:53 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2005-05-17 16:42 933888 ------w- c:\programme\Brother\ControlCenter2\brctrcen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray] 2004-09-03 08:58 65536 ------w- c:\programme\Ahead\ODD Toolkit\dvdtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-05 21:55 54832 ----a-w- c:\programme\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2006-02-13 16:33 214648 ----a-w- c:\programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-05-21 21:45 98304 ----a-w- c:\programme\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 14:10 56928 ------w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 17:02 49152 ------w- c:\programme\Brother\Brmfl05a\BrStDvPt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 06:55 17148552 ----a-r- c:\programme\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RichVideo"=2 (0x2) "LightScribeService"=2 (0x2) "Browser Defender Update Service"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "Brother XP spl Service"=2 (0x2) "SkypeUpdate"=2 (0x2) "SystemStore"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"= "c:\\Programme\\Gamers.IRC\\mirc.exe"= "c:\\Programme\\Octoshape Streaming Services\\Besitzer\\OctoshapeClient.exe"= "c:\\Programme\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"= "c:\\mIRC\\mirc.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "d:\\Eigene Dateien\\HL2_UK\\hl2.exe"= "c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Programme\\Trillian\\trillian.exe"= "c:\\Programme\\Warcraft III\\Warcraft III.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programme\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programme\\Veetle\\Player\\VeetleNet.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"= "c:\\Programme\\AOL 9.0\\waol.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\1337806936\\ee\\aolsoftware.exe"= "c:\\Programme\\AOL 9.0 VRa\\waol.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5432:TCP"= 5432:TCP:postgres "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 GarenaPEngine;GarenaPEngine;c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp [x] R3 GGSAFERDriver;GGSAFER Driver;c:\programme\Garena\safedrv.sys [x] R3 krdpdre;krdpdre;c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-21 129976] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys [x] R4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [2012-02-29 158856] R4 SystemStore;System Store;c:\programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-04-24 14848] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] S3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-06-13 969728] . . . ------- Zusätzlicher Suchlauf ------- . uStart Page = TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - a0ed97790000000000000019dbc2cad6 FF - user.js: extensions.BabylonToolbar_i.hardId - a0ed97790000000000000019dbc2cad6 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15481 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:44 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-ApnUpdater - c:\programme\Ask.com\Updater\Updater.exe MSConfigStartUp-DW6 - c:\programme\The Weather Channel FW\Desktop\DesktopWeather.exe MSConfigStartUp-Guard.Mail.ru - c:\programme\Guard-ICQ\GuardICQ.exe MSConfigStartUp-ICQ - c:\programme\ICQ7.7\ICQ.exe MSConfigStartUp-ISTray - c:\programme\Spyware Doctor\pctsTray.exe MSConfigStartUp-Performance Center - c:\programme\Ascentive\Performance Center\APCMain.exe MSConfigStartUp-RealTray - c:\programme\Real\RealPlayer\RealPlay.exe MSConfigStartUp-Steam - c:\programme\Steam\Steam.exe AddRemove-AIM LINK - c:\progra~1\GEMEIN~1\aolshare\AIM\UNWISE.EXE AddRemove-The Weather Channel Desktop 6 - c:\programme\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe AddRemove-William Hill Poker - c:\poker\William Hill Poker\_SetupPoker_585002_en.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-05-30 13:27 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(3928) c:\programme\Gemeinsame Dateien\AOL\ACS\WLHook.dll c:\windows\system32\webcheck.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\programme\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\RTHDCPL.EXE c:\programme\AOL 9.0 VRa\waol.exe c:\programme\PostgreSQL\8.3\bin\postgres.exe c:\programme\PostgreSQL\8.3\bin\postgres.exe c:\windows\eHome\ehmsas.exe c:\programme\PostgreSQL\8.3\bin\postgres.exe c:\programme\PostgreSQL\8.3\bin\postgres.exe c:\programme\PostgreSQL\8.3\bin\postgres.exe c:\programme\PostgreSQL\8.3\bin\postgres.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\programme\AOL 9.0 VRa\shellmon.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-05-30 13:31:34 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-05-30 11:31 . Vor Suchlauf: 19 Verzeichnis(se), 26.127.790.080 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 26.635.870.208 Bytes frei . - - End Of File - - 001490D74EF8294F043D1BE2691434CB |
30.05.2012, 12:50 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox:: FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - a0ed97790000000000000019dbc2cad6 FF - user.js: extensions.BabylonToolbar_i.hardId - a0ed97790000000000000019dbc2cad6 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15481 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:44 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5432:TCP"=- "3389:TCP"=- "65533:TCP"=- "52344:TCP"=- 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
30.05.2012, 13:11 | #15 |
| Extreme Internet/Rechnerverlangsamung Combofix Logfile: Code:
ATTFilter ComboFix 12-05-30.02 - Besitzer 30.05.2012 13:59:34.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.631 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Besitzer\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} * Neuer Wiederherstellungspunkt wurde erstellt . Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-30 )))))))))))))))))))))))))))))) . . 2012-05-28 12:49 . 2012-05-28 12:49 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-24 13:44 . 2012-05-24 13:44 1409 ----a-w- c:\windows\QTFont.for 2012-05-23 21:18 . 2012-05-23 21:18 -------- d-----w- c:\programme\AOL 9.0 VR 2012-05-23 20:31 . 2012-05-23 20:31 -------- d-----w- C:\_OTL 2012-05-21 21:44 . 2004-05-10 19:05 153088 ----a-w- c:\windows\system32\jgdwmie.dll 2012-05-21 21:44 . 2004-05-10 19:05 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-05-21 21:43 . 2012-05-23 21:25 -------- d-----w- c:\programme\Gemeinsame Dateien\aolshare 2012-05-21 21:43 . 2012-05-23 12:10 -------- d-----w- c:\programme\AOL 9.0 2012-05-21 18:11 . 2012-05-21 18:11 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache 2012-05-21 07:37 . 2012-05-21 07:37 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-21 07:36 . 2012-05-21 07:37 -------- d-----w- c:\programme\Freemium 2012-05-11 12:32 . 2012-05-11 12:32 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox 2012-05-11 12:31 . 2012-05-11 12:31 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Freemium . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-23 20:20 . 2011-06-24 16:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:51 . 2004-08-04 00:50 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:51 . 2004-08-10 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:51 . 2004-08-10 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-05-21 19:40 . 2012-04-11 13:11 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOL Fast Start"="c:\programme\AOL 9.0 VRa\AOL.EXE" [2007-06-21 50480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456] "nwiz"="nwiz.exe" [2005-06-15 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016] "Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952] "HostManager"="c:\programme\Gemeinsame Dateien\AOL\1337806936\ee\AOLSoftware.exe" [2006-09-26 50736] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-05-21 98304] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk backup=c:\windows\pss\Status Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup . [HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-04-04 05:53 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] 2005-05-17 16:42 933888 ------w- c:\programme\Brother\ControlCenter2\brctrcen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray] 2004-09-03 08:58 65536 ------w- c:\programme\Ahead\ODD Toolkit\dvdtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-05 21:55 54832 ----a-w- c:\programme\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2006-02-13 16:33 214648 ----a-w- c:\programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-05-21 21:45 98304 ----a-w- c:\programme\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 14:10 56928 ------w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2005-01-26 17:02 49152 ------w- c:\programme\Brother\Brmfl05a\BrStDvPt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 06:55 17148552 ----a-r- c:\programme\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RichVideo"=2 (0x2) "LightScribeService"=2 (0x2) "Browser Defender Update Service"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "Brother XP spl Service"=2 (0x2) "SkypeUpdate"=2 (0x2) "SystemStore"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"= "c:\\Programme\\Gamers.IRC\\mirc.exe"= "c:\\Programme\\Octoshape Streaming Services\\Besitzer\\OctoshapeClient.exe"= "c:\\Programme\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"= "c:\\mIRC\\mirc.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "d:\\Eigene Dateien\\HL2_UK\\hl2.exe"= "c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Programme\\Trillian\\trillian.exe"= "c:\\Programme\\Warcraft III\\Warcraft III.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programme\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programme\\Veetle\\Player\\VeetleNet.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"= "c:\\Programme\\AOL 9.0\\waol.exe"= "c:\\Programme\\Gemeinsame Dateien\\aol\\1337806936\\ee\\aolsoftware.exe"= "c:\\Programme\\AOL 9.0 VRa\\waol.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.07.2009 15:31 108289] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programme\PostgreSQL\8.3\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?] R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [13.06.2006 22:04 969728] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384] S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp --> c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programme\Garena\safedrv.sys --> c:\programme\Garena\safedrv.sys [?] S3 krdpdre;krdpdre;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys --> c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [21.05.2012 21:40 129976] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504] S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 08:50 158856] S4 SystemStore;System Store;c:\programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [24.04.2012 14:21 14848] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-05-30 14:07 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(2712) c:\windows\system32\webcheck.dll . Zeit der Fertigstellung: 2012-05-30 14:09:04 ComboFix-quarantined-files.txt 2012-05-30 12:09 ComboFix2.txt 2012-05-30 11:31 . Vor Suchlauf: 19 Verzeichnis(se), 26.588.549.120 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 26.586.636.288 Bytes frei . - - End Of File - - A5E764DFB50DB304A6F659A0CB319937 |
Themen zu Extreme Internet/Rechnerverlangsamung |
100%, ablauf, adware.adon, beschreiben, dateisystem, einfügen, einzige, exploit, extrem, fehler, folge, folgende, freundlich, guten, heuristiks/extra, heuristiks/shuriken, install.exe, interne, nachvollziehen, neu, poste, posten, posts, punkt, pup.adware.installcore, pup.toolbardownloader, rechner, situation, unbekannt, versuche, woche, würde, würdet, übers |