|
Plagegeister aller Art und deren Bekämpfung: Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.05.2012, 21:21 | #1 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition Hallo zusammen, ich wende mich an euch mit folgendem Problem: Seid wenigen Tagen kommt es auf verschiedensten Internetseiten zu fehlerhaften Darstellungen. Darüber hinaus wird mir ständig angezeigt, dass zu wenig Speicherplatz auf System(C verfügbar sei. Was mich daran stutzig macht, ist, dass nachdem ich Programme mit einer Größe von ca. 1,5 Gigabyte von System(C gelöscht hatte, kurze Zeit später wieder kein Speicherplatz verfügbar war. Es scheint, als würden ständig neue Daten heruntergeladen, die die C-Partition füllen. Ich frage mich nun, woran das liegen könnte. Da das Problem, wie schon erwähnt, erst seid kurzem besteht und auch nicht mit Veränderungen von meiner Seite aus am Computer einherging, kam mir ein eventueller Zusammenhang mit Malware in den Sinn. Schonmal vielen Dank für eure Hilfe. MfG sheryO Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-05-27 19:49:02 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00 Running: nb7c7458.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys ---- System - GMER 1.0.15 ---- SSDT BA70320E ZwCreateKey SSDT BA703204 ZwCreateThread SSDT BA703213 ZwDeleteKey SSDT BA70321D ZwDeleteValueKey SSDT BA703222 ZwLoadKey SSDT BA7031F0 ZwOpenProcess SSDT BA7031F5 ZwOpenThread SSDT BA70322C ZwReplaceKey SSDT BA703227 ZwRestoreKey SSDT BA703218 ZwSetValueKey SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA8549620] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssdsp.flt 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\msseax.flt 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssmp3.asi 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn 1 ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter .DDS Logfile: Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 28.06.2006 11:42:48 System Uptime: 27.05.2012 13:46:10 (9 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7187 Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2799/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 29 GiB total, 0 GiB free. D: is FIXED (NTFS) - 149 GiB total, 97,101 GiB free. E: is FIXED (NTFS) - 120 GiB total, 119,555 GiB free. F: is Removable G: is Removable H: is Removable J: is Removable O: is CDROM () U: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 6 . ==== End Of File =========================== |
29.05.2012, 15:44 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
31.05.2012, 18:40 | #3 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionCode:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.19.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: PC-xxx [Administrator] 25.04.2012 16:02:11 mbam-log-2012-04-25 (16-02-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 265140 Laufzeit: 28 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.23.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: PC-xxx [Administrator] 23.05.2012 15:51:48 mbam-log-2012-05-23 (15-51-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272535 Laufzeit: 38 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.31.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: PC-xxx [Administrator] 31.05.2012 14:15:45 mbam-log-2012-05-31 (14-15-45).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272495 Laufzeit: 1 Stunde(n), 36 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d5267768293ad945a4bcd1cb38665ae1 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-31 05:35:52 # local_time=2012-05-31 07:35:52 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 127253509 127253509 0 0 # compatibility_mode=8192 67108863 100 0 23854131 23854131 0 0 # scanned=79349 # found=0 # cleaned=0 # scan_time=6200 |
31.05.2012, 19:41 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
31.05.2012, 20:18 | #5 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionCode:
ATTFilter OTL logfile created on: 31.05.2012 20:48:44 - Run 4 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,31% Memory free 3,35 Gb Paging File | 2,83 Gb Available in Paging File | 84,62% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 0,13 Gb Free Space | 0,46% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 96,91 Gb Free Space | 65,02% Space Free | Partition Type: NTFS Drive E: | 119,75 Gb Total Space | 119,56 Gb Free Space | 99,84% Space Free | Partition Type: NTFS Drive G: | 3,79 Gb Total Space | 3,79 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive I: | 7,45 Gb Total Space | 5,42 Gb Free Space | 72,68% Space Free | Partition Type: FAT32 Computer Name: PC-LUENDORF | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.31 20:46:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2010.10.28 17:01:04 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2010.04.10 08:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.05.13 20:32:48 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll MOD - [2012.05.10 22:57:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.10 22:57:43 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll MOD - [2012.05.10 22:57:22 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll MOD - [2012.05.10 22:56:42 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll MOD - [2012.05.10 22:55:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.10 22:54:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010.07.18 13:51:46 | 000,063,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2010.07.18 13:51:40 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2010.07.17 13:07:02 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2002.12.01 20:10:36 | 000,026,008 | ---- | M] () -- C:\WINDOWS\system32\WIN2PDFM.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008.04.14 07:52:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008.04.14 07:52:16 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008.04.14 07:52:08 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2002.12.31 14:00:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp -- (GarenaPEngine) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.14 07:32:18 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008.04.14 07:28:14 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.04.14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2006.06.07 23:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.05.03 03:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW) DRV - [2005.10.25 04:45:54 | 000,173,568 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ftsata2.sys -- (ftsata2) DRV - [2005.10.19 08:20:30 | 000,357,792 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02) DRV - [2005.03.14 07:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2002.12.31 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2002.12.31 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2002.05.02 13:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes,DefaultScope = {2863C1E5-CF75-4945-933E-90E4AA60B606} IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{2863C1E5-CF75-4945-933E-90E4AA60B606}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = hxxp://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=8QYAJ5lM IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "" FF - prefs.js..browser.search.param.yahoo-type: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.13 13:13:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.18 15:58:01 | 000,000,000 | ---D | M] [2008.12.04 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.04.06 11:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions [2012.04.06 11:55:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.06 11:55:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.03.06 12:59:34 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.03.06 12:59:30 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml [2012.04.06 11:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.18 15:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.18 15:57:46 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.07.13 13:13:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.13 13:13:53 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.07.13 13:13:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.13 13:13:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.13 13:13:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.08.29 00:19:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKU\S-1-5-21-746137067-1177238915-725345543-500..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found O15 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..Trusted Domains: kaspersky.com ([www] * in Vertrauenswürdige Sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8}: NameServer = 192.168.100.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{242BB936-621A-480D-8324-497D6BCE33DA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EA54FBD-BD02-4751-8F66-1F53BAA8A94F}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk - - File not found MsConfig - StartUpReg: rSkVSbFvavfCaY.exe - hkey= - key= - File not found MsConfig - StartUpReg: S75srfkXRfxEhp - hkey= - key= - File not found MsConfig - StartUpReg: Upgrade - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: 57890767.sys - Driver SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: 57890767.sys - Driver SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation) Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll () Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.05.31 20:46:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.05.31 17:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.05.29 16:18:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2012.05.27 19:35:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2012.05.10 22:52:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012.05.31 20:46:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.05.31 18:38:05 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini [2012.05.31 14:04:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2012.05.31 14:03:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.31 10:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.29 14:54:34 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk [2012.05.27 19:34:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.05.27 17:47:00 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.11 15:01:26 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.10 22:54:06 | 000,456,314 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.10 22:54:06 | 000,438,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.10 22:54:06 | 000,083,408 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.10 22:54:06 | 000,070,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.05.27 19:34:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.02.17 17:00:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.10 21:21:06 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.15 15:08:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.07.15 15:08:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.07.15 15:08:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.07.15 15:08:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.07.15 15:08:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.07.12 14:18:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat ========== LOP Check ========== [2010.07.27 13:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blender Foundation [2012.05.31 18:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox [2012.03.27 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foky [2012.04.02 13:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 [2010.10.31 15:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ [2009.05.15 17:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston [2010.01.03 15:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2010.07.19 12:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SumatraPDF [2010.01.19 19:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2012.05.28 17:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WEB.DE [2012.03.24 13:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ylox [2009.07.21 12:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2012.05.31 14:04:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.02.09 16:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.04.01 15:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2007.12.20 09:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AdobeUM [2010.05.30 12:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2010.07.27 13:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blender Foundation [2012.05.31 18:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox [2012.03.27 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foky [2012.03.29 17:56:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Google [2012.04.02 13:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 [2010.10.31 15:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ [2006.06.28 11:40:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities [2009.05.15 17:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston [2010.01.03 15:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2010.07.16 13:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia [2009.08.21 18:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.09.10 22:47:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic [2011.04.20 13:43:12 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft [2008.12.04 16:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla [2011.06.15 13:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Realxml [2010.07.29 19:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype [2010.07.29 19:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM [2010.07.19 12:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SumatraPDF [2006.11.20 17:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun [2010.07.17 13:06:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com [2010.01.19 19:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2011.09.10 21:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc [2012.05.28 17:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WEB.DE [2010.07.15 23:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR [2010.07.31 18:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yahoo! [2012.03.24 13:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ylox < %APPDATA%\*.exe /s > [2007.12.17 16:53:55 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Uninstall.exe [2008.09.19 01:19:30 | 000,937,465 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTraveler.exe [2008.09.18 15:32:22 | 001,839,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerA.exe [2008.09.19 01:05:36 | 003,231,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerB.exe [2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerDaemon.exe [2008.09.18 15:32:22 | 001,839,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerA.exe [2008.09.19 01:05:36 | 003,231,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerB.exe [2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerDaemon.exe [2012.01.23 22:35:49 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2006.06.28 11:46:34 | 000,027,670 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\ARPPRODUCTICON.exe [2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\GEAR.jpg_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe [2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\GEAR.NFO_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe [2006.06.28 11:46:35 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\ReadMe.txt_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe [2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\__GoldEsel___visit_u_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe [2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\__Wichtig___Lesen____8DD42AE05F594AA78DCBB6CC7C1C08EB.exe < %SYSTEMDRIVE%\*.exe > [2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2002.12.31 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2002.12.31 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2002.12.31 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2002.12.31 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2002.12.31 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.06.28 13:27:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.06.28 13:27:27 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.06.28 13:27:27 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
31.05.2012, 20:53 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL [2012.04.06 11:55:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.06 12:59:34 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.03.06 12:59:30 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk - - File not found MsConfig - StartUpReg: rSkVSbFvavfCaY.exe - hkey= - key= - File not found MsConfig - StartUpReg: S75srfkXRfxEhp - hkey= - key= - File not found :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition |
31.05.2012, 21:23 | #7 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionCode:
ATTFilter All processes killed ========== OTL ========== C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk\ deleted successfully. C:\WINDOWS\pss\cgs8h0.exe.lnkStartup moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\rSkVSbFvavfCaY.exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\S75srfkXRfxEhp\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 2502397 bytes ->Temporary Internet Files folder emptied: 2986101 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3202055 bytes ->Flash cache emptied: 3803597 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 12,00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.44.0 log created on 05312012_221801 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
01.06.2012, 11:18 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
01.06.2012, 18:38 | #9 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionCode:
ATTFilter 19:34:28.0171 2232 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 19:34:28.0343 2232 ============================================================ 19:34:28.0343 2232 Current date / time: 2012/06/01 19:34:28.0343 19:34:28.0343 2232 SystemInfo: 19:34:28.0343 2232 19:34:28.0343 2232 OS Version: 5.1.2600 ServicePack: 3.0 19:34:28.0343 2232 Product type: Workstation 19:34:28.0343 2232 ComputerName: PC-xxx 19:34:28.0343 2232 UserName: Administrator 19:34:28.0343 2232 Windows directory: C:\WINDOWS 19:34:28.0343 2232 System windows directory: C:\WINDOWS 19:34:28.0343 2232 Processor architecture: Intel x86 19:34:28.0343 2232 Number of processors: 2 19:34:28.0343 2232 Page size: 0x1000 19:34:28.0343 2232 Boot type: Normal boot 19:34:28.0343 2232 ============================================================ 19:34:29.0921 2232 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 19:34:29.0937 2232 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 19:34:29.0953 2232 Drive \Device\Harddisk5\DR8 - Size: 0xF3000000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:34:29.0953 2232 Drive \Device\Harddisk6\DR9 - Size: 0x1DDD00000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:34:29.0953 2232 ============================================================ 19:34:29.0953 2232 \Device\Harddisk0\DR0: 19:34:29.0953 2232 MBR partitions: 19:34:29.0953 2232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1 19:34:29.0968 2232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF7E8D1 19:34:29.0968 2232 \Device\Harddisk1\DR1: 19:34:29.0968 2232 MBR partitions: 19:34:29.0968 2232 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82 19:34:29.0968 2232 \Device\Harddisk5\DR8: 19:34:29.0968 2232 MBR partitions: 19:34:29.0968 2232 \Device\Harddisk5\DR8\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x797FD0 19:34:29.0968 2232 \Device\Harddisk6\DR9: 19:34:29.0968 2232 MBR partitions: 19:34:29.0968 2232 ============================================================ 19:34:30.0000 2232 C: <-> \Device\Harddisk0\DR0\Partition0 19:34:30.0031 2232 D: <-> \Device\Harddisk1\DR1\Partition0 19:34:30.0187 2232 E: <-> \Device\Harddisk0\DR0\Partition1 19:34:30.0187 2232 ============================================================ 19:34:30.0187 2232 Initialize success 19:34:30.0187 2232 ============================================================ 19:34:42.0046 2416 ============================================================ 19:34:42.0046 2416 Scan started 19:34:42.0046 2416 Mode: Manual; SigCheck; TDLFS; 19:34:42.0046 2416 ============================================================ 19:34:42.0281 2416 Abiosdsk - ok 19:34:42.0281 2416 abp480n5 - ok 19:34:42.0312 2416 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 19:34:43.0718 2416 ACPI - ok 19:34:43.0734 2416 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 19:34:43.0875 2416 ACPIEC - ok 19:34:43.0890 2416 adpu160m - ok 19:34:43.0906 2416 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 19:34:44.0062 2416 aec - ok 19:34:44.0078 2416 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 19:34:44.0125 2416 AFD - ok 19:34:44.0125 2416 Aha154x - ok 19:34:44.0140 2416 aic78u2 - ok 19:34:44.0140 2416 aic78xx - ok 19:34:44.0171 2416 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 19:34:44.0296 2416 Alerter - ok 19:34:44.0312 2416 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 19:34:44.0437 2416 ALG - ok 19:34:44.0437 2416 AliIde - ok 19:34:44.0453 2416 amsint - ok 19:34:44.0515 2416 AntiVirSchedulerService (9828ffe47fbeb08b509a7717e4f77cc7) C:\Programme\Avira\AntiVir Desktop\sched.exe 19:34:44.0531 2416 AntiVirSchedulerService - ok 19:34:44.0562 2416 AntiVirService (bbc02905032d453c0e18d5110f841902) C:\Programme\Avira\AntiVir Desktop\avguard.exe 19:34:44.0578 2416 AntiVirService - ok 19:34:44.0609 2416 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll 19:34:44.0750 2416 AppMgmt - ok 19:34:44.0781 2416 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 19:34:44.0906 2416 Arp1394 - ok 19:34:44.0906 2416 asc - ok 19:34:44.0921 2416 asc3350p - ok 19:34:44.0921 2416 asc3550 - ok 19:34:45.0000 2416 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 19:34:45.0015 2416 aspnet_state - ok 19:34:45.0031 2416 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:34:45.0171 2416 AsyncMac - ok 19:34:45.0187 2416 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 19:34:45.0328 2416 atapi - ok 19:34:45.0328 2416 Atdisk - ok 19:34:45.0375 2416 Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe 19:34:45.0468 2416 Ati HotKey Poller - ok 19:34:45.0531 2416 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 19:34:45.0625 2416 ati2mtag - ok 19:34:45.0687 2416 ATIAVAIW (632fd762fa5183fabc01687a4cd357b8) C:\WINDOWS\system32\DRIVERS\atinavt2.sys 19:34:45.0718 2416 ATIAVAIW - ok 19:34:45.0750 2416 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:34:45.0890 2416 Atmarpc - ok 19:34:45.0906 2416 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 19:34:46.0046 2416 AudioSrv - ok 19:34:46.0062 2416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 19:34:46.0203 2416 audstub - ok 19:34:46.0265 2416 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 19:34:46.0265 2416 avgio - ok 19:34:46.0296 2416 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 19:34:46.0421 2416 avgntflt - ok 19:34:46.0437 2416 avipbb (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys 19:34:46.0453 2416 avipbb - ok 19:34:46.0484 2416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 19:34:46.0609 2416 Beep - ok 19:34:46.0640 2416 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 19:34:46.0812 2416 BITS - ok 19:34:46.0843 2416 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 19:34:46.0984 2416 Browser - ok 19:34:47.0046 2416 catchme - ok 19:34:47.0078 2416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 19:34:47.0218 2416 cbidf2k - ok 19:34:47.0250 2416 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 19:34:47.0390 2416 CCDECODE - ok 19:34:47.0390 2416 cd20xrnt - ok 19:34:47.0406 2416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 19:34:47.0546 2416 Cdaudio - ok 19:34:47.0562 2416 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 19:34:47.0703 2416 Cdfs - ok 19:34:47.0734 2416 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 19:34:47.0875 2416 Cdrom - ok 19:34:47.0875 2416 Changer - ok 19:34:47.0906 2416 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 19:34:48.0046 2416 CiSvc - ok 19:34:48.0062 2416 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 19:34:48.0203 2416 ClipSrv - ok 19:34:48.0265 2416 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:34:48.0281 2416 clr_optimization_v2.0.50727_32 - ok 19:34:48.0281 2416 CmdIde - ok 19:34:48.0296 2416 COMSysApp - ok 19:34:48.0296 2416 Cpqarray - ok 19:34:48.0328 2416 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 19:34:48.0468 2416 CryptSvc - ok 19:34:48.0468 2416 dac2w2k - ok 19:34:48.0468 2416 dac960nt - ok 19:34:48.0515 2416 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 19:34:48.0578 2416 DcomLaunch - ok 19:34:48.0593 2416 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys 19:34:48.0609 2416 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 19:34:48.0609 2416 DgiVecp - detected UnsignedFile.Multi.Generic (1) 19:34:48.0640 2416 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 19:34:48.0781 2416 Dhcp - ok 19:34:48.0796 2416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 19:34:48.0937 2416 Disk - ok 19:34:48.0937 2416 dmadmin - ok 19:34:48.0984 2416 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 19:34:49.0156 2416 dmboot - ok 19:34:49.0187 2416 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 19:34:49.0343 2416 dmio - ok 19:34:49.0343 2416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 19:34:49.0484 2416 dmload - ok 19:34:49.0500 2416 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 19:34:49.0640 2416 dmserver - ok 19:34:49.0656 2416 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 19:34:49.0796 2416 DMusic - ok 19:34:49.0812 2416 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 19:34:49.0875 2416 Dnscache - ok 19:34:49.0906 2416 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 19:34:50.0046 2416 Dot3svc - ok 19:34:50.0046 2416 dpti2o - ok 19:34:50.0062 2416 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 19:34:50.0203 2416 drmkaud - ok 19:34:50.0218 2416 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys 19:34:50.0281 2416 E100B - ok 19:34:50.0281 2416 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 19:34:50.0421 2416 EapHost - ok 19:34:50.0453 2416 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 19:34:50.0593 2416 ERSvc - ok 19:34:50.0625 2416 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 19:34:50.0640 2416 Eventlog - ok 19:34:50.0671 2416 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 19:34:50.0718 2416 EventSystem - ok 19:34:50.0734 2416 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 19:34:50.0859 2416 Fastfat - ok 19:34:50.0890 2416 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 19:34:50.0937 2416 FastUserSwitchingCompatibility - ok 19:34:50.0953 2416 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 19:34:51.0093 2416 Fdc - ok 19:34:51.0109 2416 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 19:34:51.0234 2416 Fips - ok 19:34:51.0250 2416 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 19:34:51.0390 2416 Flpydisk - ok 19:34:51.0421 2416 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 19:34:51.0546 2416 FltMgr - ok 19:34:51.0625 2416 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 19:34:51.0640 2416 FontCache3.0.0.0 - ok 19:34:51.0656 2416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 19:34:51.0781 2416 Fs_Rec - ok 19:34:51.0812 2416 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:34:51.0937 2416 Ftdisk - ok 19:34:51.0968 2416 ftsata2 (65b50b303ff74a5517117ba3d25dbe7f) C:\WINDOWS\system32\drivers\ftsata2.sys 19:34:51.0984 2416 ftsata2 ( UnsignedFile.Multi.Generic ) - warning 19:34:51.0984 2416 ftsata2 - detected UnsignedFile.Multi.Generic (1) 19:34:52.0046 2416 GarenaPEngine - ok 19:34:52.0078 2416 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 19:34:52.0218 2416 Gpc - ok 19:34:52.0234 2416 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys 19:34:52.0265 2416 HdAudAddService - ok 19:34:52.0296 2416 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 19:34:52.0421 2416 HDAudBus - ok 19:34:52.0468 2416 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 19:34:52.0593 2416 helpsvc - ok 19:34:52.0593 2416 HidServ - ok 19:34:52.0609 2416 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 19:34:52.0750 2416 HidUsb - ok 19:34:52.0765 2416 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 19:34:52.0890 2416 hkmsvc - ok 19:34:52.0890 2416 hpn - ok 19:34:52.0921 2416 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 19:34:52.0968 2416 HTTP - ok 19:34:52.0984 2416 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 19:34:53.0125 2416 HTTPFilter - ok 19:34:53.0125 2416 i2omgmt - ok 19:34:53.0125 2416 i2omp - ok 19:34:53.0156 2416 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:34:53.0296 2416 i8042prt - ok 19:34:53.0343 2416 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:34:53.0406 2416 idsvc - ok 19:34:53.0421 2416 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 19:34:53.0546 2416 Imapi - ok 19:34:53.0578 2416 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 19:34:53.0718 2416 ImapiService - ok 19:34:53.0734 2416 ini910u - ok 19:34:53.0734 2416 IntelIde - ok 19:34:53.0765 2416 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 19:34:53.0890 2416 intelppm - ok 19:34:53.0906 2416 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 19:34:54.0031 2416 Ip6Fw - ok 19:34:54.0062 2416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:34:54.0187 2416 IpFilterDriver - ok 19:34:54.0203 2416 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 19:34:54.0328 2416 IpInIp - ok 19:34:54.0359 2416 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 19:34:54.0484 2416 IpNat - ok 19:34:54.0515 2416 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 19:34:54.0640 2416 IPSec - ok 19:34:54.0656 2416 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 19:34:54.0765 2416 IRENUM - ok 19:34:54.0781 2416 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 19:34:54.0921 2416 isapnp - ok 19:34:55.0000 2416 JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Programme\Java\jre6\bin\jqs.exe 19:34:55.0015 2416 JavaQuickStarterService - ok 19:34:55.0031 2416 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:34:55.0171 2416 Kbdclass - ok 19:34:55.0187 2416 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 19:34:55.0343 2416 kmixer - ok 19:34:55.0359 2416 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 19:34:55.0421 2416 KSecDD - ok 19:34:55.0453 2416 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 19:34:55.0484 2416 lanmanserver - ok 19:34:55.0515 2416 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 19:34:55.0562 2416 lanmanworkstation - ok 19:34:55.0562 2416 lbrtfdc - ok 19:34:55.0609 2416 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 19:34:55.0750 2416 LmHosts - ok 19:34:55.0765 2416 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 19:34:55.0890 2416 Messenger - ok 19:34:55.0906 2416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 19:34:56.0031 2416 mnmdd - ok 19:34:56.0046 2416 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 19:34:56.0187 2416 mnmsrvc - ok 19:34:56.0203 2416 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 19:34:56.0343 2416 Modem - ok 19:34:56.0359 2416 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 19:34:56.0500 2416 Mouclass - ok 19:34:56.0515 2416 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 19:34:56.0640 2416 mouhid - ok 19:34:56.0656 2416 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 19:34:56.0781 2416 MountMgr - ok 19:34:56.0796 2416 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 19:34:56.0937 2416 MPE - ok 19:34:56.0937 2416 mraid35x - ok 19:34:56.0953 2416 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:34:57.0093 2416 MRxDAV - ok 19:34:57.0140 2416 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:34:57.0187 2416 MRxSmb - ok 19:34:57.0218 2416 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 19:34:57.0343 2416 MSDTC - ok 19:34:57.0359 2416 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 19:34:57.0484 2416 Msfs - ok 19:34:57.0484 2416 MSIServer - ok 19:34:57.0500 2416 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 19:34:57.0625 2416 MSKSSRV - ok 19:34:57.0640 2416 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:34:57.0765 2416 MSPCLOCK - ok 19:34:57.0781 2416 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 19:34:57.0921 2416 MSPQM - ok 19:34:57.0937 2416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:34:58.0046 2416 mssmbios - ok 19:34:58.0062 2416 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 19:34:58.0203 2416 MSTEE - ok 19:34:58.0234 2416 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 19:34:58.0265 2416 Mup - ok 19:34:58.0281 2416 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 19:34:58.0421 2416 NABTSFEC - ok 19:34:58.0453 2416 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 19:34:58.0593 2416 napagent - ok 19:34:58.0609 2416 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 19:34:58.0750 2416 NDIS - ok 19:34:58.0765 2416 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 19:34:58.0890 2416 NdisIP - ok 19:34:58.0921 2416 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:34:58.0937 2416 NdisTapi - ok 19:34:58.0953 2416 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:34:59.0078 2416 Ndisuio - ok 19:34:59.0093 2416 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:34:59.0234 2416 NdisWan - ok 19:34:59.0250 2416 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 19:34:59.0281 2416 NDProxy - ok 19:34:59.0312 2416 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 19:34:59.0437 2416 NetBIOS - ok 19:34:59.0453 2416 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 19:34:59.0593 2416 NetBT - ok 19:34:59.0625 2416 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 19:34:59.0765 2416 NetDDE - ok 19:34:59.0765 2416 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 19:34:59.0875 2416 NetDDEdsdm - ok 19:34:59.0906 2416 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 19:35:00.0031 2416 Netlogon - ok 19:35:00.0046 2416 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 19:35:00.0187 2416 Netman - ok 19:35:00.0281 2416 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:35:00.0296 2416 NetTcpPortSharing - ok 19:35:00.0312 2416 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 19:35:00.0437 2416 NIC1394 - ok 19:35:00.0484 2416 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 19:35:00.0515 2416 Nla - ok 19:35:00.0531 2416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 19:35:00.0656 2416 Npfs - ok 19:35:00.0687 2416 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 19:35:00.0812 2416 Ntfs - ok 19:35:00.0828 2416 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 19:35:00.0953 2416 NtLmSsp - ok 19:35:00.0984 2416 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 19:35:01.0140 2416 NtmsSvc - ok 19:35:01.0156 2416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 19:35:01.0296 2416 Null - ok 19:35:01.0328 2416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:35:01.0453 2416 NwlnkFlt - ok 19:35:01.0468 2416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:35:01.0593 2416 NwlnkFwd - ok 19:35:01.0609 2416 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 19:35:01.0734 2416 ohci1394 - ok 19:35:01.0781 2416 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 19:35:01.0812 2416 ose - ok 19:35:01.0828 2416 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 19:35:01.0953 2416 Parport - ok 19:35:01.0968 2416 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 19:35:02.0093 2416 PartMgr - ok 19:35:02.0109 2416 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 19:35:02.0234 2416 ParVdm - ok 19:35:02.0265 2416 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS 19:35:02.0265 2416 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning 19:35:02.0265 2416 PCANDIS5 - detected UnsignedFile.Multi.Generic (1) 19:35:02.0281 2416 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 19:35:02.0421 2416 PCI - ok 19:35:02.0421 2416 PCIDump - ok 19:35:02.0437 2416 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 19:35:02.0562 2416 PCIIde - ok 19:35:02.0593 2416 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 19:35:02.0734 2416 Pcmcia - ok 19:35:02.0734 2416 PDCOMP - ok 19:35:02.0734 2416 PDFRAME - ok 19:35:02.0734 2416 PDRELI - ok 19:35:02.0750 2416 PDRFRAME - ok 19:35:02.0750 2416 perc2 - ok 19:35:02.0750 2416 perc2hib - ok 19:35:02.0796 2416 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 19:35:02.0812 2416 PlugPlay - ok 19:35:02.0828 2416 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe 19:35:02.0843 2416 PnkBstrA - ok 19:35:02.0859 2416 PnkBstrB (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe 19:35:02.0875 2416 PnkBstrB - ok 19:35:02.0906 2416 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 19:35:03.0015 2416 PolicyAgent - ok 19:35:03.0031 2416 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 19:35:03.0156 2416 PptpMiniport - ok 19:35:03.0187 2416 PRISM_A02 (7796947d857d87491c78afad014a855a) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys 19:35:03.0218 2416 PRISM_A02 ( UnsignedFile.Multi.Generic ) - warning 19:35:03.0218 2416 PRISM_A02 - detected UnsignedFile.Multi.Generic (1) 19:35:03.0218 2416 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 19:35:03.0343 2416 ProtectedStorage - ok 19:35:03.0375 2416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 19:35:03.0500 2416 Ptilink - ok 19:35:03.0515 2416 ql1080 - ok 19:35:03.0515 2416 Ql10wnt - ok 19:35:03.0515 2416 ql12160 - ok 19:35:03.0531 2416 ql1240 - ok 19:35:03.0531 2416 ql1280 - ok 19:35:03.0562 2416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 19:35:03.0687 2416 RasAcd - ok 19:35:03.0703 2416 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 19:35:03.0843 2416 RasAuto - ok 19:35:03.0875 2416 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:35:04.0000 2416 Rasl2tp - ok 19:35:04.0015 2416 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 19:35:04.0156 2416 RasMan - ok 19:35:04.0171 2416 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:35:04.0296 2416 RasPppoe - ok 19:35:04.0312 2416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 19:35:04.0437 2416 Raspti - ok 19:35:04.0468 2416 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 19:35:04.0593 2416 Rdbss - ok 19:35:04.0609 2416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:35:04.0718 2416 RDPCDD - ok 19:35:04.0765 2416 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 19:35:04.0906 2416 rdpdr - ok 19:35:04.0937 2416 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 19:35:04.0968 2416 RDPWD - ok 19:35:04.0984 2416 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 19:35:05.0125 2416 RDSessMgr - ok 19:35:05.0156 2416 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 19:35:05.0281 2416 redbook - ok 19:35:05.0296 2416 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 19:35:05.0421 2416 RemoteAccess - ok 19:35:05.0453 2416 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll 19:35:05.0578 2416 RemoteRegistry - ok 19:35:05.0593 2416 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 19:35:05.0718 2416 RpcLocator - ok 19:35:05.0765 2416 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll 19:35:05.0796 2416 RpcSs - ok 19:35:05.0812 2416 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 19:35:05.0937 2416 RSVP - ok 19:35:05.0968 2416 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 19:35:06.0078 2416 SamSs - ok 19:35:06.0140 2416 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 19:35:06.0156 2416 SASDIFSV - ok 19:35:06.0171 2416 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 19:35:06.0171 2416 SASKUTIL - ok 19:35:06.0203 2416 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 19:35:06.0328 2416 SCardSvr - ok 19:35:06.0359 2416 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 19:35:06.0500 2416 Schedule - ok 19:35:06.0515 2416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 19:35:06.0625 2416 Secdrv - ok 19:35:06.0656 2416 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 19:35:06.0781 2416 seclogon - ok 19:35:06.0796 2416 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 19:35:06.0921 2416 SENS - ok 19:35:06.0937 2416 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 19:35:07.0062 2416 serenum - ok 19:35:07.0062 2416 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 19:35:07.0187 2416 Serial - ok 19:35:07.0218 2416 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 19:35:07.0328 2416 Sfloppy - ok 19:35:07.0375 2416 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 19:35:07.0515 2416 SharedAccess - ok 19:35:07.0546 2416 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 19:35:07.0562 2416 ShellHWDetection - ok 19:35:07.0562 2416 Simbad - ok 19:35:07.0578 2416 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 19:35:07.0703 2416 SLIP - ok 19:35:07.0718 2416 Sparrow - ok 19:35:07.0734 2416 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 19:35:07.0859 2416 splitter - ok 19:35:07.0890 2416 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 19:35:07.0921 2416 Spooler - ok 19:35:07.0937 2416 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 19:35:08.0062 2416 sr - ok 19:35:08.0078 2416 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 19:35:08.0218 2416 srservice - ok 19:35:08.0265 2416 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 19:35:08.0296 2416 Srv - ok 19:35:08.0312 2416 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 19:35:08.0437 2416 SSDPSRV - ok 19:35:08.0453 2416 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 19:35:08.0468 2416 ssmdrv - ok 19:35:08.0500 2416 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 19:35:08.0656 2416 stisvc - ok 19:35:08.0687 2416 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 19:35:08.0812 2416 streamip - ok 19:35:08.0828 2416 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 19:35:08.0953 2416 swenum - ok 19:35:08.0968 2416 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 19:35:09.0093 2416 swmidi - ok 19:35:09.0093 2416 SwPrv - ok 19:35:09.0109 2416 symc810 - ok 19:35:09.0109 2416 symc8xx - ok 19:35:09.0109 2416 sym_hi - ok 19:35:09.0125 2416 sym_u3 - ok 19:35:09.0140 2416 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 19:35:09.0265 2416 sysaudio - ok 19:35:09.0296 2416 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 19:35:09.0421 2416 SysmonLog - ok 19:35:09.0453 2416 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 19:35:09.0578 2416 TapiSrv - ok 19:35:09.0609 2416 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 19:35:09.0640 2416 Tcpip - ok 19:35:09.0656 2416 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 19:35:09.0781 2416 TDPIPE - ok 19:35:09.0796 2416 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 19:35:09.0906 2416 TDTCP - ok 19:35:09.0937 2416 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 19:35:10.0062 2416 TermDD - ok 19:35:10.0093 2416 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 19:35:10.0250 2416 TermService - ok 19:35:10.0281 2416 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 19:35:10.0296 2416 Themes - ok 19:35:10.0312 2416 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe 19:35:10.0453 2416 TlntSvr - ok 19:35:10.0453 2416 TosIde - ok 19:35:10.0468 2416 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 19:35:10.0609 2416 TrkWks - ok 19:35:10.0640 2416 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 19:35:10.0750 2416 Udfs - ok 19:35:10.0765 2416 ultra - ok 19:35:10.0796 2416 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 19:35:10.0953 2416 Update - ok 19:35:10.0968 2416 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 19:35:11.0109 2416 upnphost - ok 19:35:11.0125 2416 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 19:35:11.0250 2416 UPS - ok 19:35:11.0265 2416 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:35:11.0390 2416 usbccgp - ok 19:35:11.0406 2416 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 19:35:11.0531 2416 usbehci - ok 19:35:11.0546 2416 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 19:35:11.0671 2416 usbhub - ok 19:35:11.0687 2416 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 19:35:11.0812 2416 usbprint - ok 19:35:11.0828 2416 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:35:11.0937 2416 usbstor - ok 19:35:11.0953 2416 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 19:35:12.0062 2416 usbuhci - ok 19:35:12.0093 2416 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 19:35:12.0218 2416 VgaSave - ok 19:35:12.0218 2416 ViaIde - ok 19:35:12.0234 2416 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 19:35:12.0359 2416 VolSnap - ok 19:35:12.0390 2416 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 19:35:12.0531 2416 VSS - ok 19:35:12.0562 2416 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 19:35:12.0687 2416 W32Time - ok 19:35:12.0703 2416 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 19:35:12.0843 2416 Wanarp - ok 19:35:12.0843 2416 WDICA - ok 19:35:12.0859 2416 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 19:35:13.0000 2416 wdmaud - ok 19:35:13.0015 2416 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 19:35:13.0140 2416 WebClient - ok 19:35:13.0187 2416 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 19:35:13.0312 2416 winmgmt - ok 19:35:13.0343 2416 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll 19:35:13.0468 2416 WmdmPmSN - ok 19:35:13.0531 2416 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll 19:35:13.0578 2416 Wmi - ok 19:35:13.0609 2416 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 19:35:13.0734 2416 WmiApSrv - ok 19:35:13.0765 2416 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 19:35:13.0906 2416 wscsvc - ok 19:35:13.0921 2416 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 19:35:14.0046 2416 WSTCODEC - ok 19:35:14.0062 2416 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 19:35:14.0187 2416 wuauserv - ok 19:35:14.0234 2416 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 19:35:14.0375 2416 WZCSVC - ok 19:35:14.0390 2416 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 19:35:14.0562 2416 xmlprov - ok 19:35:14.0593 2416 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 19:35:15.0015 2416 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 19:35:15.0015 2416 \Device\Harddisk0\DR0 - detected TDSS File System (1) 19:35:15.0031 2416 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1 19:35:15.0078 2416 \Device\Harddisk1\DR1 - ok 19:35:15.0078 2416 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR8 19:35:18.0437 2416 \Device\Harddisk5\DR8 - ok 19:35:18.0437 2416 MBR (0x1B8) (b8ca217c4021c23ac709d6e6bcbb9e20) \Device\Harddisk6\DR9 19:35:18.0625 2416 \Device\Harddisk6\DR9 - ok 19:35:18.0625 2416 Boot (0x1200) (31117e3f4421da04e2209c1d80988f85) \Device\Harddisk0\DR0\Partition0 19:35:18.0625 2416 \Device\Harddisk0\DR0\Partition0 - ok 19:35:18.0640 2416 Boot (0x1200) (f48f14286da8b8c7be68936e9087a8e0) \Device\Harddisk0\DR0\Partition1 19:35:18.0640 2416 \Device\Harddisk0\DR0\Partition1 - ok 19:35:18.0640 2416 Boot (0x1200) (4eb6a976af183366c444a09981d648e4) \Device\Harddisk1\DR1\Partition0 19:35:18.0640 2416 \Device\Harddisk1\DR1\Partition0 - ok 19:35:18.0656 2416 Boot (0x1200) (87a0eb4ead04758e9eef1ae99037f53c) \Device\Harddisk5\DR8\Partition0 19:35:18.0656 2416 \Device\Harddisk5\DR8\Partition0 - ok 19:35:18.0656 2416 ============================================================ 19:35:18.0656 2416 Scan finished 19:35:18.0656 2416 ============================================================ 19:35:18.0765 3224 Detected object count: 5 19:35:18.0765 3224 Actual detected object count: 5 19:35:36.0046 3224 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:36.0046 3224 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:36.0046 3224 ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:36.0046 3224 ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:36.0046 3224 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:36.0046 3224 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:36.0046 3224 PRISM_A02 ( UnsignedFile.Multi.Generic ) - skipped by user 19:35:36.0046 3224 PRISM_A02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:35:36.0046 3224 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 19:35:36.0046 3224 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip |
02.06.2012, 17:15 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2012, 14:30 | #11 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionCode:
ATTFilter 15:16:02.0125 3548 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 15:16:02.0328 3548 ============================================================ 15:16:02.0328 3548 Current date / time: 2012/06/06 15:16:02.0328 15:16:02.0328 3548 SystemInfo: 15:16:02.0328 3548 15:16:02.0328 3548 OS Version: 5.1.2600 ServicePack: 3.0 15:16:02.0328 3548 Product type: Workstation 15:16:02.0328 3548 ComputerName: PC-LUENDORF 15:16:02.0328 3548 UserName: Administrator 15:16:02.0328 3548 Windows directory: C:\WINDOWS 15:16:02.0328 3548 System windows directory: C:\WINDOWS 15:16:02.0328 3548 Processor architecture: Intel x86 15:16:02.0328 3548 Number of processors: 2 15:16:02.0328 3548 Page size: 0x1000 15:16:02.0328 3548 Boot type: Normal boot 15:16:02.0328 3548 ============================================================ 15:16:04.0265 3548 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:16:04.0281 3548 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:16:04.0296 3548 Drive \Device\Harddisk5\DR8 - Size: 0xF3000000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:16:04.0296 3548 ============================================================ 15:16:04.0296 3548 \Device\Harddisk0\DR0: 15:16:04.0296 3548 MBR partitions: 15:16:04.0296 3548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1 15:16:04.0312 3548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF7E8D1 15:16:04.0312 3548 \Device\Harddisk1\DR1: 15:16:04.0312 3548 MBR partitions: 15:16:04.0312 3548 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82 15:16:04.0312 3548 \Device\Harddisk5\DR8: 15:16:04.0312 3548 MBR partitions: 15:16:04.0312 3548 \Device\Harddisk5\DR8\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x797FD0 15:16:04.0312 3548 ============================================================ 15:16:04.0343 3548 C: <-> \Device\Harddisk0\DR0\Partition0 15:16:04.0359 3548 D: <-> \Device\Harddisk1\DR1\Partition0 15:16:04.0390 3548 E: <-> \Device\Harddisk0\DR0\Partition1 15:16:04.0390 3548 ============================================================ 15:16:04.0390 3548 Initialize success 15:16:04.0390 3548 ============================================================ 15:16:12.0140 3448 ============================================================ 15:16:12.0140 3448 Scan started 15:16:12.0140 3448 Mode: Manual; SigCheck; TDLFS; 15:16:12.0140 3448 ============================================================ 15:16:14.0359 3448 Abiosdsk - ok 15:16:14.0359 3448 abp480n5 - ok 15:16:14.0390 3448 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:16:15.0796 3448 ACPI - ok 15:16:15.0812 3448 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:16:15.0953 3448 ACPIEC - ok 15:16:15.0968 3448 adpu160m - ok 15:16:15.0984 3448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:16:16.0140 3448 aec - ok 15:16:16.0171 3448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 15:16:16.0218 3448 AFD - ok 15:16:16.0218 3448 Aha154x - ok 15:16:16.0218 3448 aic78u2 - ok 15:16:16.0218 3448 aic78xx - ok 15:16:16.0250 3448 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 15:16:16.0390 3448 Alerter - ok 15:16:16.0406 3448 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 15:16:16.0531 3448 ALG - ok 15:16:16.0531 3448 AliIde - ok 15:16:16.0531 3448 amsint - ok 15:16:16.0609 3448 AntiVirSchedulerService (9828ffe47fbeb08b509a7717e4f77cc7) C:\Programme\Avira\AntiVir Desktop\sched.exe 15:16:16.0625 3448 AntiVirSchedulerService - ok 15:16:16.0640 3448 AntiVirService (bbc02905032d453c0e18d5110f841902) C:\Programme\Avira\AntiVir Desktop\avguard.exe 15:16:16.0656 3448 AntiVirService - ok 15:16:16.0687 3448 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll 15:16:16.0828 3448 AppMgmt - ok 15:16:16.0843 3448 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:16:16.0984 3448 Arp1394 - ok 15:16:16.0984 3448 asc - ok 15:16:16.0984 3448 asc3350p - ok 15:16:17.0000 3448 asc3550 - ok 15:16:17.0078 3448 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:16:17.0093 3448 aspnet_state - ok 15:16:17.0109 3448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:16:17.0234 3448 AsyncMac - ok 15:16:17.0250 3448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:16:17.0390 3448 atapi - ok 15:16:17.0390 3448 Atdisk - ok 15:16:17.0437 3448 Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe 15:16:17.0500 3448 Ati HotKey Poller - ok 15:16:17.0578 3448 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 15:16:17.0656 3448 ati2mtag - ok 15:16:17.0718 3448 ATIAVAIW (632fd762fa5183fabc01687a4cd357b8) C:\WINDOWS\system32\DRIVERS\atinavt2.sys 15:16:17.0750 3448 ATIAVAIW - ok 15:16:17.0781 3448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:16:17.0921 3448 Atmarpc - ok 15:16:17.0937 3448 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 15:16:18.0078 3448 AudioSrv - ok 15:16:18.0093 3448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:16:18.0234 3448 audstub - ok 15:16:18.0296 3448 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 15:16:18.0312 3448 avgio - ok 15:16:18.0343 3448 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:16:18.0453 3448 avgntflt - ok 15:16:18.0484 3448 avipbb (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:16:18.0500 3448 avipbb - ok 15:16:18.0515 3448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:16:18.0656 3448 Beep - ok 15:16:18.0687 3448 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 15:16:18.0859 3448 BITS - ok 15:16:18.0890 3448 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 15:16:19.0031 3448 Browser - ok 15:16:19.0093 3448 catchme - ok 15:16:19.0109 3448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:16:19.0250 3448 cbidf2k - ok 15:16:19.0265 3448 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:16:19.0406 3448 CCDECODE - ok 15:16:19.0406 3448 cd20xrnt - ok 15:16:19.0421 3448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:16:19.0562 3448 Cdaudio - ok 15:16:19.0578 3448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:16:19.0734 3448 Cdfs - ok 15:16:19.0750 3448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:16:19.0890 3448 Cdrom - ok 15:16:19.0890 3448 Changer - ok 15:16:19.0921 3448 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 15:16:20.0078 3448 CiSvc - ok 15:16:20.0078 3448 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 15:16:20.0218 3448 ClipSrv - ok 15:16:20.0281 3448 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:16:20.0296 3448 clr_optimization_v2.0.50727_32 - ok 15:16:20.0296 3448 CmdIde - ok 15:16:20.0296 3448 COMSysApp - ok 15:16:20.0312 3448 Cpqarray - ok 15:16:20.0343 3448 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 15:16:20.0484 3448 CryptSvc - ok 15:16:20.0484 3448 dac2w2k - ok 15:16:20.0484 3448 dac960nt - ok 15:16:20.0531 3448 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 15:16:20.0593 3448 DcomLaunch - ok 15:16:20.0625 3448 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys 15:16:20.0640 3448 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 15:16:20.0640 3448 DgiVecp - detected UnsignedFile.Multi.Generic (1) 15:16:20.0656 3448 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 15:16:20.0796 3448 Dhcp - ok 15:16:20.0828 3448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:16:20.0953 3448 Disk - ok 15:16:20.0953 3448 dmadmin - ok 15:16:21.0000 3448 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 15:16:21.0171 3448 dmboot - ok 15:16:21.0203 3448 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 15:16:21.0359 3448 dmio - ok 15:16:21.0359 3448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:16:21.0484 3448 dmload - ok 15:16:21.0500 3448 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 15:16:21.0640 3448 dmserver - ok 15:16:21.0671 3448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:16:21.0796 3448 DMusic - ok 15:16:21.0828 3448 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 15:16:21.0875 3448 Dnscache - ok 15:16:21.0906 3448 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 15:16:22.0046 3448 Dot3svc - ok 15:16:22.0046 3448 dpti2o - ok 15:16:22.0062 3448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:16:22.0203 3448 drmkaud - ok 15:16:22.0218 3448 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys 15:16:22.0281 3448 E100B - ok 15:16:22.0296 3448 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 15:16:22.0421 3448 EapHost - ok 15:16:22.0437 3448 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 15:16:22.0593 3448 ERSvc - ok 15:16:22.0609 3448 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 15:16:22.0640 3448 Eventlog - ok 15:16:22.0671 3448 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 15:16:22.0703 3448 EventSystem - ok 15:16:22.0734 3448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:16:22.0859 3448 Fastfat - ok 15:16:22.0890 3448 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 15:16:22.0937 3448 FastUserSwitchingCompatibility - ok 15:16:22.0953 3448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 15:16:23.0078 3448 Fdc - ok 15:16:23.0093 3448 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 15:16:23.0218 3448 Fips - ok 15:16:23.0234 3448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:16:23.0359 3448 Flpydisk - ok 15:16:23.0375 3448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:16:23.0500 3448 FltMgr - ok 15:16:23.0578 3448 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:16:23.0593 3448 FontCache3.0.0.0 - ok 15:16:23.0609 3448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:16:23.0734 3448 Fs_Rec - ok 15:16:23.0750 3448 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:16:23.0890 3448 Ftdisk - ok 15:16:23.0921 3448 ftsata2 (65b50b303ff74a5517117ba3d25dbe7f) C:\WINDOWS\system32\drivers\ftsata2.sys 15:16:23.0953 3448 ftsata2 ( UnsignedFile.Multi.Generic ) - warning 15:16:23.0953 3448 ftsata2 - detected UnsignedFile.Multi.Generic (1) 15:16:24.0000 3448 GarenaPEngine - ok 15:16:24.0031 3448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:16:24.0156 3448 Gpc - ok 15:16:24.0187 3448 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys 15:16:24.0218 3448 HdAudAddService - ok 15:16:24.0250 3448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:16:24.0375 3448 HDAudBus - ok 15:16:24.0421 3448 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:16:24.0546 3448 helpsvc - ok 15:16:24.0546 3448 HidServ - ok 15:16:24.0562 3448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:16:24.0687 3448 HidUsb - ok 15:16:24.0718 3448 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 15:16:24.0843 3448 hkmsvc - ok 15:16:24.0843 3448 hpn - ok 15:16:24.0875 3448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 15:16:24.0921 3448 HTTP - ok 15:16:24.0937 3448 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 15:16:25.0078 3448 HTTPFilter - ok 15:16:25.0078 3448 i2omgmt - ok 15:16:25.0078 3448 i2omp - ok 15:16:25.0109 3448 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:16:25.0250 3448 i8042prt - ok 15:16:25.0296 3448 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:16:25.0359 3448 idsvc - ok 15:16:25.0390 3448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:16:25.0515 3448 Imapi - ok 15:16:25.0546 3448 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 15:16:25.0671 3448 ImapiService - ok 15:16:25.0687 3448 ini910u - ok 15:16:25.0687 3448 IntelIde - ok 15:16:25.0718 3448 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:16:25.0859 3448 intelppm - ok 15:16:25.0875 3448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:16:25.0984 3448 Ip6Fw - ok 15:16:26.0015 3448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:16:26.0140 3448 IpFilterDriver - ok 15:16:26.0156 3448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:16:26.0281 3448 IpInIp - ok 15:16:26.0312 3448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:16:26.0453 3448 IpNat - ok 15:16:26.0484 3448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:16:26.0609 3448 IPSec - ok 15:16:26.0625 3448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:16:26.0750 3448 IRENUM - ok 15:16:26.0765 3448 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:16:26.0890 3448 isapnp - ok 15:16:26.0968 3448 JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Programme\Java\jre6\bin\jqs.exe 15:16:26.0984 3448 JavaQuickStarterService - ok 15:16:27.0000 3448 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:16:27.0140 3448 Kbdclass - ok 15:16:27.0156 3448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:16:27.0312 3448 kmixer - ok 15:16:27.0328 3448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 15:16:27.0390 3448 KSecDD - ok 15:16:27.0421 3448 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 15:16:27.0468 3448 lanmanserver - ok 15:16:27.0500 3448 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 15:16:27.0546 3448 lanmanworkstation - ok 15:16:27.0546 3448 lbrtfdc - ok 15:16:27.0593 3448 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 15:16:27.0718 3448 LmHosts - ok 15:16:27.0734 3448 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 15:16:27.0859 3448 Messenger - ok 15:16:27.0890 3448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:16:28.0000 3448 mnmdd - ok 15:16:28.0031 3448 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 15:16:28.0171 3448 mnmsrvc - ok 15:16:28.0171 3448 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 15:16:28.0312 3448 Modem - ok 15:16:28.0328 3448 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:16:28.0453 3448 Mouclass - ok 15:16:28.0484 3448 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:16:28.0609 3448 mouhid - ok 15:16:28.0625 3448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:16:28.0734 3448 MountMgr - ok 15:16:28.0750 3448 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 15:16:28.0890 3448 MPE - ok 15:16:28.0890 3448 mraid35x - ok 15:16:28.0906 3448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:16:29.0046 3448 MRxDAV - ok 15:16:29.0093 3448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:16:29.0140 3448 MRxSmb - ok 15:16:29.0171 3448 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 15:16:29.0281 3448 MSDTC - ok 15:16:29.0296 3448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:16:29.0421 3448 Msfs - ok 15:16:29.0421 3448 MSIServer - ok 15:16:29.0453 3448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:16:29.0578 3448 MSKSSRV - ok 15:16:29.0593 3448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:16:29.0718 3448 MSPCLOCK - ok 15:16:29.0734 3448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:16:29.0859 3448 MSPQM - ok 15:16:29.0875 3448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:16:30.0000 3448 mssmbios - ok 15:16:30.0015 3448 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 15:16:30.0140 3448 MSTEE - ok 15:16:30.0171 3448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 15:16:30.0218 3448 Mup - ok 15:16:30.0234 3448 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:16:30.0375 3448 NABTSFEC - ok 15:16:30.0406 3448 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 15:16:30.0546 3448 napagent - ok 15:16:30.0562 3448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:16:30.0703 3448 NDIS - ok 15:16:30.0718 3448 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:16:30.0843 3448 NdisIP - ok 15:16:30.0875 3448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:16:30.0921 3448 NdisTapi - ok 15:16:30.0937 3448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:16:31.0062 3448 Ndisuio - ok 15:16:31.0078 3448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:16:31.0203 3448 NdisWan - ok 15:16:31.0234 3448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 15:16:31.0265 3448 NDProxy - ok 15:16:31.0296 3448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:16:31.0421 3448 NetBIOS - ok 15:16:31.0453 3448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:16:31.0578 3448 NetBT - ok 15:16:31.0609 3448 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 15:16:31.0750 3448 NetDDE - ok 15:16:31.0750 3448 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 15:16:31.0875 3448 NetDDEdsdm - ok 15:16:31.0890 3448 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 15:16:32.0015 3448 Netlogon - ok 15:16:32.0046 3448 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 15:16:32.0171 3448 Netman - ok 15:16:32.0281 3448 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:16:32.0296 3448 NetTcpPortSharing - ok 15:16:32.0312 3448 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:16:32.0437 3448 NIC1394 - ok 15:16:32.0468 3448 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 15:16:32.0500 3448 Nla - ok 15:16:32.0531 3448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:16:32.0656 3448 Npfs - ok 15:16:32.0687 3448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:16:32.0828 3448 Ntfs - ok 15:16:32.0828 3448 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 15:16:32.0953 3448 NtLmSsp - ok 15:16:33.0000 3448 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 15:16:33.0156 3448 NtmsSvc - ok 15:16:33.0171 3448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:16:33.0281 3448 Null - ok 15:16:33.0312 3448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:16:33.0437 3448 NwlnkFlt - ok 15:16:33.0453 3448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:16:33.0578 3448 NwlnkFwd - ok 15:16:33.0593 3448 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:16:33.0718 3448 ohci1394 - ok 15:16:33.0765 3448 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 15:16:33.0781 3448 ose - ok 15:16:33.0812 3448 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 15:16:33.0937 3448 Parport - ok 15:16:33.0937 3448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:16:34.0062 3448 PartMgr - ok 15:16:34.0078 3448 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 15:16:34.0218 3448 ParVdm - ok 15:16:34.0234 3448 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS 15:16:34.0250 3448 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning 15:16:34.0250 3448 PCANDIS5 - detected UnsignedFile.Multi.Generic (1) 15:16:34.0281 3448 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 15:16:34.0390 3448 PCI - ok 15:16:34.0406 3448 PCIDump - ok 15:16:34.0406 3448 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:16:34.0531 3448 PCIIde - ok 15:16:34.0562 3448 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:16:34.0703 3448 Pcmcia - ok 15:16:34.0703 3448 PDCOMP - ok 15:16:34.0703 3448 PDFRAME - ok 15:16:34.0718 3448 PDRELI - ok 15:16:34.0718 3448 PDRFRAME - ok 15:16:34.0718 3448 perc2 - ok 15:16:34.0734 3448 perc2hib - ok 15:16:34.0765 3448 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 15:16:34.0781 3448 PlugPlay - ok 15:16:34.0812 3448 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe 15:16:34.0828 3448 PnkBstrA - ok 15:16:34.0843 3448 PnkBstrB (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe 15:16:34.0859 3448 PnkBstrB - ok 15:16:34.0875 3448 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 15:16:34.0984 3448 PolicyAgent - ok 15:16:35.0000 3448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:16:35.0125 3448 PptpMiniport - ok 15:16:35.0156 3448 PRISM_A02 (7796947d857d87491c78afad014a855a) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys 15:16:35.0187 3448 PRISM_A02 ( UnsignedFile.Multi.Generic ) - warning 15:16:35.0187 3448 PRISM_A02 - detected UnsignedFile.Multi.Generic (1) 15:16:35.0187 3448 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 15:16:35.0296 3448 ProtectedStorage - ok 15:16:35.0328 3448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:16:35.0453 3448 Ptilink - ok 15:16:35.0453 3448 ql1080 - ok 15:16:35.0453 3448 Ql10wnt - ok 15:16:35.0468 3448 ql12160 - ok 15:16:35.0468 3448 ql1240 - ok 15:16:35.0468 3448 ql1280 - ok 15:16:35.0500 3448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:16:35.0625 3448 RasAcd - ok 15:16:35.0640 3448 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 15:16:35.0781 3448 RasAuto - ok 15:16:35.0796 3448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:16:35.0921 3448 Rasl2tp - ok 15:16:35.0953 3448 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 15:16:36.0078 3448 RasMan - ok 15:16:36.0093 3448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:16:36.0218 3448 RasPppoe - ok 15:16:36.0234 3448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:16:36.0359 3448 Raspti - ok 15:16:36.0390 3448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:16:36.0515 3448 Rdbss - ok 15:16:36.0531 3448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:16:36.0640 3448 RDPCDD - ok 15:16:36.0671 3448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:16:36.0796 3448 rdpdr - ok 15:16:36.0843 3448 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 15:16:36.0890 3448 RDPWD - ok 15:16:36.0906 3448 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 15:16:37.0046 3448 RDSessMgr - ok 15:16:37.0078 3448 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:16:37.0203 3448 redbook - ok 15:16:37.0218 3448 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 15:16:37.0343 3448 RemoteAccess - ok 15:16:37.0375 3448 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll 15:16:37.0500 3448 RemoteRegistry - ok 15:16:37.0515 3448 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 15:16:37.0640 3448 RpcLocator - ok 15:16:37.0687 3448 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll 15:16:37.0718 3448 RpcSs - ok 15:16:37.0734 3448 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 15:16:37.0859 3448 RSVP - ok 15:16:37.0890 3448 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 15:16:38.0015 3448 SamSs - ok 15:16:38.0078 3448 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 15:16:38.0093 3448 SASDIFSV - ok 15:16:38.0109 3448 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 15:16:38.0109 3448 SASKUTIL - ok 15:16:38.0140 3448 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 15:16:38.0265 3448 SCardSvr - ok 15:16:38.0296 3448 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 15:16:38.0421 3448 Schedule - ok 15:16:38.0468 3448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:16:38.0578 3448 Secdrv - ok 15:16:38.0593 3448 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 15:16:38.0718 3448 seclogon - ok 15:16:38.0734 3448 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 15:16:38.0875 3448 SENS - ok 15:16:38.0890 3448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:16:39.0000 3448 serenum - ok 15:16:39.0015 3448 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 15:16:39.0140 3448 Serial - ok 15:16:39.0156 3448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:16:39.0281 3448 Sfloppy - ok 15:16:39.0312 3448 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 15:16:39.0453 3448 SharedAccess - ok 15:16:39.0484 3448 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 15:16:39.0500 3448 ShellHWDetection - ok 15:16:39.0500 3448 Simbad - ok 15:16:39.0515 3448 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:16:39.0640 3448 SLIP - ok 15:16:39.0640 3448 Sparrow - ok 15:16:39.0671 3448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:16:39.0796 3448 splitter - ok 15:16:39.0812 3448 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 15:16:39.0859 3448 Spooler - ok 15:16:39.0875 3448 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 15:16:40.0000 3448 sr - ok 15:16:40.0015 3448 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 15:16:40.0156 3448 srservice - ok 15:16:40.0203 3448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 15:16:40.0234 3448 Srv - ok 15:16:40.0250 3448 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 15:16:40.0390 3448 SSDPSRV - ok 15:16:40.0406 3448 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:16:40.0406 3448 ssmdrv - ok 15:16:40.0437 3448 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 15:16:40.0593 3448 stisvc - ok 15:16:40.0609 3448 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:16:40.0734 3448 streamip - ok 15:16:40.0750 3448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:16:40.0875 3448 swenum - ok 15:16:40.0890 3448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:16:41.0015 3448 swmidi - ok 15:16:41.0015 3448 SwPrv - ok 15:16:41.0015 3448 symc810 - ok 15:16:41.0031 3448 symc8xx - ok 15:16:41.0031 3448 sym_hi - ok 15:16:41.0031 3448 sym_u3 - ok 15:16:41.0046 3448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:16:41.0187 3448 sysaudio - ok 15:16:41.0203 3448 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 15:16:41.0328 3448 SysmonLog - ok 15:16:41.0359 3448 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 15:16:41.0484 3448 TapiSrv - ok 15:16:41.0531 3448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:16:41.0562 3448 Tcpip - ok 15:16:41.0578 3448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:16:41.0703 3448 TDPIPE - ok 15:16:41.0703 3448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:16:41.0828 3448 TDTCP - ok 15:16:41.0843 3448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:16:41.0953 3448 TermDD - ok 15:16:42.0000 3448 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 15:16:42.0140 3448 TermService - ok 15:16:42.0156 3448 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 15:16:42.0171 3448 Themes - ok 15:16:42.0203 3448 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe 15:16:42.0328 3448 TlntSvr - ok 15:16:42.0328 3448 TosIde - ok 15:16:42.0343 3448 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 15:16:42.0484 3448 TrkWks - ok 15:16:42.0500 3448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:16:42.0625 3448 Udfs - ok 15:16:42.0640 3448 ultra - ok 15:16:42.0671 3448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:16:42.0812 3448 Update - ok 15:16:42.0843 3448 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 15:16:42.0968 3448 upnphost - ok 15:16:42.0984 3448 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 15:16:43.0109 3448 UPS - ok 15:16:43.0140 3448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:16:43.0250 3448 usbccgp - ok 15:16:43.0265 3448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:16:43.0390 3448 usbehci - ok 15:16:43.0406 3448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:16:43.0531 3448 usbhub - ok 15:16:43.0546 3448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:16:43.0671 3448 usbprint - ok 15:16:43.0687 3448 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:16:43.0796 3448 usbstor - ok 15:16:43.0812 3448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:16:43.0921 3448 usbuhci - ok 15:16:43.0953 3448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:16:44.0078 3448 VgaSave - ok 15:16:44.0078 3448 ViaIde - ok 15:16:44.0093 3448 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 15:16:44.0218 3448 VolSnap - ok 15:16:44.0250 3448 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 15:16:44.0390 3448 VSS - ok 15:16:44.0406 3448 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 15:16:44.0546 3448 W32Time - ok 15:16:44.0562 3448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:16:44.0687 3448 Wanarp - ok 15:16:44.0703 3448 WDICA - ok 15:16:44.0718 3448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:16:44.0843 3448 wdmaud - ok 15:16:44.0859 3448 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 15:16:45.0000 3448 WebClient - ok 15:16:45.0046 3448 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 15:16:45.0171 3448 winmgmt - ok 15:16:45.0203 3448 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll 15:16:45.0328 3448 WmdmPmSN - ok 15:16:45.0375 3448 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll 15:16:45.0421 3448 Wmi - ok 15:16:45.0484 3448 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:16:45.0593 3448 WmiApSrv - ok 15:16:45.0625 3448 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 15:16:45.0765 3448 wscsvc - ok 15:16:45.0781 3448 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:16:45.0906 3448 WSTCODEC - ok 15:16:45.0921 3448 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 15:16:46.0046 3448 wuauserv - ok 15:16:46.0078 3448 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 15:16:46.0218 3448 WZCSVC - ok 15:16:46.0234 3448 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 15:16:46.0406 3448 xmlprov - ok 15:16:46.0437 3448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 15:16:46.0937 3448 \Device\Harddisk0\DR0 - ok 15:16:46.0953 3448 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1 15:16:47.0000 3448 \Device\Harddisk1\DR1 - ok 15:16:47.0000 3448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR8 15:16:50.0390 3448 \Device\Harddisk5\DR8 - ok 15:16:50.0406 3448 Boot (0x1200) (31117e3f4421da04e2209c1d80988f85) \Device\Harddisk0\DR0\Partition0 15:16:50.0406 3448 \Device\Harddisk0\DR0\Partition0 - ok 15:16:50.0406 3448 Boot (0x1200) (f48f14286da8b8c7be68936e9087a8e0) \Device\Harddisk0\DR0\Partition1 15:16:50.0406 3448 \Device\Harddisk0\DR0\Partition1 - ok 15:16:50.0421 3448 Boot (0x1200) (4eb6a976af183366c444a09981d648e4) \Device\Harddisk1\DR1\Partition0 15:16:50.0421 3448 \Device\Harddisk1\DR1\Partition0 - ok 15:16:50.0421 3448 Boot (0x1200) (87a0eb4ead04758e9eef1ae99037f53c) \Device\Harddisk5\DR8\Partition0 15:16:50.0421 3448 \Device\Harddisk5\DR8\Partition0 - ok 15:16:50.0421 3448 ============================================================ 15:16:50.0421 3448 Scan finished 15:16:50.0421 3448 ============================================================ 15:16:50.0531 3576 Detected object count: 4 15:16:50.0531 3576 Actual detected object count: 4 15:29:36.0812 3576 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 15:29:36.0812 3576 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:29:36.0812 3576 ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user 15:29:36.0812 3576 ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:29:36.0812 3576 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user 15:29:36.0812 3576 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:29:36.0812 3576 PRISM_A02 ( UnsignedFile.Multi.Generic ) - skipped by user 15:29:36.0812 3576 PRISM_A02 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
06.06.2012, 15:15 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
07.06.2012, 18:33 | #13 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionCode:
ATTFilter ComboFix 12-06-07.03 - Administrator 07.06.2012 18:16:43.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1599 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\Administrator\4.0 c:\programme\xp-AntiSpy c:\programme\xp-AntiSpy\Uninstall.exe c:\programme\xp-AntiSpy\xp-AntiSpy.chm c:\programme\xp-AntiSpy\xp-AntiSpy.exe c:\programme\xp-AntiSpy\xp-AntiSpy.url c:\programme\xp-AntiSpy\xp-AntiSpy_3.9.3.exe c:\windows\e.bat c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\s.bat c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\empty.exe c:\windows\system32\remover.exe c:\windows\system32\tooldownloadreadme.htm . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-07 bis 2012-06-07 )))))))))))))))))))))))))))))) . . 2012-06-03 12:37 . 2012-06-03 12:37 -------- d-----w- c:\programme\Dropbox 2012-06-03 12:26 . 2012-06-03 12:26 -------- d-----w- C:\TDSSKiller_Quarantine . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 13:22 . 2002-12-31 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll 2012-05-06 16:48 . 2012-05-06 16:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-06 16:48 . 2011-08-24 11:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:51 . 2004-08-04 00:50 2029056 ------w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:51 . 2002-12-31 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:51 . 2002-12-31 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-04 13:56 . 2009-08-20 13:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-28 2424560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-06-28 98304] . c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\ Dropbox.lnk - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"= "c:\\Programme\\The Creative Assembly\\Rome - Total War\\RomeTW-BI.exe"= "c:\\Dokumente und Einstellungen\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Dokumente und Einstellungen\\Administrator\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"= "c:\\Programme\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872] R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.07.2010 23:20 135336] S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp [?] . Inhalt des "geplante Tasks" Ordners . 2012-06-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: kaspersky.com\www TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8}: NameServer = 192.168.100.1 FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-57890767.sys MSConfigStartUp-Upgrade - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Google Inc.\{2EBC3A8B-7B80-4F71-A899-18741E4D3207}\Upgrade.exe AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-06-07 18:20 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine] "ImagePath"="\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,51,b8,e4,82,d1,15,49,be,7e,73,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,09,3d,96,18,26,c8,4d,95,4c,14,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,51,b8,e4,82,d1,15,49,be,7e,73,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(516) c:\programme\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2012-06-07 18:22:23 ComboFix-quarantined-files.txt 2012-06-07 16:22 ComboFix2.txt 2010-07-15 13:22 . Vor Suchlauf: 3.812.515.840 Bytes frei Nach Suchlauf: 4.012.691.456 Bytes frei . - - End Of File - - 1C9E43BC2C120C8E9139A19E01FA21D1 |
07.06.2012, 21:02 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.06.2012, 23:29 | #15 |
| Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-FestplattenpartitionCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-07 23:10:05 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00 Running: t71w1xty.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys ---- System - GMER 1.0.15 ---- SSDT BA76072E ZwCreateKey SSDT BA760724 ZwCreateThread SSDT BA760733 ZwDeleteKey SSDT BA76073D ZwDeleteValueKey SSDT BA760742 ZwLoadKey SSDT BA760710 ZwOpenProcess SSDT BA760715 ZwOpenThread SSDT BA76074C ZwReplaceKey SSDT BA760747 ZwRestoreKey SSDT BA760738 ZwSetValueKey SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA958C620] Code \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:29:11 on 08.06.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "OGALogon.job" - ? - C:\WINDOWS\system32\OGAEXEC.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl "NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl "QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ftsata2" (ftsata2) - "Promise Technology, Inc." - C:\WINDOWS\system32\drivers\ftsata2.sys "GarenaPEngine" (GarenaPEngine) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pxldiuod" (pxldiuod) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys (Hidden registry entry, rootkit activity | File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "Sinus 154 stick" (PRISM_A02) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\PRISMA02.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\WINDOWS\System32\Drivers\DgiVecp.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {B28C18DB-6816-4F31-9630-397683E3C2C3} "FilZip Shell Extension" - "Philipp Engel" - C:\Programme\FilZip\fzshext.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? - (File not found | COM-object registry key not found) {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart "QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "Win2PDF Port" - ? - C:\WINDOWS\system32\win2pdfm.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Java Quick Starter" (JavaQuickStarterService) - "Oracle" - C:\Programme\Java\jre6\bin\jqs.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe (File found, but it contains no detailed information) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-06-07 23:17:41 ----------------------------- 23:17:41.762 OS Version: Windows 5.1.2600 Service Pack 3 23:17:41.762 Number of processors: 2 586 0x404 23:17:41.762 ComputerName: PC-LUENDORF UserName: 23:17:42.043 Initialize success 23:18:43.355 AVAST engine defs: 12060700 23:19:14.980 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 23:19:14.980 Disk 0 Vendor: ST3160023AS 3.00 Size: 152627MB BusType: 3 23:19:14.980 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22 23:19:14.980 Disk 1 Vendor: ST3160023AS 3.00 Size: 152627MB BusType: 3 23:19:14.980 Disk 0 MBR read successfully 23:19:14.980 Disk 0 MBR scan 23:19:15.027 Disk 0 Windows XP default MBR code 23:19:15.027 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63 23:19:15.027 Disk 0 Partition - 00 0F Extended LBA 122621 MB offset 61432560 23:19:15.059 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122621 MB offset 61432623 23:19:15.090 Disk 0 scanning sectors +312560640 23:19:15.246 Disk 0 scanning C:\WINDOWS\system32\drivers 23:19:54.809 Service scanning 23:20:03.902 Modules scanning 23:20:45.152 Disk 0 trace - called modules: 23:20:45.199 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 23:20:45.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a364ab8] 23:20:45.199 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a36d9e8] 23:20:45.199 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a3aa940] 23:20:45.652 AVAST engine scan C:\WINDOWS 23:21:08.809 AVAST engine scan C:\WINDOWS\system32 23:30:49.949 AVAST engine scan C:\WINDOWS\system32\drivers 23:31:43.777 AVAST engine scan C:\Dokumente und Einstellungen\Administrator 23:38:30.996 AVAST engine scan C:\Dokumente und Einstellungen\All Users 23:40:12.027 Scan finished successfully 00:26:57.340 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat" 00:26:57.340 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt" |
Themen zu Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition |
antivir, antivir guard, avira, computer, cpu, desktop, einstellungen, eraser, explorer, firefox, frage, helper, malware, mozilla, plug-in, problem, registry, rundll, scan, seiten, software, speicherplatz, superantispyware, svchost, system, temp, windows xp, zu wenig speicherplatz |