|
Log-Analyse und Auswertung: Verschlüsselungs Trojaner - XP startet nicht im abgesicherten ModusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.06.2012, 03:00 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus War das Wort Vollscan denn so leicht zu übersehen Du hast nur einen Quickscan gemacht!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.06.2012, 17:38 | #17 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hier die logs, diesmal mit komplettem Scan:
__________________Malwarebytes: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.10.01 Windows XP Service Pack 2 x86 FAT32 Internet Explorer 6.0.2900.2180 miles davis :: VOODOO [Administrator] Schutz: Aktiviert 10.06.2012 11:42:30 mbam-log-2012-06-10 (11-42-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230091 Laufzeit: 1 Stunde(n), 41 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\_OTL\MovedFiles\06102012_032905\C_WINDOWS\system32\199D5B5DF8FAD812799C.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06102012_032905\C_Dokumente und Einstellungen\miles davis\Anwendungsdaten\Wjuda\37DE7CF0F8FAD8126F4D.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\StartupRun\strun.exe (PUP.StartUpManager) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und hier das von eset Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e9932b959ae74542aadcfc3c6ed57f28 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-10 12:50:51 # local_time=2012-06-10 02:50:51 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775125 100 93 625519 75869505 441486 0 # compatibility_mode=8192 67108863 100 0 575 575 0 0 # compatibility_mode=9217 16777214 0 9 162618781 162618789 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e9932b959ae74542aadcfc3c6ed57f28 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-10 02:34:56 # local_time=2012-06-10 04:34:56 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775125 100 93 626393 75870379 442360 0 # compatibility_mode=8192 67108863 100 0 1449 1449 0 0 # compatibility_mode=9217 16777214 0 9 162619655 162619663 0 0 # scanned=52509 # found=3 # cleaned=0 # scan_time=5376 C:\Dokumente und Einstellungen\miles davis\Desktop\Mitgliedschaft.zip Win32/Trustezeb.B trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles.ace Win32/Trustezeb.B trojan (unable to clean) 00000000000000000000000000000000 I D:\Eigene Dateien\GABRIEL\ÄMTER\FINANZAM\2011\ynpXVVNNqqsettu Win32/Trustezeb.B trojan (unable to clean) 00000000000000000000000000000000 I Gruß Gabriel |
10.06.2012, 18:44 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hätte da mal zwei Fragen bevor es weiter geht
__________________1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ |
10.06.2012, 20:16 | #19 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hallo Arne, was die Windows-Benutzung angeht, so sind mir keine Beschränkungen aufgefallen. Allerdings funktioniert mein Mail Programm (Pegasus) nicht, welches auf D: unter Programme ist. Ich hatte noch auf E: eine alte Version und die geht ohne Probleme. Aber die unter D: geht nicht. Die winpm-32.exe scheint verschlüsselt zu sein, ich kann sie jedenfalls nicht finden. Ansonsten scheint alles normal zu laufen. Gruß Gabriel |
10.06.2012, 20:49 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
10.06.2012, 21:30 | #21 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hier das Log von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.06.2012 22:00:18 - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = C:\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,00 Mb Total Physical Memory | 379,00 Mb Available Physical Memory | 49,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): D:\pagefile.sys 0 0J:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 6,99 Gb Total Space | 0,58 Gb Free Space | 8,36% Space Free | Partition Type: FAT32 Drive D: | 5,30 Gb Total Space | 0,41 Gb Free Space | 7,68% Space Free | Partition Type: FAT32 Drive E: | 1,31 Gb Total Space | 0,09 Gb Free Space | 6,98% Space Free | Partition Type: FAT Drive F: | 1,31 Gb Total Space | 0,12 Gb Free Space | 9,37% Space Free | Partition Type: FAT Drive G: | 3,98 Gb Total Space | 0,11 Gb Free Space | 2,82% Space Free | Partition Type: FAT32 Drive H: | 5,83 Gb Total Space | 0,10 Gb Free Space | 1,79% Space Free | Partition Type: FAT32 Drive I: | 3,30 Gb Total Space | 0,09 Gb Free Space | 2,86% Space Free | Partition Type: FAT32 Drive J: | 6,34 Gb Total Space | 0,27 Gb Free Space | 4,31% Space Free | Partition Type: FAT32 Drive K: | 3,90 Gb Total Space | 0,91 Gb Free Space | 23,33% Space Free | Partition Type: FAT32 Drive M: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: VOODOO | User Name: miles davis Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (gupdate) Google Update Service (gupdate) SRV - [2012.06.10 21:05:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 22:50:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.11 08:07:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.14 18:49:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto] -- D:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (Ser2pl) DRV - File not found [Kernel | On_Demand] -- -- (RTCore32) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.11 08:07:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.11 08:07:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 12:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.03.26 14:22:16 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.03.13 11:38:24 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005.11.03 16:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2004.08.03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2004.07.20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32) DRV - [2001.09.27 00:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2001.09.26 18:19:34 | 000,364,800 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sis7018.sys -- (SiS7018) Service for SiS7018 Driver (WDM) DRV - [2001.08.18 04:19:46 | 000,281,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa) DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001.08.10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) DRV - [2001.04.27 06:08:32 | 000,038,946 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sis7012.sys -- (SiS7012) Service for AC'97 Sample Driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\URLSearchHook: {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: D:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: D:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Programme\Real\RealPlayer\browserrecord [2008.11.21 09:58:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.22 19:47:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Programme\components [2006.08.19 15:21:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Programme\plugins [2006.08.19 15:21:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.25 18:22:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.01.22 19:47:00 | 000,000,000 | ---D | M] [2008.08.26 15:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Mozilla\Extensions [2006.08.19 15:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Mozilla\Firefox\Profiles\vqzqwz3s.default\extensions [2011.08.12 00:32:34 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Mozilla\Firefox\Profiles\vqzqwz3s.default\searchplugins\ogOtsesooQQfVpXqyNrxG [2011.11.03 15:08:50 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Mozilla\Firefox\Profiles\vqzqwz3s.default\searchplugins\yEuNVfpsyyrvGxDp [2011.11.03 15:08:50 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Mozilla\Firefox\Profiles\vqzqwz3s.default\searchplugins\fssnLJvfVXpjAgOxx [2011.11.03 15:08:50 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Mozilla\Firefox\Profiles\vqzqwz3s.default\searchplugins\DXnjOgUGlDAEuQtUaT [2011.11.03 15:08:50 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Mozilla\Firefox\Profiles\vqzqwz3s.default\searchplugins\ajAQustaaEorNfVseyq [2006.11.25 15:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- [2006.10.22 19:06:28 | 000,000,983 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\webde-websuche.xml O1 HOSTS File: ([2012.06.10 03:29:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Multi_Media_Germany toolbar) - {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Multi_Media_Germany toolbar) - {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\Toolbar\WebBrowser: (Multi_Media_Germany toolbar) - {DAC6ED64-8DD1-4AB8-AEDF-B97892D28FFE} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [WinampAgent] E:\Programme\Winamp\Winampa.exe () O4 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\miles davis\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = D:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\miles davis\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = D:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - D:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - M:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\Shell\AutoRun\command - "" = M:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] () O33 - MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\Shell - "" = AutoRun O33 - MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\Shell\AutoRun\command - "" = N:\start.exe O33 - MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\Shell - "" = AutoRun O33 - MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\Shell\AutoRun\command - "" = N:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^miles davis^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: 1&1 EasyLogin - hkey= - key= - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AtiPTA - hkey= - key= - File not found MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found MsConfig - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found MsConfig - StartUpReg: ICQ Lite - hkey= - key= - File not found MsConfig - StartUpReg: KEMailKb - hkey= - key= - File not found MsConfig - StartUpReg: Launcher - hkey= - key= - C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe (KYOCERA MITA Corporation) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RegistryBooster - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Reg Error: Value error. SafeBootMin: Boot Bus Extender - Reg Error: Value error. SafeBootMin: Boot file system - Reg Error: Value error. SafeBootMin: File system - Reg Error: Value error. SafeBootMin: Filter - Reg Error: Value error. SafeBootMin: PCI Configuration - Reg Error: Value error. SafeBootMin: PNP Filter - Reg Error: Value error. SafeBootMin: Primary disk - Reg Error: Value error. SafeBootMin: SCSI Class - Reg Error: Value error. SafeBootMin: System Bus Extender - Reg Error: Value error. SafeBootMin: vds - Reg Error: Value error. SafeBootMin: vga.sys - Reg Error: Value error. SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Reg Error: Value error. SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Reg Error: Value error. SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Reg Error: Value error. SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Reg Error: Value error. SafeBootNet: Base - Reg Error: Value error. SafeBootNet: Boot Bus Extender - Reg Error: Value error. SafeBootNet: Boot file system - Reg Error: Value error. SafeBootNet: File system - Reg Error: Value error. SafeBootNet: Filter - Reg Error: Value error. SafeBootNet: NDIS Wrapper - Reg Error: Value error. SafeBootNet: NetBIOSGroup - Reg Error: Value error. SafeBootNet: NetDDEGroup - Reg Error: Value error. SafeBootNet: Network - Reg Error: Value error. SafeBootNet: NetworkProvider - Reg Error: Value error. SafeBootNet: PCI Configuration - Reg Error: Value error. SafeBootNet: PNP Filter - Reg Error: Value error. SafeBootNet: PNP_TDI - Reg Error: Value error. SafeBootNet: Primary disk - Reg Error: Value error. SafeBootNet: SCSI Class - Reg Error: Value error. SafeBootNet: Streams Drivers - Reg Error: Value error. SafeBootNet: System Bus Extender - Reg Error: Value error. SafeBootNet: TDI - Reg Error: Value error. SafeBootNet: UploadMgr - Reg Error: Value error. SafeBootNet: vga.sys - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Reg Error: Value error. SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Reg Error: Value error. SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Reg Error: Value error. SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2012.06.10 14:41:14 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.06.10 14:40:58 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\miles davis\Desktop\esetsmartinstaller_enu.exe [2012.06.10 04:19:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Malwarebytes [2012.06.10 04:19:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.10 04:19:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.10 04:19:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.10 04:02:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.06.10 03:29:07 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012.06.10 03:29:05 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.02 10:16:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\miles davis\Recent [2012.05.27 10:00:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free M4a to MP3 Converter [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.10 21:55:02 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.10 21:49:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.10 20:53:44 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.10 20:53:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.10 20:53:34 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 19:10:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2012.06.10 18:33:56 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk [2012.06.10 14:41:08 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\miles davis\Desktop\esetsmartinstaller_enu.exe [2012.06.10 04:19:10 | 000,000,543 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.10 04:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.10 04:08:42 | 000,034,261 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Desktop\Mitgliedschaft.zip [2012.06.10 04:02:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.06.10 03:37:20 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.02 10:24:12 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Desktop\yLXDGGJryysXVVN [2012.05.27 10:00:14 | 000,000,491 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Desktop\Free M4a to MP3 Converter.lnk [2012.05.27 10:00:14 | 000,000,491 | ---- | M] () -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Free M4a to MP3 Converter.lnk [2012.05.27 10:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free M4a to MP3 Converter [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.10 18:33:53 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk [2012.06.10 04:19:09 | 000,000,543 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.10 04:08:41 | 000,034,261 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\Desktop\Mitgliedschaft.zip [2012.06.02 10:24:10 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\Desktop\yLXDGGJryysXVVN [2012.05.27 10:00:13 | 000,000,491 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\Desktop\Free M4a to MP3 Converter.lnk [2012.05.27 10:00:13 | 000,000,491 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Free M4a to MP3 Converter.lnk [2011.09.25 12:31:45 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.09.25 12:28:17 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.05.13 10:18:44 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.04.08 09:46:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2010.03.28 01:25:07 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\Lokale Einstellungen\Anwendungsdaten\vTUjlOjGJlxLXvnVrpfye [2010.03.01 11:09:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009.04.24 08:07:19 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\kbdro098m.dll [2008.11.20 21:04:44 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2008.10.01 08:21:17 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\qaptxuvAqDsUfgrLo [2008.02.25 11:07:45 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2008.02.25 11:07:38 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2008.02.25 11:07:36 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2008.02.25 11:07:35 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2008.02.25 11:07:33 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2008.02.25 11:06:40 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll [2008.02.25 11:06:40 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll [2008.01.17 22:59:49 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll [2007.12.18 15:32:09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\MediaManager.INI [2007.10.20 01:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.07.07 08:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI [2007.06.07 09:55:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007.06.05 21:36:33 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini [2007.05.09 08:05:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.05.09 08:05:23 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.04.06 13:16:33 | 000,000,041 | ---- | C] () -- C:\WINDOWS\DexCompress.ini [2007.03.15 07:47:15 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2007.01.14 14:13:47 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006.10.11 21:45:26 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2006.10.09 23:33:30 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006.09.27 08:56:50 | 000,002,992 | ---- | C] () -- C:\WINDOWS\tm.ini [2006.09.23 22:11:30 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE [2006.09.23 22:11:30 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS [2006.09.16 21:25:20 | 000,007,582 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.08.22 14:43:16 | 000,005,363 | ---- | C] () -- C:\WINDOWS\Imagine.INI [2006.08.20 15:45:55 | 000,000,154 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006.08.20 13:50:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\URLPROXY.INI [2006.08.19 15:48:57 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\miles davis\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.08.19 15:21:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.08.19 15:21:10 | 000,004,325 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006.08.19 14:17:32 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2006.08.19 14:17:32 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2006.08.19 14:17:32 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys [2006.08.19 14:17:32 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2006.08.19 14:17:32 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys [2006.08.19 14:17:32 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys [2006.08.19 14:17:32 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2006.08.19 14:17:32 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2006.08.19 14:17:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006.08.19 13:55:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.08.19 13:48:07 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.08.19 13:39:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.08.19 13:38:52 | 000,160,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.08.09 12:33:42 | 000,002,120 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI [2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001.08.23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.18 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.18 12:00:00 | 000,411,266 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.08.18 12:00:00 | 000,397,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.18 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.18 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.08.18 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.18 12:00:00 | 000,072,684 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.08.18 12:00:00 | 000,059,780 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.18 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.18 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.08.18 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.18 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001.08.18 12:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2001.08.18 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2000.04.05 17:03:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Ati2evxx.exe [1996.12.09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1996.12.09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== LOP Check ========== [2006.08.19 15:10:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\FRITZ! [2010.03.25 00:06:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\LogoManager [2009.12.01 15:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\DVD2AVI Ripper Professional [2012.01.22 19:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\DDMSettings [2011.05.13 10:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Canneverbe Limited [2006.09.01 22:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\uTorrent [2006.10.11 21:45:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\concept design [2006.11.11 17:35:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\flightgear.org [2006.11.20 11:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Ashampoo Photo Commander 4 [2011.08.25 18:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Thunderbird [2007.04.12 11:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\PC Suite [2011.11.24 22:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\OpenOffice.org [2007.04.12 11:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Nokia [2007.06.13 08:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\ICQ Toolbar [2007.08.07 14:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\1&1 [2007.09.29 17:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\BitTorrent [2007.11.15 21:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\NCH Swift Sound [2008.01.17 23:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Anvil Studio [2008.01.24 00:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Leadertech [2008.05.05 20:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\foobar2000 [2008.12.17 10:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Uniblue [2009.11.22 10:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\Megaupload [2010.06.21 16:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\miles davis\Anwendungsdaten\MOVAVI [2006.11.20 11:50:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2006.11.25 15:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de Firefox [2007.04.12 11:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2007.04.12 11:05:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2007.04.14 09:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2007.11.15 21:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound [2008.03.30 12:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft [2008.12.17 10:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverScanner [2011.05.13 10:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > [2011.07.12 22:55:06 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2001.08.18 12:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll [2001.08.18 12:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=D9D9F2CC2AE17FDE1858F43CD93140C0 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2001.08.18 12:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=3DBBB866B1E7287E899DA9BC20E9F129 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll [2001.08.18 12:00:00 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=8AF9B2782330AF8BD46B30239E455E77 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\system32\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2001.08.18 12:00:00 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=6873D38E021EAC4E0B508D1822157C1D -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2001.08.18 12:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=292F283D9E2D49A91DF039C1076ACD18 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2001.08.23 12:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.08.19 13:38:08 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [2006.08.19 13:38:08 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.08.19 13:38:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < CREATERESTOREPOINT > < End of report > Gruß Gabriel |
11.06.2012, 09:26 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\URLSearchHook: {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Multi_Media_Germany toolbar) - {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Multi_Media_Germany toolbar) - {dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003\..\Toolbar\WebBrowser: (Multi_Media_Germany toolbar) - {DAC6ED64-8DD1-4AB8-AEDF-B97892D28FFE} - C:\Programme\Multi_Media_Germany\tbMul1.dll (Conduit Ltd.) O4 - HKLM..\Run: [WinampAgent] E:\Programme\Winamp\Winampa.exe () O4 - HKU\S-1-5-21-1844237615-1383384898-1060284298-1003..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - M:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\Shell\AutoRun\command - "" = M:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] () O33 - MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\Shell - "" = AutoRun O33 - MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\Shell\AutoRun\command - "" = N:\start.exe O33 - MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\Shell - "" = AutoRun O33 - MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\Shell\AutoRun\command - "" = N:\pushinst.exe :Files C:\Dokumente und Einstellungen\miles davis\Lokale Einstellungen\Anwendungsdaten\vTUjlOjGJlxLXvnVrpfye :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.06.2012, 10:07 | #23 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hallo Arne, hier das, was OTL nach dem Fix geliefert hat. Gruß Gabriel ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully. C:\Programme\uTorrentBar_DE\tbuTor.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dac6ed64-8dd1-4ab8-aedf-b97892d28ffe}\ deleted successfully. C:\Programme\Multi_Media_Germany\tbMul1.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. D:\Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found. File C:\Programme\uTorrentBar_DE\tbuTor.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dac6ed64-8dd1-4ab8-aedf-b97892d28ffe}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dac6ed64-8dd1-4ab8-aedf-b97892d28ffe}\ not found. File C:\Programme\Multi_Media_Germany\tbMul1.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Programme\ConduitEngine\ConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found. File C:\Programme\uTorrentBar_DE\tbuTor.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{dac6ed64-8dd1-4ab8-aedf-b97892d28ffe} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dac6ed64-8dd1-4ab8-aedf-b97892d28ffe}\ not found. File C:\Programme\Multi_Media_Germany\tbMul1.dll not found. Registry value HKEY_USERS\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DAC6ED64-8DD1-4AB8-AEDF-B97892D28FFE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAC6ED64-8DD1-4AB8-AEDF-B97892D28FFE}\ not found. File C:\Programme\Multi_Media_Germany\tbMul1.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully. E:\Programme\Winamp\winampa.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-1844237615-1383384898-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. D:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. M:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9df99721-2f86-11db-a00e-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9df99721-2f86-11db-a00e-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df99721-2f86-11db-a00e-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9df99721-2f86-11db-a00e-806d6172696f}\ not found. File move failed. M:\reatogoMenu.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a432b440-bd4d-11dd-811b-00e04df78eb6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a432b440-bd4d-11dd-811b-00e04df78eb6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a432b440-bd4d-11dd-811b-00e04df78eb6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a432b440-bd4d-11dd-811b-00e04df78eb6}\ not found. File N:\start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcb2e900-d2c0-11db-baa3-cf282c8dae16}\ not found. File N:\pushinst.exe not found. ========== FILES ========== C:\Dokumente und Einstellungen\miles davis\Lokale Einstellungen\Anwendungsdaten\vTUjlOjGJlxLXvnVrpfye moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Java cache emptied: 12118723 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes User: miles davis ->Temp folder emptied: 5159656 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 324374628 bytes ->Flash cache emptied: 2457 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1119339 bytes %systemroot%\System32 .tmp files removed: 9095 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49152 bytes Total Files Cleaned = 327,00 mb [EMPTYFLASH] User: Default User ->Temp folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes User: miles davis ->Temp folder emptied: 49152 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTLPE by OldTimer - Version 3.1.48.0 log created on 06112012_105716 Files\Folders moved on Reboot... File move failed. M:\AUTORUN.INF scheduled to be moved on reboot. File move failed. M:\reatogoMenu.exe scheduled to be moved on reboot. C:\Dokumente und Einstellungen\miles davis\Lokale Einstellungen\Temp\~DFDB99.tmp moved successfully. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_94.dat not found! Registry entries deleted on Reboot... |
14.06.2012, 07:21 | #24 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hallo Arne, ich hoffe, du bist wohlauf - du hast dich nicht mehr gemeldet, deswegen komm ich drauf. Naja, dafür wird es Gründe geben. Auf jeden Fall bis hierhin vielen Dank, XP läuft ja nun wieder ganz passabel. Ist denn das System jetzt virenfrei oder muß daran noch gewerkelt werden? Meinst du, ich könnte nun versuchen, die verschlüsselten Dateien zu entschlüsseln oder muß das noch warten? Kannst dich ja bei Gelegenheit mal melden. Viele Grüße Gabriel |
14.06.2012, 12:15 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Sry hab deinen Strang übersehen, wen wunderts bei diesem Ansturm Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
14.06.2012, 15:08 | #26 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hallo Arne, hier ist der Report von TDSS-Killer Code:
ATTFilter 16:02:27.0198 3916 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46 16:02:29.0201 3916 ============================================================ 16:02:29.0201 3916 Current date / time: 2012/06/14 16:02:29.0201 16:02:29.0201 3916 SystemInfo: 16:02:29.0201 3916 16:02:29.0201 3916 OS Version: 5.1.2600 ServicePack: 2.0 16:02:29.0201 3916 Product type: Workstation 16:02:29.0201 3916 ComputerName: VOODOO 16:02:29.0201 3916 UserName: miles davis 16:02:29.0201 3916 Windows directory: C:\WINDOWS 16:02:29.0201 3916 System windows directory: C:\WINDOWS 16:02:29.0201 3916 Processor architecture: Intel x86 16:02:29.0201 3916 Number of processors: 1 16:02:29.0201 3916 Page size: 0x1000 16:02:29.0201 3916 Boot type: Normal boot 16:02:29.0201 3916 ============================================================ 16:02:32.0025 3916 Drive \Device\Harddisk0\DR0 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 16:02:32.0075 3916 ============================================================ 16:02:32.0075 3916 \Device\Harddisk0\DR0: 16:02:32.0125 3916 MBR partitions: 16:02:32.0125 3916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xE00CD3 16:02:32.0135 3916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xE00D51, BlocksNum 0xA9E036 16:02:32.0145 3916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x6, StartLBA 0x189EDC6, BlocksNum 0x29EAAC 16:02:32.0155 3916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x6, StartLBA 0x1B3D8B1, BlocksNum 0x29EAAC 16:02:32.0175 3916 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x1DDC39C, BlocksNum 0x7FF54B 16:02:32.0175 3916 \Device\Harddisk0\DR0\Partition5: MBR, Type 0xB, StartLBA 0x25DB926, BlocksNum 0xBACA3B 16:02:32.0185 3916 \Device\Harddisk0\DR0\Partition6: MBR, Type 0xB, StartLBA 0x31883A0, BlocksNum 0x6A2432 16:02:32.0195 3916 \Device\Harddisk0\DR0\Partition7: MBR, Type 0xB, StartLBA 0x382A811, BlocksNum 0xCB36BE 16:02:32.0205 3916 \Device\Harddisk0\DR0\Partition8: MBR, Type 0xB, StartLBA 0x44DDF0E, BlocksNum 0x7D043F 16:02:32.0205 3916 ============================================================ 16:02:32.0235 3916 C: <-> \Device\Harddisk0\DR0\Partition0 16:02:32.0245 3916 D: <-> \Device\Harddisk0\DR0\Partition1 16:02:32.0255 3916 E: <-> \Device\Harddisk0\DR0\Partition2 16:02:32.0275 3916 F: <-> \Device\Harddisk0\DR0\Partition3 16:02:32.0285 3916 G: <-> \Device\Harddisk0\DR0\Partition4 16:02:32.0305 3916 H: <-> \Device\Harddisk0\DR0\Partition5 16:02:32.0325 3916 I: <-> \Device\Harddisk0\DR0\Partition6 16:02:32.0345 3916 J: <-> \Device\Harddisk0\DR0\Partition7 16:02:32.0355 3916 K: <-> \Device\Harddisk0\DR0\Partition8 16:02:32.0386 3916 ============================================================ 16:02:32.0386 3916 Initialize success 16:02:32.0386 3916 ============================================================ 16:03:18.0862 0636 ============================================================ 16:03:18.0862 0636 Scan started 16:03:18.0862 0636 Mode: Manual; SigCheck; TDLFS; 16:03:18.0862 0636 ============================================================ 16:03:19.0123 0636 Abiosdsk - ok 16:03:19.0153 0636 abp480n5 - ok 16:03:19.0253 0636 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:03:20.0585 0636 ACPI - ok 16:03:20.0635 0636 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:03:20.0935 0636 ACPIEC - ok 16:03:21.0276 0636 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:03:22.0387 0636 AdobeFlashPlayerUpdateSvc - ok 16:03:22.0407 0636 adpu160m - ok 16:03:22.0508 0636 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 16:03:23.0098 0636 aec - ok 16:03:23.0179 0636 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 16:03:23.0489 0636 AFD - ok 16:03:23.0509 0636 Aha154x - ok 16:03:23.0529 0636 aic78u2 - ok 16:03:23.0559 0636 aic78xx - ok 16:03:23.0629 0636 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll 16:03:23.0930 0636 Alerter - ok 16:03:24.0000 0636 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe 16:03:24.0330 0636 ALG - ok 16:03:24.0340 0636 AliIde - ok 16:03:24.0430 0636 AmdK7 (fbf9ffb0b638df1448821bd0aceeb780) C:\WINDOWS\system32\DRIVERS\amdk7.sys 16:03:24.0701 0636 AmdK7 - ok 16:03:24.0731 0636 amsint - ok 16:03:24.0851 0636 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) D:\Programme\Avira\AntiVir Desktop\sched.exe 16:03:24.0881 0636 AntiVirSchedulerService - ok 16:03:24.0971 0636 AntiVirService (72d90e56563165984224493069c69ed4) D:\Programme\Avira\AntiVir Desktop\avguard.exe 16:03:25.0001 0636 AntiVirService - ok 16:03:25.0081 0636 AppMgmt (becd5328e7869807d6557be4fe60c72f) C:\WINDOWS\System32\appmgmts.dll 16:03:25.0372 0636 AppMgmt - ok 16:03:25.0412 0636 asc - ok 16:03:25.0442 0636 asc3350p - ok 16:03:25.0472 0636 asc3550 - ok 16:03:25.0562 0636 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys 16:03:25.0572 0636 ASPI32 ( UnsignedFile.Multi.Generic ) - warning 16:03:25.0572 0636 ASPI32 - detected UnsignedFile.Multi.Generic (1) 16:03:25.0682 0636 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 16:03:25.0702 0636 aspnet_state - ok 16:03:25.0742 0636 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:03:26.0033 0636 AsyncMac - ok 16:03:26.0093 0636 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:03:26.0373 0636 atapi - ok 16:03:26.0393 0636 Atdisk - ok 16:03:26.0473 0636 Ati HotKey Poller (5bfb89a40c843708e94a871ba292ac96) C:\WINDOWS\system32\Ati2evxx.exe 16:03:26.0543 0636 Ati HotKey Poller - ok 16:03:26.0624 0636 ati2mpaa (e99b564478a28c573dc77d05963244ad) C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys 16:03:26.0984 0636 ati2mpaa - ok 16:03:27.0054 0636 ati2mtaa (27bab72eae141d0ce39ec65c0fdeb2d6) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys 16:03:27.0114 0636 ati2mtaa - ok 16:03:27.0194 0636 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:03:27.0785 0636 Atmarpc - ok 16:03:27.0865 0636 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll 16:03:28.0126 0636 AudioSrv - ok 16:03:28.0186 0636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:03:28.0516 0636 audstub - ok 16:03:28.0586 0636 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys 16:03:28.0596 0636 avgio - ok 16:03:28.0656 0636 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 16:03:28.0676 0636 avgntflt - ok 16:03:28.0747 0636 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 16:03:28.0777 0636 avipbb - ok 16:03:28.0827 0636 AVM IGD CTRL Service (8dfa2ec772f97ed02b384db88641b367) D:\Programme\FRITZ!DSL\IGDCTRL.EXE 16:03:28.0847 0636 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning 16:03:28.0847 0636 AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1) 16:03:28.0917 0636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:03:29.0257 0636 Beep - ok 16:03:29.0357 0636 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\System32\qmgr.dll 16:03:29.0638 0636 BITS - ok 16:03:29.0718 0636 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll 16:03:29.0968 0636 Browser - ok 16:03:30.0038 0636 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 16:03:30.0319 0636 BthEnum - ok 16:03:30.0369 0636 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 16:03:30.0609 0636 BTHMODEM - ok 16:03:30.0679 0636 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys 16:03:30.0930 0636 BthPan - ok 16:03:31.0010 0636 BTHPORT (0b9ace3462420fd48eb5d91868c88b75) C:\WINDOWS\system32\Drivers\BTHport.sys 16:03:31.0290 0636 BTHPORT - ok 16:03:31.0380 0636 BthServ (822d1875b12b6219cece1d221349cef4) C:\WINDOWS\System32\bthserv.dll 16:03:31.0631 0636 BthServ - ok 16:03:31.0691 0636 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys 16:03:31.0921 0636 BTHUSB - ok 16:03:31.0981 0636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:03:32.0342 0636 cbidf2k - ok 16:03:32.0362 0636 cd20xrnt - ok 16:03:32.0442 0636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:03:32.0772 0636 Cdaudio - ok 16:03:32.0832 0636 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 16:03:33.0063 0636 Cdfs - ok 16:03:33.0113 0636 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:03:33.0353 0636 Cdrom - ok 16:03:33.0383 0636 Changer - ok 16:03:33.0503 0636 cisvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\System32\cisvc.exe 16:03:33.0734 0636 cisvc - ok 16:03:33.0804 0636 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe 16:03:34.0044 0636 ClipSrv - ok 16:03:34.0144 0636 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:03:34.0164 0636 clr_optimization_v2.0.50727_32 - ok 16:03:34.0194 0636 CmdIde - ok 16:03:34.0285 0636 COMSysApp - ok 16:03:34.0335 0636 Cpqarray - ok 16:03:34.0405 0636 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll 16:03:34.0645 0636 CryptSvc - ok 16:03:34.0675 0636 dac2w2k - ok 16:03:34.0715 0636 dac960nt - ok 16:03:34.0805 0636 DcomLaunch (891e3e4537c6dfcae475073fc49ce9cb) C:\WINDOWS\system32\rpcss.dll 16:03:35.0136 0636 DcomLaunch - ok 16:03:35.0246 0636 de_serv (1523251b9d8a5d84de0cd23418847824) C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe 16:03:35.0296 0636 de_serv ( UnsignedFile.Multi.Generic ) - warning 16:03:35.0296 0636 de_serv - detected UnsignedFile.Multi.Generic (1) 16:03:35.0376 0636 Dhcp (7c4d218f9017725589adacab82beb0f8) C:\WINDOWS\System32\dhcpcsvc.dll 16:03:35.0576 0636 Dhcp - ok 16:03:35.0626 0636 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 16:03:35.0877 0636 Disk - ok 16:03:35.0917 0636 dmadmin - ok 16:03:36.0027 0636 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 16:03:36.0378 0636 dmboot - ok 16:03:36.0448 0636 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 16:03:36.0698 0636 dmio - ok 16:03:36.0758 0636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:03:37.0099 0636 dmload - ok 16:03:37.0169 0636 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll 16:03:37.0399 0636 dmserver - ok 16:03:37.0479 0636 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 16:03:37.0719 0636 DMusic - ok 16:03:37.0770 0636 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll 16:03:38.0020 0636 Dnscache - ok 16:03:38.0050 0636 dpti2o - ok 16:03:38.0110 0636 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 16:03:38.0340 0636 drmkaud - ok 16:03:38.0420 0636 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll 16:03:38.0651 0636 ERSvc - ok 16:03:38.0731 0636 Eventlog (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe 16:03:38.0991 0636 Eventlog - ok 16:03:39.0061 0636 EventSystem (bebc63622bdc30053a3145ebd90af450) C:\WINDOWS\System32\es.dll 16:03:39.0142 0636 EventSystem - ok 16:03:39.0202 0636 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 16:03:39.0452 0636 Fastfat - ok 16:03:39.0522 0636 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 16:03:39.0752 0636 FastUserSwitchingCompatibility - ok 16:03:39.0812 0636 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 16:03:40.0033 0636 Fdc - ok 16:03:40.0103 0636 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 16:03:40.0473 0636 Fips - ok 16:03:40.0534 0636 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 16:03:40.0764 0636 Flpydisk - ok 16:03:40.0834 0636 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys 16:03:41.0064 0636 FltMgr - ok 16:03:41.0114 0636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:03:41.0485 0636 Fs_Rec - ok 16:03:41.0545 0636 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:03:41.0895 0636 Ftdisk - ok 16:03:41.0986 0636 FWLANUSB (b45f1df1cce34e2af422f0ed78cd70ef) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys 16:03:42.0056 0636 FWLANUSB - ok 16:03:42.0106 0636 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys 16:03:42.0336 0636 gameenum - ok 16:03:42.0386 0636 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:03:42.0617 0636 Gpc - ok 16:03:42.0687 0636 gupdate - ok 16:03:42.0787 0636 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 16:03:43.0017 0636 helpsvc - ok 16:03:43.0067 0636 HidServ (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll 16:03:43.0298 0636 HidServ - ok 16:03:43.0378 0636 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:03:43.0728 0636 HidUsb - ok 16:03:43.0748 0636 hpn - ok 16:03:43.0768 0636 hpt3xx - ok 16:03:43.0848 0636 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 16:03:44.0059 0636 HTTP - ok 16:03:44.0139 0636 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll 16:03:44.0369 0636 HTTPFilter - ok 16:03:44.0389 0636 i2omgmt - ok 16:03:44.0419 0636 i2omp - ok 16:03:44.0479 0636 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:03:44.0710 0636 i8042prt - ok 16:03:44.0840 0636 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe 16:03:44.0870 0636 IDriverT ( UnsignedFile.Multi.Generic ) - warning 16:03:44.0870 0636 IDriverT - detected UnsignedFile.Multi.Generic (1) 16:03:44.0930 0636 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 16:03:45.0160 0636 Imapi - ok 16:03:45.0220 0636 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\System32\imapi.exe 16:03:45.0461 0636 ImapiService - ok 16:03:45.0511 0636 ini910u - ok 16:03:45.0551 0636 IntelIde - ok 16:03:45.0621 0636 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 16:03:45.0821 0636 ip6fw - ok 16:03:45.0881 0636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:03:46.0242 0636 IpFilterDriver - ok 16:03:46.0302 0636 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:03:46.0532 0636 IpInIp - ok 16:03:46.0592 0636 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:03:46.0783 0636 IpNat - ok 16:03:46.0833 0636 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:03:47.0063 0636 IPSec - ok 16:03:47.0133 0636 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:03:47.0363 0636 IRENUM - ok 16:03:47.0443 0636 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:03:47.0804 0636 isapnp - ok 16:03:47.0964 0636 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe 16:03:48.0004 0636 JavaQuickStarterService - ok 16:03:48.0064 0636 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:03:48.0285 0636 Kbdclass - ok 16:03:48.0345 0636 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:03:48.0575 0636 kbdhid - ok 16:03:48.0655 0636 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 16:03:48.0906 0636 kmixer - ok 16:03:48.0966 0636 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 16:03:49.0206 0636 KSecDD - ok 16:03:49.0306 0636 lanmanserver (2865fa4ed4471929881c053a6e5a85f6) C:\WINDOWS\System32\srvsvc.dll 16:03:49.0366 0636 lanmanserver - ok 16:03:49.0436 0636 lanmanworkstation (36d74668f5448d55887fa3958488dc06) C:\WINDOWS\System32\wkssvc.dll 16:03:49.0667 0636 lanmanworkstation - ok 16:03:49.0697 0636 lbrtfdc - ok 16:03:49.0787 0636 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll 16:03:50.0027 0636 LmHosts - ok 16:03:50.0087 0636 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 16:03:50.0137 0636 MBAMProtector - ok 16:03:50.0278 0636 MBAMService (ba400ed640bca1eae5c727ae17c10207) D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 16:03:50.0388 0636 MBAMService - ok 16:03:50.0458 0636 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll 16:03:50.0718 0636 Messenger - ok 16:03:50.0778 0636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:03:51.0139 0636 mnmdd - ok 16:03:51.0229 0636 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\System32\mnmsrvc.exe 16:03:51.0459 0636 mnmsrvc - ok 16:03:51.0519 0636 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 16:03:51.0760 0636 Modem - ok 16:03:51.0810 0636 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:03:52.0040 0636 Mouclass - ok 16:03:52.0110 0636 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:03:52.0461 0636 mouhid - ok 16:03:52.0521 0636 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 16:03:52.0731 0636 MountMgr - ok 16:03:52.0851 0636 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 16:03:52.0891 0636 MozillaMaintenance - ok 16:03:52.0901 0636 mraid35x - ok 16:03:52.0981 0636 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:03:53.0232 0636 MRxDAV - ok 16:03:53.0332 0636 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:03:53.0582 0636 MRxSmb - ok 16:03:53.0652 0636 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\System32\msdtc.exe 16:03:53.0883 0636 MSDTC - ok 16:03:53.0923 0636 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 16:03:54.0153 0636 Msfs - ok 16:03:54.0213 0636 MSIServer - ok 16:03:54.0273 0636 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:03:54.0514 0636 MSKSSRV - ok 16:03:54.0574 0636 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:03:54.0794 0636 MSPCLOCK - ok 16:03:54.0864 0636 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 16:03:55.0104 0636 MSPQM - ok 16:03:55.0155 0636 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:03:55.0395 0636 mssmbios - ok 16:03:55.0435 0636 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 16:03:55.0795 0636 ms_mpu401 - ok 16:03:55.0846 0636 Mup (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys 16:03:55.0916 0636 Mup - ok 16:03:55.0986 0636 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 16:03:56.0216 0636 NDIS - ok 16:03:56.0266 0636 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:03:56.0607 0636 NdisTapi - ok 16:03:56.0697 0636 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:03:56.0737 0636 Ndisuio - ok 16:03:56.0797 0636 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:03:57.0017 0636 NdisWan - ok 16:03:57.0077 0636 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 16:03:57.0448 0636 NDProxy - ok 16:03:57.0498 0636 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:03:57.0728 0636 NetBIOS - ok 16:03:57.0778 0636 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:03:58.0019 0636 NetBT - ok 16:03:58.0089 0636 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 16:03:58.0329 0636 NetDDE - ok 16:03:58.0379 0636 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 16:03:58.0610 0636 NetDDEdsdm - ok 16:03:58.0680 0636 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe 16:03:58.0900 0636 Netlogon - ok 16:03:59.0000 0636 Netman (1e5218fbe323c375b488318950e10fb4) C:\WINDOWS\System32\netman.dll 16:03:59.0070 0636 Netman - ok 16:03:59.0140 0636 Nla (b36e08f680bae4dfc5c24d00a2dfc9e7) C:\WINDOWS\System32\mswsock.dll 16:03:59.0401 0636 Nla - ok 16:03:59.0491 0636 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) D:\Programme\CDBurnerXP\NMSAccessU.exe 16:03:59.0521 0636 NMSAccess - ok 16:03:59.0601 0636 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys 16:03:59.0741 0636 nmwcd - ok 16:03:59.0821 0636 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys 16:03:59.0891 0636 nmwcdc - ok 16:03:59.0951 0636 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys 16:04:00.0042 0636 nmwcdcj - ok 16:04:00.0082 0636 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys 16:04:00.0142 0636 nmwcdcm - ok 16:04:00.0192 0636 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 16:04:00.0422 0636 Npfs - ok 16:04:00.0542 0636 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 16:04:00.0823 0636 Ntfs - ok 16:04:00.0873 0636 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe 16:04:01.0093 0636 NtLmSsp - ok 16:04:01.0343 0636 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll 16:04:01.0624 0636 NtmsSvc - ok 16:04:01.0674 0636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:04:02.0034 0636 Null - ok 16:04:02.0235 0636 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:04:03.0036 0636 nv - ok 16:04:03.0106 0636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:04:03.0467 0636 NwlnkFlt - ok 16:04:03.0517 0636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:04:03.0837 0636 NwlnkFwd - ok 16:04:03.0907 0636 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys 16:04:04.0137 0636 Parport - ok 16:04:04.0198 0636 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 16:04:04.0548 0636 PartMgr - ok 16:04:04.0618 0636 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 16:04:04.0959 0636 ParVdm - ok 16:04:05.0019 0636 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 16:04:05.0269 0636 PCI - ok 16:04:05.0299 0636 PCIDump - ok 16:04:05.0359 0636 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 16:04:05.0700 0636 PCIIde - ok 16:04:05.0780 0636 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:04:06.0010 0636 Pcmcia - ok 16:04:06.0030 0636 PDCOMP - ok 16:04:06.0060 0636 PDFRAME - ok 16:04:06.0090 0636 PDRELI - ok 16:04:06.0110 0636 PDRFRAME - ok 16:04:06.0140 0636 perc2 - ok 16:04:06.0170 0636 perc2hib - ok 16:04:06.0451 0636 PlugPlay (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe 16:04:06.0681 0636 PlugPlay - ok 16:04:06.0731 0636 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe 16:04:06.0942 0636 PolicyAgent - ok 16:04:07.0002 0636 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:04:07.0222 0636 PptpMiniport - ok 16:04:07.0272 0636 PQNTDrv (474543751522111dd7c0cf09e17f6d9f) C:\WINDOWS\system32\drivers\PQNTDrv.sys 16:04:07.0292 0636 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning 16:04:07.0292 0636 PQNTDrv - detected UnsignedFile.Multi.Generic (1) 16:04:07.0362 0636 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys 16:04:07.0582 0636 Processor - ok 16:04:07.0633 0636 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 16:04:07.0853 0636 ProtectedStorage - ok 16:04:07.0913 0636 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 16:04:08.0143 0636 PSched - ok 16:04:08.0183 0636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:04:08.0534 0636 Ptilink - ok 16:04:08.0594 0636 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:04:08.0614 0636 PxHelp20 - ok 16:04:08.0654 0636 ql1080 - ok 16:04:08.0684 0636 Ql10wnt - ok 16:04:08.0714 0636 ql12160 - ok 16:04:08.0744 0636 ql1240 - ok 16:04:08.0774 0636 ql1280 - ok 16:04:08.0824 0636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:04:09.0175 0636 RasAcd - ok 16:04:09.0255 0636 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll 16:04:09.0485 0636 RasAuto - ok 16:04:09.0535 0636 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:04:09.0746 0636 Rasl2tp - ok 16:04:09.0816 0636 RasMan (ffc8343b35fb2df01a5767748efa5b58) C:\WINDOWS\System32\rasmans.dll 16:04:10.0016 0636 RasMan - ok 16:04:10.0056 0636 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:04:10.0286 0636 RasPppoe - ok 16:04:10.0336 0636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:04:10.0667 0636 Raspti - ok 16:04:10.0747 0636 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:04:10.0917 0636 Rdbss - ok 16:04:10.0957 0636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:04:11.0328 0636 RDPCDD - ok 16:04:11.0408 0636 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 16:04:11.0648 0636 rdpdr - ok 16:04:11.0728 0636 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 16:04:11.0788 0636 RDPWD - ok 16:04:11.0869 0636 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe 16:04:12.0119 0636 RDSessMgr - ok 16:04:12.0169 0636 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:04:12.0419 0636 redbook - ok 16:04:12.0479 0636 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll 16:04:12.0820 0636 RemoteAccess - ok 16:04:12.0900 0636 RemoteRegistry (ae81cf7d7cfa79cd03e8fb99788a7e09) C:\WINDOWS\system32\regsvc.dll 16:04:13.0110 0636 RemoteRegistry - ok 16:04:13.0190 0636 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 16:04:13.0411 0636 RFCOMM - ok 16:04:13.0481 0636 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\System32\locator.exe 16:04:13.0711 0636 RpcLocator - ok 16:04:13.0801 0636 RpcSs (891e3e4537c6dfcae475073fc49ce9cb) C:\WINDOWS\system32\rpcss.dll 16:04:13.0871 0636 RpcSs - ok 16:04:13.0962 0636 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys 16:04:14.0002 0636 rspndr - ok 16:04:14.0082 0636 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe 16:04:14.0472 0636 RSVP - ok 16:04:14.0613 0636 RTCore32 - ok 16:04:14.0683 0636 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 16:04:14.0893 0636 rtl8139 - ok 16:04:14.0973 0636 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 16:04:15.0173 0636 SamSs - ok 16:04:15.0263 0636 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe 16:04:15.0494 0636 SCardSvr - ok 16:04:15.0574 0636 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll 16:04:15.0814 0636 Schedule - ok 16:04:15.0874 0636 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:04:16.0105 0636 Secdrv - ok 16:04:16.0165 0636 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll 16:04:16.0395 0636 seclogon - ok 16:04:16.0455 0636 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll 16:04:16.0676 0636 SENS - ok 16:04:16.0686 0636 Ser2pl - ok 16:04:16.0776 0636 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 16:04:16.0986 0636 serenum - ok 16:04:17.0046 0636 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys 16:04:17.0256 0636 Serial - ok 16:04:17.0326 0636 sermouse (e8f3e51da8098201f50678cec5fce179) C:\WINDOWS\system32\DRIVERS\sermouse.sys 16:04:17.0697 0636 sermouse - ok 16:04:17.0817 0636 ServiceLayer (78546cd2eca6dd6bdcd4b13048621f88) C:\Programme\PC Connectivity Solution\ServiceLayer.exe 16:04:17.0857 0636 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 16:04:17.0867 0636 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 16:04:17.0917 0636 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys 16:04:17.0937 0636 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning 16:04:17.0937 0636 sfdrv01 - detected UnsignedFile.Multi.Generic (1) 16:04:17.0987 0636 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys 16:04:17.0997 0636 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning 16:04:17.0997 0636 sfhlp02 - detected UnsignedFile.Multi.Generic (1) 16:04:18.0047 0636 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 16:04:18.0268 0636 Sfloppy - ok 16:04:18.0328 0636 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys 16:04:18.0348 0636 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning 16:04:18.0348 0636 sfvfs02 - detected UnsignedFile.Multi.Generic (1) 16:04:18.0458 0636 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll 16:04:18.0718 0636 SharedAccess - ok 16:04:18.0789 0636 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 16:04:19.0019 0636 ShellHWDetection - ok 16:04:19.0039 0636 Simbad - ok 16:04:19.0099 0636 SiS7012 (7d0a8098fc8105c5f6fc6cdaeaf43f88) C:\WINDOWS\system32\drivers\sis7012.sys 16:04:19.0119 0636 SiS7012 ( UnsignedFile.Multi.Generic ) - warning 16:04:19.0119 0636 SiS7012 - detected UnsignedFile.Multi.Generic (1) 16:04:19.0209 0636 SiS7018 (93640ef0f4606a08df13bb059e181aeb) C:\WINDOWS\system32\drivers\sis7018.sys 16:04:19.0289 0636 SiS7018 - ok 16:04:19.0349 0636 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys 16:04:19.0580 0636 sisagp - ok 16:04:19.0610 0636 Sparrow - ok 16:04:19.0690 0636 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 16:04:19.0910 0636 splitter - ok 16:04:19.0960 0636 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe 16:04:20.0020 0636 Spooler - ok 16:04:20.0080 0636 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 16:04:20.0311 0636 sr - ok 16:04:20.0381 0636 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\System32\srsvc.dll 16:04:20.0611 0636 srservice - ok 16:04:20.0691 0636 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys 16:04:20.0902 0636 Srv - ok 16:04:21.0002 0636 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll 16:04:21.0222 0636 SSDPSRV - ok 16:04:21.0282 0636 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 16:04:21.0292 0636 ssmdrv - ok 16:04:21.0352 0636 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 16:04:21.0372 0636 StarOpen ( UnsignedFile.Multi.Generic ) - warning 16:04:21.0372 0636 StarOpen - detected UnsignedFile.Multi.Generic (1) 16:04:21.0482 0636 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll 16:04:21.0713 0636 stisvc - ok 16:04:21.0783 0636 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:04:22.0003 0636 swenum - ok 16:04:22.0053 0636 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 16:04:22.0434 0636 swmidi - ok 16:04:22.0584 0636 SwPrv - ok 16:04:22.0634 0636 symc810 - ok 16:04:22.0654 0636 symc8xx - ok 16:04:22.0684 0636 sym_hi - ok 16:04:22.0714 0636 sym_u3 - ok 16:04:22.0784 0636 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 16:04:22.0995 0636 sysaudio - ok 16:04:23.0085 0636 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe 16:04:23.0315 0636 SysmonLog - ok 16:04:23.0405 0636 TapiSrv (427d7eb3b453347082c8f4b370065d60) C:\WINDOWS\System32\tapisrv.dll 16:04:23.0485 0636 TapiSrv - ok 16:04:23.0565 0636 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:04:23.0766 0636 Tcpip - ok 16:04:23.0836 0636 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:04:24.0036 0636 TDPIPE - ok 16:04:24.0116 0636 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 16:04:24.0347 0636 TDTCP - ok 16:04:24.0407 0636 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:04:24.0627 0636 TermDD - ok 16:04:24.0707 0636 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll 16:04:24.0957 0636 TermService - ok 16:04:25.0038 0636 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 16:04:25.0258 0636 Themes - ok 16:04:25.0338 0636 TlntSvr (58708746b8267033e5cf2b29659e7f74) C:\WINDOWS\System32\tlntsvr.exe 16:04:25.0568 0636 TlntSvr - ok 16:04:25.0588 0636 TosIde - ok 16:04:25.0678 0636 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll 16:04:25.0909 0636 TrkWks - ok 16:04:25.0979 0636 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 16:04:26.0199 0636 Udfs - ok 16:04:26.0229 0636 ultra - ok 16:04:26.0289 0636 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe 16:04:26.0329 0636 UMWdf - ok 16:04:26.0420 0636 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys 16:04:26.0460 0636 Update - ok 16:04:26.0550 0636 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll 16:04:26.0790 0636 upnphost - ok 16:04:26.0840 0636 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe 16:04:27.0060 0636 UPS - ok 16:04:27.0151 0636 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:04:27.0381 0636 usbccgp - ok 16:04:27.0441 0636 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:04:27.0481 0636 usbhub - ok 16:04:27.0541 0636 usbohci (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys 16:04:27.0561 0636 usbohci - ok 16:04:27.0611 0636 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:04:27.0842 0636 usbprint - ok 16:04:27.0912 0636 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:04:28.0122 0636 USBSTOR - ok 16:04:28.0212 0636 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Programme\Windows Live\Messenger\usnsvc.exe 16:04:28.0242 0636 usnjsvc - ok 16:04:28.0292 0636 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 16:04:28.0523 0636 VgaSave - ok 16:04:28.0543 0636 ViaIde - ok 16:04:28.0623 0636 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 16:04:28.0853 0636 VolSnap - ok 16:04:28.0923 0636 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe 16:04:29.0143 0636 VSS - ok 16:04:29.0234 0636 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\System32\w32time.dll 16:04:29.0474 0636 W32Time - ok 16:04:29.0544 0636 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:04:29.0764 0636 Wanarp - ok 16:04:29.0784 0636 WDICA - ok 16:04:29.0864 0636 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 16:04:30.0095 0636 wdmaud - ok 16:04:30.0145 0636 WebClient (879ecb9a5f14a03960b84edb7207a051) C:\WINDOWS\System32\webclnt.dll 16:04:30.0335 0636 WebClient - ok 16:04:30.0425 0636 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll 16:04:30.0656 0636 winmgmt - ok 16:04:30.0776 0636 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll 16:04:30.0806 0636 WmdmPmSN - ok 16:04:30.0936 0636 Wmi (9cbb06e4438d6a0d52a46e0b44796d37) C:\WINDOWS\System32\advapi32.dll 16:04:31.0226 0636 Wmi - ok 16:04:31.0317 0636 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\System32\wbem\wmiapsrv.exe 16:04:31.0547 0636 WmiApSrv - ok 16:04:31.0597 0636 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:04:31.0927 0636 WS2IFSL - ok 16:04:31.0998 0636 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll 16:04:32.0228 0636 wscsvc - ok 16:04:32.0308 0636 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\System32\wuauserv.dll 16:04:32.0518 0636 wuauserv - ok 16:04:32.0598 0636 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:04:32.0658 0636 WudfPf - ok 16:04:32.0719 0636 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:04:32.0759 0636 WudfRd - ok 16:04:32.0829 0636 WudfSvc (db5bf5aab72b1b99b5331231d09ebb26) C:\WINDOWS\System32\WUDFSvc.dll 16:04:32.0869 0636 WudfSvc - ok 16:04:32.0959 0636 WZCSVC (eb52b74a5daadc2cca68b3e7d81007e6) C:\WINDOWS\System32\wzcsvc.dll 16:04:33.0049 0636 WZCSVC - ok 16:04:33.0139 0636 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll 16:04:33.0380 0636 xmlprov - ok 16:04:33.0490 0636 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 16:04:34.0251 0636 \Device\Harddisk0\DR0 - ok 16:04:34.0301 0636 Boot (0x1200) (2f7f093747cb69aaba48a5670c5ce8d1) \Device\Harddisk0\DR0\Partition0 16:04:34.0301 0636 \Device\Harddisk0\DR0\Partition0 - ok 16:04:34.0341 0636 Boot (0x1200) (fa9676ba57ee5f3ff44d9b6f1388ee92) \Device\Harddisk0\DR0\Partition1 16:04:34.0341 0636 \Device\Harddisk0\DR0\Partition1 - ok 16:04:34.0381 0636 Boot (0x1200) (2ffe9f0ce543a27b77288d20b6ac7fa7) \Device\Harddisk0\DR0\Partition2 16:04:34.0381 0636 \Device\Harddisk0\DR0\Partition2 - ok 16:04:34.0421 0636 Boot (0x1200) (699b31bd4c7f3ac24f1636dcae4d771d) \Device\Harddisk0\DR0\Partition3 16:04:34.0421 0636 \Device\Harddisk0\DR0\Partition3 - ok 16:04:34.0461 0636 Boot (0x1200) (94408a7b62eb3928f971160e89f78c33) \Device\Harddisk0\DR0\Partition4 16:04:34.0461 0636 \Device\Harddisk0\DR0\Partition4 - ok 16:04:34.0481 0636 Boot (0x1200) (e205dc27613776a916c4f796979c6d47) \Device\Harddisk0\DR0\Partition5 16:04:34.0481 0636 \Device\Harddisk0\DR0\Partition5 - ok 16:04:34.0511 0636 Boot (0x1200) (6f158bdd2716352ff75d875b9314fa10) \Device\Harddisk0\DR0\Partition6 16:04:34.0511 0636 \Device\Harddisk0\DR0\Partition6 - ok 16:04:34.0541 0636 Boot (0x1200) (61439c606b7fa61dc61640f9925c92bc) \Device\Harddisk0\DR0\Partition7 16:04:34.0541 0636 \Device\Harddisk0\DR0\Partition7 - ok 16:04:34.0571 0636 Boot (0x1200) (39e499cd1d6868810c2a331b939ab8a8) \Device\Harddisk0\DR0\Partition8 16:04:34.0571 0636 \Device\Harddisk0\DR0\Partition8 - ok 16:04:34.0581 0636 ============================================================ 16:04:34.0581 0636 Scan finished 16:04:34.0581 0636 ============================================================ 16:04:34.0741 0644 Detected object count: 11 16:04:34.0741 0644 Actual detected object count: 11 16:05:03.0663 0644 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0663 0644 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0673 0644 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0673 0644 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0673 0644 de_serv ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0673 0644 de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0673 0644 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0673 0644 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0683 0644 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0683 0644 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0683 0644 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0683 0644 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0693 0644 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0693 0644 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0693 0644 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0693 0644 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0703 0644 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0713 0644 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0713 0644 SiS7012 ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0713 0644 SiS7012 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:05:03.0723 0644 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 16:05:03.0723 0644 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip Gabriel |
14.06.2012, 15:32 | #27 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.06.2012, 22:47 | #28 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hallo Arne, Combofix läuft durch bis zum Schritt Code:
ATTFilter Fertiggestellt Stufe_50 Code:
ATTFilter Lösche Ordner C:\Dokumente und Einstellungen\Miles davis\Anwendungsdaten\1&1 Ich hab den Computer nochmal neu gestartet, es nochmal versucht und wieder dasselbe Ergebnis. Es bleibt an dieser Stelle stehen. Eine combofix.txt hab ich unter c: auch nicht gefunden. Was tun? Hast du ne Idee? Gruß Gabriel |
15.06.2012, 14:50 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.06.2012, 16:20 | #30 |
| Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus Hallo Arne, nee, funktioniert nicht - gleiches Problem wie vorher. Gruß Gabriel |
Themen zu Verschlüsselungs Trojaner - XP startet nicht im abgesicherten Modus |
antivir, aus mail, avira, bho, browser, cdburnerxp, conduit, desktop, disabletaskmgr, dsl, error, firefox, flash player, format, google, helper, internet, kein internet, launch, logfile, mozilla, mp3, nicht erkennt, plug-in, realtek, registry, safer networking, scan, software, system, trojaner, verschlüsselungstrojaner windows xp, windows, wlan-stick |