| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security PlatinumWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2012, 18:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Live Security Platinum Lies dir doch mal in Ruhe den Artikel zur Neuinstallation durch, das ist nun wirklich kein Hexenwerk 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.08.2012, 18:36
| #17 |
 | Live Security Platinum Ich fürchte, das überfordert mich. Hätte dazu unzählige laienhafte Fragen.
__________________Es müssten verschiedene Programe heruntergeladen werden. Könnte ich das auf meinem infizierten System machen, z.B. die 3 SP´s von XP. Es heißt, man sollte das machen, bevor man das erste Mal online geht. Wie soll das dann gehen, wenn ich alles formatiere? Müsste auch meine ganzen Daten sichern. Ja, ich weiß, bin da zu nachlässig. Habe es bisher noch nicht getan. Bekenne mich schuldig ;-) Dazu bräuchte ich eine externe Festplatte, oder? Habe ich nicht. Außerdem habe ich nur eine Partition auf meiner Festplatte. Wäre da für mich als Laien ersichtlich, wo welche (zu sichernden) Daten sind? Und dürfte ich überhaupt ne externe Festplatte gefahrlos an mein infiziertes System stecken, ohne dass diese auch den Trojaner abbekommt!? Es wäre echt ein ziemlicher Horror. Wäre es denn ggf. denkbar, dass du mich auch telefonisch begleiten könntest? Nur mit dieser schriftlichen Anleitung pack ichs wohl nicht. Das wäre dann selbstverständlich mit einer "Spende" meinerseits verbunden! Bin jetzt einigermaßen frustriert. Darf ich dich nochmal fragen, woran du bei mir die Empfehlung des Formatierens festmachst, während andere User mit Live Security Platinum es so bereinigen können? Geändert von helpneeded (14.08.2012 um 19:28 Uhr) |
|
15.08.2012, 13:33
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Telefonsupport machen wir nicht aus Prinzip. Es gibt auch kene Hilfe per PN. Das würde das Forum ad absurdum führen
__________________Und auf den Artikel mit der Neuinstallation habe ich hingewiesen weil du glaubtest es sei nicht machbar, dabei haben wir nun wirklich Anleitungen die bis ins kleinste Detail gehen Was willst du jetzt machen? Bereinigung oder Neuistallation?
__________________ |
|
15.08.2012, 15:23
| #19 |
| | Live Security Platinum Ok, dann versuchen wir es zunächst mit der Bereinigung. |
|
15.08.2012, 20:37
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2012, 22:49
| #21 |
| | Live Security Platinum erledigt! Vielen Dank für deine Hilfe! hier OTL.Txt: Code:
ATTFilter OTL logfile created on: 15.08.2012 23:26:50 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,60% Memory free 3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,81% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 460,96 Gb Total Space | 346,33 Gb Free Space | 75,13% Space Free | Partition Type: NTFS Computer Name: DHWPK82J | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.15 23:24:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2012.08.15 23:20:44 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\clclean.0001 PRC - [2012.08.10 09:13:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.17 20:07:24 | 000,102,400 | ---- | M] () -- C:\Programme\Hercules\Hercules DualPix HD Webcam\CamService.exe PRC - [2006.05.12 14:21:38 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe PRC - [2006.05.03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe PRC - [2006.02.10 00:34:54 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe PRC - [2005.12.12 17:52:32 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe PRC - [2005.09.15 10:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe PRC - [2005.09.08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.06.17 08:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2005.06.17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2005.06.10 11:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2005.03.23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2004.12.02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\MediaSource\Detector\CTDetect.exe PRC - [1997.01.10 06:23:00 | 000,016,384 | ---- | M] (Lotus Development Corporation) -- C:\lotus\wordpro\ltsstart.exe PRC - [1995.11.06 06:23:00 | 000,045,056 | ---- | M] () -- C:\lotus\register\remind32.exe ========== Modules (No Company Name) ========== MOD - [2012.08.15 23:20:44 | 000,697,884 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\temp\clclean.0001.dir.0010\~df394b.tmp MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.10.14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.01.17 20:07:24 | 000,102,400 | ---- | M] () -- C:\Programme\Hercules\Hercules DualPix HD Webcam\CamService.exe MOD - [2006.05.03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe MOD - [2005.09.22 19:19:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\hcwXDS.dll MOD - [2005.08.05 15:26:04 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax MOD - [2005.08.05 15:26:04 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax MOD - [2005.08.05 14:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax MOD - [2005.05.19 09:54:00 | 001,345,520 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL MOD - [1995.11.06 06:23:00 | 000,045,056 | ---- | M] () -- C:\lotus\register\remind32.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv) SRV - [2012.08.03 17:52:51 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2006.05.12 14:21:38 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2005.12.12 17:52:32 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService) SRV - [2005.06.17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFWDSL.SYS -- (NETFWDSL) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\926104.sys -- (926104) DRV - File not found [Kernel | Unavailable | Unknown] -- C:\DOKUME~1\GNTERT~1\LOKALE~1\Temp\-213E8.tmp -- (-213E8) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006.12.08 15:02:50 | 000,275,072 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDvid.sys -- (APL531) DRV - [2006.11.16 17:01:42 | 000,024,192 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt.sys -- (camfilt) DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) DRV - [2005.12.12 17:52:34 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid) DRV - [2005.12.12 17:52:34 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon) DRV - [2005.12.12 17:52:34 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd) DRV - [2005.12.12 17:52:34 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou) DRV - [2005.12.12 17:52:32 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi) DRV - [2005.10.21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune) DRV - [2005.09.22 19:19:54 | 000,148,608 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) DRV - [2005.09.08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.09.08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.09.08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.09.08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.09.08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.09.08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.09.08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.08.25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.06.06 22:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.05.25 23:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN) DRV - [2005.03.25 17:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt) DRV - [2005.01.11 01:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2005.01.11 01:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv) DRV - [2004.12.23 02:58:00 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2004.06.11 02:00:00 | 000,016,384 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kult.de/ IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\..\SearchScopes,DefaultScope = {3038FBF0-684F-4B7D-9DE5-22F8E600E1FA} IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\..\SearchScopes\{2A6C981F-A46E-4402-8B90-17E57087557E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4e5b7e1e-e456-4171-9631-4e39c55ffc83&apn_sauid=7BC5B41C-6102-48E4-90E1-F28315207CA2 IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\..\SearchScopes\{3038FBF0-684F-4B7D-9DE5-22F8E600E1FA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2011.05.13 08:55:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [HerculesCamService] C:\Programme\Hercules\Hercules DualPix HD Webcam\CamService.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Lotus Schnellstart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Lotus SmartSuite 97 Registrierung.lnk = C:\lotus\register\remind32.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab (McAfee Virtual Technician Control Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A061E586-CE2A-4FBF-9E07-37F5E79679C5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.08.20 01:58:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: BITS - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: SharedAccess - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.15 23:24:42 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.08.12 15:20:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2012.08.12 11:33:36 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.31 22:56:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2012.07.31 22:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.07.31 22:52:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.07.24 23:38:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E18F8C9518CA11601F7027B07D287 [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.15 23:24:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.08.15 23:21:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.15 23:20:44 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.08.15 23:20:42 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.15 23:20:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.15 23:20:34 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys [2012.08.15 17:47:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.15 16:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.13 17:12:08 | 000,614,903 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.08.12 15:36:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.07.31 23:19:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2012.07.31 22:55:25 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.15 15:55:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\U\800000cb.@ [2012.08.15 15:55:02 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\U\80000000.@ [2012.08.15 15:55:02 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\U\00000001.@ [2012.08.13 17:12:07 | 000,614,903 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe [2012.08.03 17:52:57 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.03 11:48:49 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys [2012.07.31 23:19:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012.02.17 10:11:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.04.25 00:37:53 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18472756r [2011.04.25 00:37:53 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18472756 [2011.04.25 00:37:07 | 000,000,344 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756 [2011.04.20 13:15:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.12.22 01:19:48 | 000,042,424 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.04.30 22:47:06 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.03.31 21:17:47 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi [2010.03.31 21:17:15 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc [2008.04.20 04:34:31 | 000,004,434 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2007.05.19 03:16:05 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.05.20 02:03:31 | 000,003,072 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvd.bmk [2006.05.18 00:33:54 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2005.08.20 01:34:04 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\@ [2005.08.20 01:34:04 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\@ ========== LOP Check ========== [2012.07.24 23:39:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E18F8C9518CA11601F7027B07D287 [2011.01.19 18:39:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2006.05.25 12:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MVTLogs [2007.05.18 11:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2010.12.17 01:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.01.09 13:58:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2009.02.20 19:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2008.04.20 04:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2006.05.18 00:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2007.10.27 21:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer [2011.05.13 16:22:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Octoshape [2011.04.25 00:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\streamWriter [2007.05.18 11:05:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca [2006.05.23 01:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template [2006.05.18 23:45:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.13 15:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2010.12.17 02:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer [2012.06.16 11:35:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2006.05.12 14:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Corel [2006.05.23 23:51:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Corel Photo Album [2006.05.24 21:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Creative [2012.01.09 13:58:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2009.02.20 19:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2010.06.04 11:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google [2008.04.20 04:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2006.05.19 03:08:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help [2005.08.20 02:05:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2006.05.18 00:37:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2006.05.18 23:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2011.05.09 22:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2007.05.18 23:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\McAfee [2006.05.18 00:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\McAfee.com Personal Firewall [2011.05.13 15:57:45 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2010.05.29 22:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla [2007.10.27 21:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MyPhoneExplorer [2011.05.13 16:22:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Octoshape [2006.05.18 00:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sonic [2007.05.18 11:04:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sony Ericsson [2011.04.25 00:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\streamWriter [2006.05.12 14:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2007.05.18 11:05:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca [2006.05.23 01:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template < %APPDATA%\*.exe /s > [2012.02.20 17:45:21 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\JRERunOnce.exe < %SYSTEMDRIVE%\*.exe > [2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004.08.10 15:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.12.20 20:31:42 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\i386\eventlog.dll [2004.08.10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005.06.17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys [2005.06.17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys [2005.06.17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\i386\netlogon.dll [2004.08.10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 15:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\i386\scecli.dll [2004.08.10 15:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\i386\user32.dll [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.10 15:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\i386\userinit.exe [2004.08.10 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\i386\winlogon.exe [2004.08.10 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\i386\ws2ifsl.sys [2004.08.10 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.08.20 01:42:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005.08.20 01:42:36 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005.08.20 01:42:36 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.08.2012 23:26:50 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,60% Memory free
3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 460,96 Gb Total Space | 346,33 Gb Free Space | 75,13% Space Free | Partition Type: NTFS
Computer Name: DHWPK82J | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462952C-29F7-43E4-ACA2-5CAB61401BA4}" = IKEA HomePlanner Bedroom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CFDC72-63D2-4086-A54F-1514494394A0}" = Hercules DualPix HD Webcam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"SmartSuite V97.0" = Lotus SmartSuite 97
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Produktregistrierung
"streamWriter_is1" = streamWriter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2012 17:19:22 | Computer Name = DHWPK82J | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung MyPhoneExplorer.exe, Version 1.6.0.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.07.2012 18:28:02 | Computer Name = DHWPK82J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avcenter.exe, Version 12.3.0.15, fehlgeschlagenes
Modul hhctrl.ocx, Version 5.2.3790.4110, Fehleradresse 0x00013004.
Error - 23.07.2012 18:28:24 | Computer Name = DHWPK82J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Error - 24.07.2012 17:41:24 | Computer Name = DHWPK82J | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba.
Error - 24.07.2012 17:52:01 | Computer Name = DHWPK82J | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba.
Error - 24.07.2012 18:55:11 | Computer Name = DHWPK82J | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 31.07.2012 18:09:51 | Computer Name = DHWPK82J | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 11.08.2012 00:06:01 | Computer Name = DHWPK82J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung notepad.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x456713e8.
Error - 12.08.2012 05:19:12 | Computer Name = DHWPK82J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avcenter.exe, Version 12.3.0.15, fehlgeschlagenes
Modul hhctrl.ocx, Version 5.2.3790.4110, Fehleradresse 0x00013004.
Error - 12.08.2012 05:19:33 | Computer Name = DHWPK82J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
[ System Events ]
Error - 03.08.2012 05:50:34 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 10.08.2012 03:09:57 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 11.08.2012 00:10:40 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 12.08.2012 05:11:18 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 12.08.2012 05:25:37 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 13.08.2012 10:52:32 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 14.08.2012 12:29:34 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 14.08.2012 12:34:03 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 15.08.2012 09:56:26 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 15.08.2012 17:22:21 | Computer Name = DHWPK82J | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
< End of report >
|
|
16.08.2012, 10:18
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security PlatinumCode:
ATTFilter PRC - [1997.01.10 06:23:00 | 000,016,384 | ---- | M] (Lotus Development Corporation) -- C:\lotus\wordpro\ltsstart.exe
PRC - [1995.11.06 06:23:00 | 000,045,056 | ---- | M] () -- C:\lotus\register\remind32.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 10:26
| #23 |
| | Live Security Platinum Was meinst du damit? Mag wohl etwas älter sein, aber gut bewährt. Ich benutze es für ältere Dokumente, die mit der Lotus Smart Suite erstellt wurden. Ich halt's da wie bekannter Trainer, der meines Wissens auch mal im Weserstadion tätig war: es gibt keine alten und junge Programme, es gibt nur gute oder schlechte ;-) Für mich ist's ein nützliches und damit gutes ;-) Geändert von helpneeded (16.08.2012 um 10:34 Uhr) |
|
16.08.2012, 11:20
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\926104.sys -- (926104)
DRV - File not found [Kernel | Unavailable | Unknown] -- C:\DOKUME~1\GNTERT~1\LOKALE~1\Temp\-213E8.tmp -- (-213E8)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.08.20 01:58:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E18F8C9518CA11601F7027B07D287
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\U
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\L
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\n
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\@
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\U
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\L
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\n
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\@
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1*
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 13:07
| #25 |
| | Live Security Platinum auch erledigt! Nochmals vielen Dank für deine Hilfe, weiß sie sehr zu schätzen! Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named 926104 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\926104 deleted successfully.
File globalroot\C:\WINDOWS\system32\drivers\926104.sys not found.
Error: No service named -213E8 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\-213E8 deleted successfully.
File C:\DOKUME~1\GNTERT~1\LOKALE~1\Temp\-213E8.tmp not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3725954371-1878462329-840030287-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3725954371-1878462329-840030287-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036E18F8C9518CA11601F7027B07D287 folder moved successfully.
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\U folder moved successfully.
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\L folder moved successfully.
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\n moved successfully.
C:\WINDOWS\Installer\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\@ moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\U folder moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\L folder moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\n moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{e2377294-2caf-7fd9-746e-5ad80a113f7e}\@ moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18472756 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18472756r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18472756 moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\tmp folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\tmp folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\ext folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 400640 bytes
User: Günter (kein Admin)
->Temp folder emptied: 3473015 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 522 bytes
User: ***
->Temp folder emptied: 6290046452 bytes
->Temporary Internet Files folder emptied: 289827880 bytes
->Flash cache emptied: 4168 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 90915125 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 4419 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35070537 bytes
->Flash cache emptied: 821 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 6427015 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9956511 bytes
RecycleBin emptied: 4294180673 bytes
Total Files Cleaned = 10.510,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Günter (kein Admin)
->Flash cache emptied: 0 bytes
User: ***
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.57.0 log created on 08162012_135303
Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\clclean.0001.dir.0011\~df394b.tmp moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\clclean.0001.dir.0011\~efe2.tmp moved successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\WCESLog.log moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\1x1[1].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\ddc[5].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\p[1].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\p[2].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\p[1].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\p[2].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\p[3].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\stCAIZDOC9 moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\vhCAN1J4PB.htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\vhCAW0YG5L.htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\vhCAZWW043.htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\auth[1].php moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\banner[6].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\banner[7].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\ddc[5].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\iframe3[7].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\iframe3[8].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\pm[1].htm moved successfully.
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[2].htm not found!
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[3].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[4].htm moved successfully.
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[5].htm not found!
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[6].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[7].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\banner[3].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ddc[6].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ddc[7].htm moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ifCAX6AZBG.txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ifCAZGOLTB.txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[1].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[2].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[3].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[4].gif moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\syncuppixels[1].html moved successfully.
PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\clclean.0001.dir.0011\~df394b.tmp not found!
File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\clclean.0001.dir.0011\~efe2.tmp not found!
File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\WCESLog.log not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\1x1[1].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\ddc[5].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\p[1].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V10KJNPP\p[2].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\p[1].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\p[2].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\p[3].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\stCAIZDOC9 not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\vhCAN1J4PB.htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\vhCAW0YG5L.htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U3CQPZFN\vhCAZWW043.htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\auth[1].php not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\banner[6].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\banner[7].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\ddc[5].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\iframe3[7].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\iframe3[8].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\pm[1].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[2].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[3].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[4].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[5].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[6].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9ICA1PGG\video[7].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\banner[3].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ddc[6].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ddc[7].htm not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ifCAX6AZBG.txt not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\ifCAZGOLTB.txt not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[1].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[2].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[3].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\p[4].gif not found!
File C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5CPC1XCO\syncuppixels[1].html not found!
Registry entries deleted on Reboot...
|
|
16.08.2012, 14:08
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2012, 12:36
| #27 |
| | Live Security Platinum hier der neue Log Vielen Dank!! Code:
ATTFilter 13:26:34.0928 2412 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
13:26:35.0037 2412 ============================================================
13:26:35.0037 2412 Current date / time: 2012/08/17 13:26:35.0037
13:26:35.0037 2412 SystemInfo:
13:26:35.0037 2412
13:26:35.0037 2412 OS Version: 5.1.2600 ServicePack: 3.0
13:26:35.0037 2412 Product type: Workstation
13:26:35.0037 2412 ComputerName: DHWPK82J
13:26:35.0037 2412 UserName: ***
13:26:35.0037 2412 Windows directory: C:\WINDOWS
13:26:35.0037 2412 System windows directory: C:\WINDOWS
13:26:35.0037 2412 Processor architecture: Intel x86
13:26:35.0037 2412 Number of processors: 2
13:26:35.0037 2412 Page size: 0x1000
13:26:35.0037 2412 Boot type: Normal boot
13:26:35.0037 2412 ============================================================
13:26:35.0912 2412 Drive \Device\Harddisk0\DR0 - Size: 0x746A000000 (465.66 Gb), SectorSize: 0x200, Cylinders: 0xED73, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:26:35.0944 2412 ============================================================
13:26:35.0944 2412 \Device\Harddisk0\DR0:
13:26:35.0944 2412 MBR partitions:
13:26:35.0944 2412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x399ED84F
13:26:35.0944 2412 ============================================================
13:26:36.0006 2412 C: <-> \Device\Harddisk0\DR0\Partition1
13:26:36.0006 2412 ============================================================
13:26:36.0006 2412 Initialize success
13:26:36.0006 2412 ============================================================
13:29:31.0637 2856 ============================================================
13:29:31.0637 2856 Scan started
13:29:31.0637 2856 Mode: Manual; SigCheck; TDLFS;
13:29:31.0637 2856 ============================================================
13:29:31.0762 2856 ================ Scan services =============================
13:29:31.0933 2856 Abiosdsk - ok
13:29:31.0965 2856 [ 6abb91494fe6c59089b9336452ab2ea3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:29:33.0105 2856 abp480n5 - ok
13:29:33.0152 2856 [ ac407f1a62c3a300b4f2b5a9f1d55b2c ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:29:33.0449 2856 ACPI - ok
13:29:33.0480 2856 [ 9e1ca3160dafb159ca14f83b1e317f75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:29:33.0621 2856 ACPIEC - ok
13:29:33.0668 2856 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:29:33.0683 2856 AdobeFlashPlayerUpdateSvc - ok
13:29:33.0715 2856 [ 9a11864873da202c996558b2106b0bbc ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:29:33.0855 2856 adpu160m - ok
13:29:33.0886 2856 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:29:34.0027 2856 aec - ok
13:29:34.0074 2856 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:29:34.0152 2856 AFD - ok
13:29:34.0199 2856 [ 08fd04aa961bdc77fb983f328334e3d7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:29:34.0355 2856 agp440 - ok
13:29:34.0371 2856 [ 03a7e0922acfe1b07d5db2eeb0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:29:34.0527 2856 agpCPQ - ok
13:29:34.0543 2856 [ c23ea9b5f46c7f7910db3eab648ff013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:29:34.0621 2856 Aha154x - ok
13:29:34.0652 2856 [ 19dd0fb48b0c18892f70e2e7d61a1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:29:34.0824 2856 aic78u2 - ok
13:29:34.0840 2856 [ b7fe594a7468aa0132deb03fb8e34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:29:34.0980 2856 aic78xx - ok
13:29:35.0027 2856 [ 738d80cc01d7bc7584be917b7f544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:29:35.0199 2856 Alerter - ok
13:29:35.0215 2856 [ 190cd73d4984f94d823f9444980513e5 ] ALG C:\WINDOWS\System32\alg.exe
13:29:35.0293 2856 ALG - ok
13:29:35.0308 2856 [ 1140ab9938809700b46bb88e46d72a96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
13:29:35.0433 2856 AliIde - ok
13:29:35.0449 2856 [ cb08aed0de2dd889a8a820cd8082d83c ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:29:35.0605 2856 alim1541 - ok
13:29:35.0621 2856 [ 95b4fb835e28aa1336ceeb07fd5b9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:29:35.0777 2856 amdagp - ok
13:29:35.0793 2856 [ 79f5add8d24bd6893f2903a3e2f3fad6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
13:29:35.0886 2856 amsint - ok
13:29:35.0980 2856 [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
13:29:35.0996 2856 AntiVirSchedulerService - ok
13:29:36.0043 2856 [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:29:36.0058 2856 AntiVirService - ok
13:29:36.0105 2856 [ 676894fa57b671fec5c3f05f8929e03b ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:29:36.0136 2856 AntiVirWebService - ok
13:29:36.0183 2856 [ 29c537d74694de38b07b8d0c37bc25c5 ] APL531 C:\WINDOWS\system32\Drivers\HDvid.sys
13:29:36.0246 2856 APL531 ( UnsignedFile.Multi.Generic ) - warning
13:29:36.0246 2856 APL531 - detected UnsignedFile.Multi.Generic (1)
13:29:36.0339 2856 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:29:36.0355 2856 Apple Mobile Device - ok
13:29:36.0402 2856 [ d45960be52c3c610d361977057f98c54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:29:36.0496 2856 AppMgmt - ok
13:29:36.0527 2856 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:29:36.0652 2856 Arp1394 - ok
13:29:36.0683 2856 [ 62d318e9a0c8fc9b780008e724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
13:29:36.0808 2856 asc - ok
13:29:36.0824 2856 [ 69eb0cc7714b32896ccbfd5edcbea447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:29:36.0886 2856 asc3350p - ok
13:29:36.0902 2856 [ 5d8de112aa0254b907861e9e9c31d597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:29:37.0027 2856 asc3550 - ok
13:29:37.0168 2856 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:29:37.0183 2856 aspnet_state - ok
13:29:37.0199 2856 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:29:37.0339 2856 AsyncMac - ok
13:29:37.0355 2856 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:29:37.0496 2856 atapi - ok
13:29:37.0496 2856 Atdisk - ok
13:29:37.0511 2856 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:29:37.0652 2856 Atmarpc - ok
13:29:37.0683 2856 [ 58ed0d5452df7be732193e7999c6b9a4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:29:37.0824 2856 AudioSrv - ok
13:29:37.0855 2856 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:29:37.0964 2856 audstub - ok
13:29:38.0011 2856 [ d5541f0afb767e85fc412fc609d96a74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:29:38.0214 2856 avgntflt - ok
13:29:38.0246 2856 [ 7d967a682d4694df7fa57d63a2db01fe ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:29:38.0261 2856 avipbb - ok
13:29:38.0277 2856 [ 53e56450da16a1a7f0d002f511113f67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:29:38.0292 2856 avkmgr - ok
13:29:38.0339 2856 [ d16c201e44f7d1f7a65c4d20c6929af8 ] AVMUNET C:\WINDOWS\system32\DRIVERS\avmunet.sys
13:29:38.0386 2856 AVMUNET - ok
13:29:38.0433 2856 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:29:38.0558 2856 Beep - ok
13:29:38.0621 2856 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
13:29:38.0636 2856 Bonjour Service - ok
13:29:38.0683 2856 [ b42057f06bbb98b31876c0b3f2b54e33 ] Browser C:\WINDOWS\System32\browser.dll
13:29:38.0824 2856 Browser - ok
13:29:38.0855 2856 [ e156c353fcbc05db5dee57be0592f2d4 ] camfilt C:\WINDOWS\system32\Drivers\camfilt.sys
13:29:38.0886 2856 camfilt ( UnsignedFile.Multi.Generic ) - warning
13:29:38.0886 2856 camfilt - detected UnsignedFile.Multi.Generic (1)
13:29:38.0917 2856 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:29:39.0042 2856 cbidf - ok
13:29:39.0042 2856 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:29:39.0167 2856 cbidf2k - ok
13:29:39.0199 2856 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:29:39.0324 2856 CCDECODE - ok
13:29:39.0355 2856 [ f3ec03299634490e97bbce94cd2954c7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:29:39.0433 2856 cd20xrnt - ok
13:29:39.0496 2856 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:29:39.0605 2856 Cdaudio - ok
13:29:39.0621 2856 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:29:39.0746 2856 Cdfs - ok
13:29:39.0792 2856 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:29:39.0933 2856 Cdrom - ok
13:29:39.0949 2856 Changer - ok
13:29:39.0980 2856 [ 28e3040d1f1ca2008cd6b29dfebc9a5e ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:29:40.0120 2856 CiSvc - ok
13:29:40.0152 2856 [ 778a30ed3c134eb7e406afc407e9997d ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:29:40.0292 2856 ClipSrv - ok
13:29:40.0324 2856 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:29:40.0339 2856 clr_optimization_v2.0.50727_32 - ok
13:29:40.0370 2856 [ c687f81290303d90099b027a6474f99f ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:29:40.0495 2856 CmdIde - ok
13:29:40.0495 2856 COMSysApp - ok
13:29:40.0527 2856 [ 3ee529119eed34cd212a215e8c40d4b6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:29:40.0652 2856 Cpqarray - ok
13:29:40.0683 2856 [ 7db5e3f44d797bd38b8e336ccc2e49d5 ] Creative Labs Licensing Service C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe
13:29:40.0699 2856 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:29:40.0699 2856 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:29:40.0745 2856 [ 3c8b6609712f4ff78e521f6dcfc4032b ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
13:29:40.0761 2856 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
13:29:40.0761 2856 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
13:29:40.0792 2856 [ 611f824e5c703a5a899f84c5f1699e4d ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:29:40.0917 2856 CryptSvc - ok
13:29:40.0949 2856 [ 8db84de3aab34a8b4c2f644eff41cd76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
13:29:40.0995 2856 ctsfm2k - ok
13:29:41.0027 2856 [ 4ee8822adb764edd28ce44e808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
13:29:41.0042 2856 CTUSFSYN - ok
13:29:41.0074 2856 [ e550e7418984b65a78299d248f0a7f36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:29:41.0230 2856 dac2w2k - ok
13:29:41.0245 2856 [ 683789caa3864eb46125ae86ff677d34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:29:41.0386 2856 dac960nt - ok
13:29:41.0417 2856 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:29:41.0558 2856 DcomLaunch - ok
13:29:41.0558 2856 de_serv - ok
13:29:41.0605 2856 [ c29a1c9b75ba38fa37f8c44405dec360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:29:41.0730 2856 Dhcp - ok
13:29:41.0745 2856 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:29:41.0870 2856 Disk - ok
13:29:41.0917 2856 [ e2d0de31442390c35e3163c87cb6a9eb ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:29:41.0933 2856 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
13:29:41.0933 2856 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
13:29:41.0933 2856 [ d979bebcf7edcc9c9ee1857d1a68c67b ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:29:41.0949 2856 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
13:29:41.0949 2856 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
13:29:41.0949 2856 [ 1fb7a7db89c16673a90d1f104455f38e ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
13:29:41.0949 2856 DLADResN ( UnsignedFile.Multi.Generic ) - warning
13:29:41.0949 2856 DLADResN - detected UnsignedFile.Multi.Generic (1)
13:29:41.0964 2856 [ 96e01d901cdc98c7817155cc057001bf ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:29:41.0980 2856 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
13:29:41.0980 2856 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
13:29:41.0980 2856 [ 0a60a39cc5e767980a31ca5d7238dfa9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:29:42.0011 2856 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
13:29:42.0011 2856 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
13:29:42.0011 2856 [ 9fe2b72558fc808357f427fd83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:29:42.0027 2856 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
13:29:42.0027 2856 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
13:29:42.0027 2856 [ 7ee0852ae8907689df25049dcd2342e8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:29:42.0042 2856 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
13:29:42.0042 2856 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
13:29:42.0058 2856 [ f08e1dafac457893399e03430a6a1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:29:42.0058 2856 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
13:29:42.0058 2856 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
13:29:42.0074 2856 [ e7d105ed1e694449d444a9933df8e060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:29:42.0089 2856 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
13:29:42.0089 2856 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
13:29:42.0089 2856 dmadmin - ok
13:29:42.0152 2856 [ 0dcfc8395a99fecbb1ef771cec7fe4ea ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:29:42.0355 2856 dmboot - ok
13:29:42.0355 2856 [ 53720ab12b48719d00e327da470a619a ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:29:42.0495 2856 dmio - ok
13:29:42.0495 2856 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:29:42.0620 2856 dmload - ok
13:29:42.0667 2856 [ 25c83ffbba13b554eb6d59a9b2e2ee78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:29:42.0808 2856 dmserver - ok
13:29:42.0823 2856 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:29:42.0948 2856 DMusic - ok
13:29:42.0995 2856 [ 407f3227ac618fd1ca54b335b083de07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:29:43.0120 2856 Dnscache - ok
13:29:43.0167 2856 [ 676e36c4ff5bcea1900f44182b9723e6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:29:43.0292 2856 Dot3svc - ok
13:29:43.0323 2856 [ 40f3b93b4e5b0126f2f5c0a7a5e22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:29:43.0464 2856 dpti2o - ok
13:29:43.0511 2856 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:29:43.0636 2856 drmkaud - ok
13:29:43.0667 2856 [ fd0f95981fef9073659d8ec58e40aa3c ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:29:43.0667 2856 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
13:29:43.0667 2856 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
13:29:43.0667 2856 [ b4869d320428cdc5ec4d7f5e808e99b5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:29:43.0683 2856 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
13:29:43.0683 2856 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
13:29:43.0714 2856 [ a6de5342417fec3c0aa8efebb899c431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:29:43.0839 2856 E100B - ok
13:29:43.0870 2856 [ 5b75bbf89d8341f424171df7ad9dc465 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:29:43.0948 2856 e1express - ok
13:29:43.0980 2856 [ 4e4f2fddab0a0736d7671134dcce91fb ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:29:44.0120 2856 EapHost - ok
13:29:44.0198 2856 [ 5d1347aa5ae6e2f77d7f4f8372d95ac9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
13:29:44.0276 2856 ehRecvr - ok
13:29:44.0308 2856 [ e774bf24a6cb798dce67ad1c8e917152 ] ehSched C:\WINDOWS\eHome\ehSched.exe
13:29:44.0386 2856 ehSched - ok
13:29:44.0433 2856 [ 1976fedf6d7f87135c9b7f5cb4c8c868 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
13:29:44.0464 2856 ELacpi - ok
13:29:44.0511 2856 [ ae65c02444907966378454138b9f99f0 ] ELhid C:\WINDOWS\system32\DRIVERS\ELhid.sys
13:29:44.0511 2856 ELhid ( UnsignedFile.Multi.Generic ) - warning
13:29:44.0511 2856 ELhid - detected UnsignedFile.Multi.Generic (1)
13:29:44.0542 2856 [ e485c3ba1daddeef3e14fea1e8fda6e1 ] ELkbd C:\WINDOWS\system32\DRIVERS\ELkbd.sys
13:29:44.0558 2856 ELkbd ( UnsignedFile.Multi.Generic ) - warning
13:29:44.0558 2856 ELkbd - detected UnsignedFile.Multi.Generic (1)
13:29:44.0558 2856 [ 0d87cb825ed6cb2ebcc147a10a42f1d6 ] ELmon C:\WINDOWS\system32\DRIVERS\ELmon.sys
13:29:44.0573 2856 ELmon ( UnsignedFile.Multi.Generic ) - warning
13:29:44.0573 2856 ELmon - detected UnsignedFile.Multi.Generic (1)
13:29:44.0573 2856 [ a4add3847b67bacab6fc851a2b60fdb3 ] ELmou C:\WINDOWS\system32\DRIVERS\ELmou.sys
13:29:44.0573 2856 ELmou ( UnsignedFile.Multi.Generic ) - warning
13:29:44.0573 2856 ELmou - detected UnsignedFile.Multi.Generic (1)
13:29:44.0683 2856 [ d1de16926c682dcd3d99ae5500ca5522 ] ELService C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
13:29:44.0698 2856 ELService ( UnsignedFile.Multi.Generic ) - warning
13:29:44.0698 2856 ELService - detected UnsignedFile.Multi.Generic (1)
13:29:44.0745 2856 [ 877c18558d70587aa7823a1a308ac96b ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:29:44.0870 2856 ERSvc - ok
13:29:44.0917 2856 [ a3edbe9053889fb24ab22492472b39dc ] Eventlog C:\WINDOWS\system32\services.exe
13:29:44.0933 2856 Eventlog - ok
13:29:44.0980 2856 [ af4f6b5739d18ca7972ab53e091cbc74 ] EventSystem C:\WINDOWS\system32\Es.dll
13:29:45.0042 2856 EventSystem - ok
13:29:45.0073 2856 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:29:45.0214 2856 Fastfat - ok
13:29:45.0245 2856 [ 2db7d303c36ddd055215052f118e8e75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:29:45.0339 2856 FastUserSwitchingCompatibility - ok
13:29:45.0386 2856 [ 08b8b302af0d1b3b8543429bbac8f21f ] Fax C:\WINDOWS\system32\fxssvc.exe
13:29:45.0511 2856 Fax - ok
13:29:45.0542 2856 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:29:45.0667 2856 Fdc - ok
13:29:45.0667 2856 [ b0678a548587c5f1967b0d70bacad6c1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:29:45.0792 2856 Fips - ok
13:29:45.0808 2856 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:29:45.0948 2856 Flpydisk - ok
13:29:46.0011 2856 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:29:46.0136 2856 FltMgr - ok
13:29:46.0214 2856 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:29:46.0230 2856 FontCache3.0.0.0 - ok
13:29:46.0245 2856 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:29:46.0386 2856 Fs_Rec - ok
13:29:46.0417 2856 [ 8f1955ce42e1484714b542f341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:29:46.0542 2856 Ftdisk - ok
13:29:46.0573 2856 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:29:46.0589 2856 GEARAspiWDM - ok
13:29:46.0636 2856 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:29:46.0792 2856 Gpc - ok
13:29:46.0870 2856 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
13:29:46.0886 2856 gupdate - ok
13:29:46.0886 2856 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
13:29:46.0901 2856 gupdatem - ok
13:29:46.0948 2856 [ ecc2b633b909448c2806ea36ffea1933 ] hcwPP2 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
13:29:46.0995 2856 hcwPP2 - ok
13:29:47.0026 2856 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:29:47.0167 2856 HDAudBus - ok
13:29:47.0229 2856 [ cb66bf85bf599befd6c6a57c2e20357f ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:29:47.0354 2856 helpsvc - ok
13:29:47.0370 2856 HidServ - ok
13:29:47.0370 2856 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:29:47.0511 2856 HidUsb - ok
13:29:47.0542 2856 [ ed29f14101523a6e0e808107405d452c ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:29:47.0683 2856 hkmsvc - ok
13:29:47.0714 2856 [ b028377dea0546a5fcfba928a8aefae0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
13:29:47.0839 2856 hpn - ok
13:29:47.0901 2856 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:29:47.0964 2856 HTTP - ok
13:29:48.0011 2856 [ 9e4adb854cebcfb81a4b36718feecd16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:29:48.0151 2856 HTTPFilter - ok
13:29:48.0167 2856 [ 9368670bd426ebea5e8b18a62416ec28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:29:48.0308 2856 i2omgmt - ok
13:29:48.0323 2856 [ f10863bf1ccc290babd1a09188ae49e0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:29:48.0448 2856 i2omp - ok
13:29:48.0479 2856 [ e283b97cfbeb86c1d86baed5f7846a92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:29:48.0604 2856 i8042prt - ok
13:29:48.0651 2856 [ d43e91e271c041bb86a6223462a41d28 ] IAANTMon C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
13:29:48.0651 2856 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
13:29:48.0651 2856 IAANTMon - detected UnsignedFile.Multi.Generic (1)
13:29:48.0729 2856 [ 9a65e42664d1534b68512caad0efe963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
13:29:48.0839 2856 iastor - ok
13:29:48.0901 2856 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:29:49.0011 2856 idsvc - ok
13:29:49.0042 2856 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:29:49.0151 2856 Imapi - ok
13:29:49.0198 2856 [ d4b413aa210c21e46aedd2ba5b68d38e ] ImapiService C:\WINDOWS\system32\imapi.exe
13:29:49.0354 2856 ImapiService - ok
13:29:49.0370 2856 [ 4a40e045faee58631fd8d91afc620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:29:49.0511 2856 ini910u - ok
13:29:49.0542 2856 [ 69c4e3c9e67a1f103b94e14fdd5f3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:29:49.0682 2856 IntelIde - ok
13:29:49.0714 2856 [ 4c7d2750158ed6e7ad642d97bffae351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:29:49.0839 2856 intelppm - ok
13:29:49.0870 2856 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:29:49.0995 2856 Ip6Fw - ok
13:29:50.0011 2856 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:29:50.0136 2856 IpFilterDriver - ok
13:29:50.0167 2856 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:29:50.0292 2856 IpInIp - ok
13:29:50.0323 2856 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:29:50.0448 2856 IpNat - ok
13:29:50.0526 2856 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
13:29:50.0573 2856 iPod Service - ok
13:29:50.0604 2856 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:29:50.0745 2856 IPSec - ok
13:29:50.0761 2856 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:29:50.0823 2856 IRENUM - ok
13:29:50.0839 2856 [ 6dfb88f64135c525433e87648bda30de ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:29:50.0964 2856 isapnp - ok
13:29:51.0073 2856 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
13:29:51.0104 2856 JavaQuickStarterService - ok
13:29:51.0120 2856 [ 1704d8c4c8807b889e43c649b478a452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:29:51.0260 2856 Kbdclass - ok
13:29:51.0260 2856 [ b6d6c117d771c98130497265f26d1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:29:51.0385 2856 kbdhid - ok
13:29:51.0417 2856 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:29:51.0557 2856 kmixer - ok
13:29:51.0589 2856 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:29:51.0698 2856 KSecDD - ok
13:29:51.0745 2856 [ 2bbdcb79900990f0716dfcb714e72de7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:29:51.0807 2856 lanmanserver - ok
13:29:51.0839 2856 [ 1869b14b06b44b44af70548e1ea3303f ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:29:51.0901 2856 lanmanworkstation - ok
13:29:51.0901 2856 lbrtfdc - ok
13:29:51.0964 2856 [ 636714b7d43c8d0c80449123fd266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:29:52.0104 2856 LmHosts - ok
13:29:52.0135 2856 [ f627e9da4d3d8dc05a15b68944302f14 ] MagicTune C:\WINDOWS\system32\drivers\MTiCtwl.sys
13:29:52.0135 2856 MagicTune ( UnsignedFile.Multi.Generic ) - warning
13:29:52.0135 2856 MagicTune - detected UnsignedFile.Multi.Generic (1)
13:29:52.0167 2856 [ 52404cc76e9d53843bdf97564bb16bed ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
13:29:52.0198 2856 McrdSvc - ok
13:29:52.0245 2856 [ b7550a7107281d170ce85524b1488c98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:29:52.0370 2856 Messenger - ok
13:29:52.0401 2856 [ ded60230e3019c508769ec3c15bcda44 ] MHN C:\WINDOWS\System32\mhn.dll
13:29:52.0432 2856 MHN ( UnsignedFile.Multi.Generic ) - warning
13:29:52.0432 2856 MHN - detected UnsignedFile.Multi.Generic (1)
13:29:52.0448 2856 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:29:52.0464 2856 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
13:29:52.0464 2856 MHNDRV - detected UnsignedFile.Multi.Generic (1)
13:29:52.0479 2856 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:29:52.0604 2856 mnmdd - ok
13:29:52.0635 2856 [ c2f1d365fd96791b037ee504868065d3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:29:52.0760 2856 mnmsrvc - ok
13:29:52.0807 2856 [ 6fb74ebd4ec57a6f1781de3852cc3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:29:52.0948 2856 Modem - ok
13:29:52.0963 2856 [ b24ce8005deab254c0251e15cb71d802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:29:53.0104 2856 Mouclass - ok
13:29:53.0151 2856 [ 66a6f73c74e1791464160a7065ce711a ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:29:53.0276 2856 mouhid - ok
13:29:53.0323 2856 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:29:53.0448 2856 MountMgr - ok
13:29:53.0495 2856 [ 3f4bb95e5a44f3be34824e8e7caf0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:29:53.0620 2856 mraid35x - ok
13:29:53.0620 2856 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:29:53.0745 2856 MRxDAV - ok
13:29:53.0792 2856 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:29:53.0901 2856 MRxSmb - ok
13:29:53.0948 2856 [ 35a031af38c55f92d28aa03ee9f12cc9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:29:54.0073 2856 MSDTC - ok
13:29:54.0073 2856 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:29:54.0198 2856 Msfs - ok
13:29:54.0213 2856 MSIServer - ok
13:29:54.0229 2856 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:29:54.0354 2856 MSKSSRV - ok
13:29:54.0370 2856 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:29:54.0495 2856 MSPCLOCK - ok
13:29:54.0526 2856 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:29:54.0635 2856 MSPQM - ok
13:29:54.0667 2856 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:29:54.0792 2856 mssmbios - ok
13:29:54.0823 2856 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:29:54.0963 2856 MSTEE - ok
13:29:54.0979 2856 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:29:55.0042 2856 Mup - ok
13:29:55.0073 2856 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:29:55.0198 2856 NABTSFEC - ok
13:29:55.0229 2856 [ 46bb15ae2ac7d025d6d2567b876817bd ] napagent C:\WINDOWS\System32\qagentrt.dll
13:29:55.0385 2856 napagent - ok
13:29:55.0401 2856 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:29:55.0541 2856 NDIS - ok
13:29:55.0573 2856 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:29:55.0698 2856 NdisIP - ok
13:29:55.0745 2856 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:29:55.0791 2856 NdisTapi - ok
13:29:55.0823 2856 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:29:55.0963 2856 Ndisuio - ok
13:29:55.0979 2856 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:29:56.0088 2856 NdisWan - ok
13:29:56.0135 2856 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:29:56.0198 2856 NDProxy - ok
13:29:56.0198 2856 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:29:56.0338 2856 NetBIOS - ok
13:29:56.0354 2856 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:29:56.0495 2856 NetBT - ok
13:29:56.0541 2856 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDE C:\WINDOWS\system32\netdde.exe
13:29:56.0666 2856 NetDDE - ok
13:29:56.0666 2856 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:29:56.0791 2856 NetDDEdsdm - ok
13:29:56.0807 2856 NETFWDSL - ok
13:29:56.0823 2856 [ afb8261b56cba0d86aeb6df682af9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:29:56.0963 2856 Netlogon - ok
13:29:57.0026 2856 [ e6d88f1f6745bf00b57e7855a2ab696c ] Netman C:\WINDOWS\System32\netman.dll
13:29:57.0182 2856 Netman - ok
13:29:57.0291 2856 [ 9da26b773bd04b867a8e9f427cd048fc ] NetSvc C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
13:29:57.0307 2856 NetSvc ( UnsignedFile.Multi.Generic ) - warning
13:29:57.0307 2856 NetSvc - detected UnsignedFile.Multi.Generic (1)
13:29:57.0338 2856 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:29:57.0354 2856 NetTcpPortSharing - ok
13:29:57.0385 2856 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:29:57.0510 2856 NIC1394 - ok
13:29:57.0557 2856 [ f1b67b6b0751ae0e6e964b02821206a3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:29:57.0588 2856 Nla - ok
13:29:57.0604 2856 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:29:57.0729 2856 Npfs - ok
13:29:57.0744 2856 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:29:57.0885 2856 Ntfs - ok
13:29:57.0885 2856 [ afb8261b56cba0d86aeb6df682af9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:29:58.0010 2856 NtLmSsp - ok
13:29:58.0057 2856 [ 56af4064996fa5bac9c449b1514b4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:29:58.0213 2856 NtmsSvc - ok
13:29:58.0229 2856 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
13:29:58.0369 2856 Null - ok
13:29:58.0463 2856 [ cd2acd06129c4107df4483b298a05290 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:29:58.0651 2856 nv - ok
13:29:58.0729 2856 [ 4a6124c70c9e46565d31ff799750dc64 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:29:58.0744 2856 NVSvc - ok
13:29:58.0791 2856 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:29:58.0901 2856 NwlnkFlt - ok
13:29:58.0916 2856 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:29:59.0057 2856 NwlnkFwd - ok
13:29:59.0057 2856 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:29:59.0198 2856 ohci1394 - ok
13:29:59.0213 2856 [ 103a9b117a7d9903111955cdafe65ac6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
13:29:59.0260 2856 ossrv - ok
13:29:59.0276 2856 [ f84785660305b9b903fb3bca8ba29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:29:59.0416 2856 Parport - ok
13:29:59.0416 2856 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:29:59.0557 2856 PartMgr - ok
13:29:59.0588 2856 [ c2bf987829099a3eaa2ca6a0a90ecb4f ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:29:59.0729 2856 ParVdm - ok
13:29:59.0729 2856 [ 387e8dedc343aa2d1efbc30580273acd ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:29:59.0854 2856 PCI - ok
13:29:59.0869 2856 PCIDump - ok
13:29:59.0885 2856 [ 59ba86d9a61cbcf4df8e598c331f5b82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:30:00.0026 2856 PCIIde - ok
13:30:00.0041 2856 [ a2a966b77d61847d61a3051df87c8c97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:30:00.0182 2856 Pcmcia - ok
13:30:00.0197 2856 PDCOMP - ok
13:30:00.0197 2856 PDFRAME - ok
13:30:00.0197 2856 PDRELI - ok
13:30:00.0213 2856 PDRFRAME - ok
13:30:00.0213 2856 [ 6c14b9c19ba84f73d3a86dba11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
13:30:00.0354 2856 perc2 - ok
13:30:00.0385 2856 [ f50f7c27f131afe7beba13e14a3b9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:30:00.0494 2856 perc2hib - ok
13:30:00.0526 2856 [ d9ed17ac15720096a9f92ff4ea587b09 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
13:30:00.0526 2856 PfModNT ( UnsignedFile.Multi.Generic ) - warning
13:30:00.0526 2856 PfModNT - detected UnsignedFile.Multi.Generic (1)
13:30:00.0557 2856 [ a3edbe9053889fb24ab22492472b39dc ] PlugPlay C:\WINDOWS\system32\services.exe
13:30:00.0572 2856 PlugPlay - ok
13:30:00.0588 2856 [ afb8261b56cba0d86aeb6df682af9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:30:00.0697 2856 PolicyAgent - ok
13:30:00.0744 2856 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:30:00.0869 2856 PptpMiniport - ok
13:30:00.0869 2856 [ afb8261b56cba0d86aeb6df682af9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:30:00.0994 2856 ProtectedStorage - ok
13:30:01.0010 2856 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:30:01.0166 2856 PSched - ok
13:30:01.0182 2856 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:30:01.0307 2856 Ptilink - ok
13:30:01.0307 2856 [ 86724469cd077901706854974cd13c3e ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:30:01.0322 2856 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
13:30:01.0322 2856 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
13:30:01.0338 2856 [ 0a63fb54039eb5662433caba3b26dba7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:30:01.0494 2856 ql1080 - ok
13:30:01.0494 2856 [ 6503449e1d43a0ff0201ad5cb1b8c706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:30:01.0619 2856 Ql10wnt - ok
13:30:01.0619 2856 [ 156ed0ef20c15114ca097a34a30d8a01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:30:01.0744 2856 ql12160 - ok
13:30:01.0775 2856 [ 70f016bebde6d29e864c1230a07cc5e6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:30:01.0900 2856 ql1240 - ok
13:30:01.0916 2856 [ 907f0aeea6bc451011611e732bd31fcf ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:30:02.0025 2856 ql1280 - ok
13:30:02.0057 2856 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:30:02.0182 2856 RasAcd - ok
13:30:02.0229 2856 [ f5ba6caccdb66c8f048e867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:30:02.0354 2856 RasAuto - ok
13:30:02.0369 2856 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:30:02.0494 2856 Rasl2tp - ok
13:30:02.0541 2856 [ f9a7b66ea345726edb5862a46b1eccd5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:30:02.0650 2856 RasMan - ok
13:30:02.0666 2856 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:30:02.0791 2856 RasPppoe - ok
13:30:02.0807 2856 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:30:02.0916 2856 Raspti - ok
13:30:02.0932 2856 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:30:03.0057 2856 Rdbss - ok
13:30:03.0088 2856 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:30:03.0213 2856 RDPCDD - ok
13:30:03.0213 2856 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:30:03.0354 2856 rdpdr - ok
13:30:03.0416 2856 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:30:03.0479 2856 RDPWD - ok
13:30:03.0510 2856 [ 263af18af0f3db99f574c95f284ccec9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:30:03.0635 2856 RDSessMgr - ok
13:30:03.0650 2856 [ ed761d453856f795a7fe056e42c36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:30:03.0791 2856 redbook - ok
13:30:03.0822 2856 [ 0e97ec96d6942ceec2d188cc2eb69a01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:30:03.0947 2856 RemoteAccess - ok
13:30:03.0994 2856 [ e4cd1f3d84e1c2ca0b8cf7501e201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:30:04.0150 2856 RemoteRegistry - ok
13:30:04.0182 2856 [ 2a02e21867497df20b8fc95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:30:04.0291 2856 RpcLocator - ok
13:30:04.0322 2856 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:30:04.0385 2856 RpcSs - ok
13:30:04.0432 2856 [ 4bdd71b4b521521499dfd14735c4f398 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:30:04.0541 2856 RSVP - ok
13:30:04.0557 2856 [ afb8261b56cba0d86aeb6df682af9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:30:04.0682 2856 SamSs - ok
13:30:04.0713 2856 [ dcec079fad95d36c8dd5cb6d779dfe32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:30:04.0838 2856 SCardSvr - ok
13:30:04.0885 2856 [ a050194a44d7fa8d7186ed2f4e8367ae ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:30:05.0010 2856 Schedule - ok
13:30:05.0041 2856 [ 59a9eb4073a39895af314780d0a032fa ] SE27bus C:\WINDOWS\system32\DRIVERS\SE27bus.sys
13:30:05.0041 2856 SE27bus ( UnsignedFile.Multi.Generic ) - warning
13:30:05.0041 2856 SE27bus - detected UnsignedFile.Multi.Generic (1)
13:30:05.0072 2856 [ 5a33a8d7b44c7bd8abe248b4dcd1ff3c ] SE27mgmt C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
13:30:05.0072 2856 SE27mgmt ( UnsignedFile.Multi.Generic ) - warning
13:30:05.0072 2856 SE27mgmt - detected UnsignedFile.Multi.Generic (1)
13:30:05.0119 2856 [ bb30139683bbf3ee89ec931393d9335c ] se27nd5 C:\WINDOWS\system32\DRIVERS\se27nd5.sys
13:30:05.0119 2856 se27nd5 ( UnsignedFile.Multi.Generic ) - warning
13:30:05.0119 2856 se27nd5 - detected UnsignedFile.Multi.Generic (1)
13:30:05.0135 2856 [ 5da6ff71e94b9134ddd094ebb09f05e6 ] SE27obex C:\WINDOWS\system32\DRIVERS\SE27obex.sys
13:30:05.0150 2856 SE27obex ( UnsignedFile.Multi.Generic ) - warning
13:30:05.0150 2856 SE27obex - detected UnsignedFile.Multi.Generic (1)
13:30:05.0182 2856 [ 4d54a9d7c22157ab3d2442e8bcf5ecd2 ] se27unic C:\WINDOWS\system32\DRIVERS\se27unic.sys
13:30:05.0213 2856 se27unic ( UnsignedFile.Multi.Generic ) - warning
13:30:05.0213 2856 se27unic - detected UnsignedFile.Multi.Generic (1)
13:30:05.0244 2856 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:30:05.0307 2856 Secdrv - ok
13:30:05.0322 2856 [ bee4cfd1d48c23b44cf4b974b0b79b2b ] seclogon C:\WINDOWS\System32\seclogon.dll
13:30:05.0463 2856 seclogon - ok
13:30:05.0478 2856 [ 2aac9b6ed9eddffb721d6452e34d67e3 ] SENS C:\WINDOWS\system32\sens.dll
13:30:05.0603 2856 SENS - ok
13:30:05.0650 2856 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:30:05.0791 2856 serenum - ok
13:30:05.0822 2856 [ cf24eb4f0412c82bcd1f4f35a025e31d ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:30:05.0947 2856 Serial - ok
13:30:05.0963 2856 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:30:06.0088 2856 Sfloppy - ok
13:30:06.0119 2856 [ 2db7d303c36ddd055215052f118e8e75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:30:06.0150 2856 ShellHWDetection - ok
13:30:06.0228 2856 [ 6bd3976b881888ac9a0ed3eb94e7fd38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
13:30:06.0369 2856 sigfilt - ok
13:30:06.0369 2856 Simbad - ok
13:30:06.0416 2856 [ 6b33d0ebd30db32e27d1d78fe946a754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:30:06.0556 2856 sisagp - ok
13:30:06.0572 2856 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:30:06.0728 2856 SLIP - ok
13:30:06.0744 2856 [ 83c0f71f86d3bdaf915685f3d568b20e ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:30:06.0822 2856 Sparrow - ok
13:30:06.0885 2856 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:30:07.0025 2856 splitter - ok
13:30:07.0056 2856 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:30:07.0119 2856 Spooler - ok
13:30:07.0135 2856 [ 50fa898f8c032796d3b1b9951bb5a90f ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:30:07.0213 2856 sr - ok
13:30:07.0228 2856 [ fe77a85495065f3ad59c5c65b6c54182 ] srservice C:\WINDOWS\system32\srsvc.dll
13:30:07.0291 2856 srservice - ok
13:30:07.0338 2856 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:30:07.0416 2856 Srv - ok
13:30:07.0431 2856 [ 4df5b05dfaec29e13e1ed6f6ee12c500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:30:07.0510 2856 SSDPSRV - ok
13:30:07.0541 2856 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:30:07.0556 2856 ssmdrv - ok
13:30:07.0588 2856 [ b95480c92c4c9c311be47b8a1ad73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
13:30:07.0603 2856 STHDA - ok
13:30:07.0650 2856 [ bc2c5985611c5356b24aeb370953ded9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:30:07.0775 2856 stisvc - ok
13:30:07.0822 2856 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:30:07.0963 2856 streamip - ok
13:30:07.0994 2856 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:30:08.0103 2856 swenum - ok
13:30:08.0134 2856 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:30:08.0259 2856 swmidi - ok
13:30:08.0275 2856 SwPrv - ok
13:30:08.0291 2856 [ 1ff3217614018630d0a6758630fc698c ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
13:30:08.0431 2856 symc810 - ok
13:30:08.0447 2856 [ 070e001d95cf725186ef8b20335f933c ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:30:08.0556 2856 symc8xx - ok
13:30:08.0588 2856 [ 80ac1c4abbe2df3b738bf15517a51f2c ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:30:08.0697 2856 sym_hi - ok
13:30:08.0713 2856 [ bf4fab949a382a8e105f46ebb4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:30:08.0838 2856 sym_u3 - ok
13:30:08.0884 2856 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:30:08.0994 2856 sysaudio - ok
13:30:09.0041 2856 [ 2903fffa2523926d6219428040dce6b9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:30:09.0166 2856 SysmonLog - ok
13:30:09.0213 2856 [ 05903cac4b98908d55ea5774775b382e ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:30:09.0338 2856 TapiSrv - ok
13:30:09.0353 2856 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:30:09.0447 2856 Tcpip - ok
13:30:09.0494 2856 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:30:09.0603 2856 TDPIPE - ok
13:30:09.0603 2856 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:30:09.0759 2856 TDTCP - ok
13:30:09.0775 2856 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:30:09.0900 2856 TermDD - ok
13:30:09.0947 2856 [ b7de02c863d8f5a005a7bf375375a6a4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:30:10.0088 2856 TermService - ok
13:30:10.0103 2856 [ 2db7d303c36ddd055215052f118e8e75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:30:10.0119 2856 Themes - ok
13:30:10.0166 2856 [ 03681a1ce77f51586903869a5ab1deab ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:30:10.0228 2856 TlntSvr - ok
13:30:10.0259 2856 [ d213a9247dc347f305a2d4cc9b951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
13:30:10.0369 2856 TosIde - ok
13:30:10.0447 2856 [ 626504572b175867f30f3215c04b3e2f ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:30:10.0572 2856 TrkWks - ok
13:30:10.0619 2856 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:30:10.0744 2856 Udfs - ok
13:30:10.0759 2856 [ 1b698a51cd528d8da4ffaed66dfc51b9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
13:30:10.0822 2856 ultra - ok
13:30:10.0853 2856 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:30:11.0025 2856 Update - ok
13:30:11.0072 2856 [ 1dfd8975d8c89214b98d9387c1125b49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:30:11.0166 2856 upnphost - ok
13:30:11.0181 2856 [ 9b11e6118958e63e1fef129466e2bda7 ] UPS C:\WINDOWS\System32\ups.exe
13:30:11.0337 2856 UPS - ok
13:30:11.0353 2856 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:30:11.0416 2856 USBAAPL - ok
13:30:11.0416 2856 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:30:11.0541 2856 usbaudio - ok
13:30:11.0556 2856 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:30:11.0712 2856 usbccgp - ok
13:30:11.0728 2856 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:30:11.0837 2856 usbehci - ok
13:30:11.0869 2856 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:30:11.0994 2856 usbhub - ok
13:30:12.0025 2856 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:30:12.0150 2856 usbprint - ok
13:30:12.0181 2856 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:30:12.0322 2856 usbscan - ok
13:30:12.0337 2856 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:30:12.0478 2856 USBSTOR - ok
13:30:12.0525 2856 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:30:12.0665 2856 usbuhci - ok
13:30:12.0665 2856 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:30:12.0790 2856 VgaSave - ok
13:30:12.0806 2856 [ 754292ce5848b3738281b4f3607eaef4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:30:12.0931 2856 viaagp - ok
13:30:12.0962 2856 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:30:13.0072 2856 ViaIde - ok
13:30:13.0119 2856 [ a5a712f4e880874a477af790b5186e1d ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:30:13.0244 2856 VolSnap - ok
13:30:13.0275 2856 [ 68f106273be29e7b7ef8266977268e78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:30:13.0369 2856 VSS - ok
13:30:13.0415 2856 [ 7b353059e665f8b7ad2bbeaef597cf45 ] w32time C:\WINDOWS\system32\w32time.dll
13:30:13.0556 2856 w32time - ok
13:30:13.0572 2856 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:30:13.0697 2856 Wanarp - ok
13:30:13.0759 2856 [ 46a247f6617526afe38b6f12f5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:30:13.0790 2856 wceusbsh - ok
13:30:13.0806 2856 WDICA - ok
13:30:13.0837 2856 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:30:13.0947 2856 wdmaud - ok
13:30:13.0978 2856 [ 81727c9873e3905a2ffc1ebd07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:30:14.0103 2856 WebClient - ok
13:30:14.0165 2856 [ 6f3f3973d97714cc5f906a19fe883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:30:14.0306 2856 winmgmt - ok
13:30:14.0353 2856 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:30:14.0369 2856 WmdmPmSN - ok
13:30:14.0415 2856 [ ffa4d901d46d07a5bab2d8307fbb51a6 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:30:14.0462 2856 Wmi - ok
13:30:14.0509 2856 [ 93908111ba57a6e60ec2fa2de202105c ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:30:14.0634 2856 WmiApSrv - ok
13:30:14.0712 2856 [ bf05650bb7df5e9ebdd25974e22403bb ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
13:30:14.0806 2856 WMPNetworkSvc - ok
13:30:14.0837 2856 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:30:14.0947 2856 WS2IFSL - ok
13:30:14.0978 2856 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:30:15.0103 2856 WSTCODEC - ok
13:30:15.0134 2856 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:30:15.0197 2856 WudfPf - ok
13:30:15.0197 2856 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:30:15.0243 2856 WudfRd - ok
13:30:15.0290 2856 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:30:15.0337 2856 WudfSvc - ok
13:30:15.0384 2856 [ c4f109c005f6725162d2d12ca751e4a7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:30:15.0587 2856 WZCSVC - ok
13:30:15.0618 2856 [ 0ada34871a2e1cd2caafed1237a47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:30:15.0775 2856 xmlprov - ok
13:30:15.0790 2856 ================ Scan global ===============================
13:30:15.0837 2856 (2c60091ca5f67c3032eab3b30390c27f) C:\WINDOWS\system32\basesrv.dll
13:30:15.0853 2856 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
13:30:15.0868 2856 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
13:30:15.0900 2856 (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:30:15.0900 2856 [Global] - ok
13:30:15.0900 2856 ================ Scan MBR ==================================
13:30:15.0931 2856 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
13:30:16.0259 2856 \Device\Harddisk0\DR0 - ok
13:30:16.0259 2856 ================ Scan VBR ==================================
13:30:16.0259 2856 Boot (0x1200) (fa2ef77442e042a0e696b63fe6097aa2) \Device\Harddisk0\DR0\Partition1
13:30:16.0259 2856 \Device\Harddisk0\DR0\Partition1 - ok
13:30:16.0259 2856 ============================================================
13:30:16.0259 2856 Scan finished
13:30:16.0259 2856 ============================================================
13:30:16.0400 2432 Detected object count: 32
13:30:16.0400 2432 Actual detected object count: 32
13:30:52.0132 2432 APL531 ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0132 2432 APL531 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0132 2432 camfilt ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0132 2432 camfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0148 2432 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0148 2432 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 ELhid ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0163 2432 ELmon ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0163 2432 ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 ELmou ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 ELService ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 ELService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0179 2432 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0179 2432 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0194 2432 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0194 2432 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0194 2432 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0194 2432 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0194 2432 SE27mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0194 2432 SE27mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0194 2432 se27nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0194 2432 se27nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0194 2432 SE27obex ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0194 2432 SE27obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:30:52.0194 2432 se27unic ( UnsignedFile.Multi.Generic ) - skipped by user
13:30:52.0194 2432 se27unic ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.08.2012, 20:36
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2012, 14:08
| #29 |
| | Live Security Platinum hat auch geklappt. Hier der neue Log! Bin beeindruckt, wenn man solche Infos aus all den Logs auch versteht!  Code:
ATTFilter ComboFix 12-08-17.03 - *** 18.08.2012 14:49:13.3.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\GNTERT~1\LOKALE~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\dokumente und einstellungen\***\Lokale Einstellungen\temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\_detmp.2
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-18 bis 2012-08-18 ))))))))))))))))))))))))))))))
.
.
2012-08-16 11:53 . 2012-08-16 11:53 -------- d-----w- C:\_OTL
2012-08-12 09:33 . 2012-08-12 09:33 -------- d-----w- c:\programme\ESET
2012-08-03 15:52 . 2012-08-15 21:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 21:00 . 2012-07-31 21:00 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 21:52 . 2012-03-19 10:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-05-09 20:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:55 . 2005-08-19 23:34 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-09-22 20:39 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2005-08-19 23:34 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-19 23:34 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-05-23 18:26 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-05-23 18:26 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-08-19 23:55 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2005-08-19 23:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2005-08-19 23:55 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-05-23 18:26 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2005-08-19 23:55 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-08-19 23:55 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2005-08-19 23:33 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-05-23 18:26 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2005-08-19 23:55 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2005-08-19 23:55 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-11-19 23:42 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2009-11-19 23:42 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-11-19 23:42 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2005-08-19 23:33 604160 ----a-w- c:\windows\system32\crypt32.dll
2011-07-14 09:31 . 2010-03-31 19:17 1456640 ----a-w- c:\programme\Gemeinsame Dateien\Falk Navi-Manager.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Creative Detector"="c:\programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\programme\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"HerculesCamService"="c:\programme\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-01-17 102400]
"Corel Photo Downloader"="c:\programme\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\
Lotus Schnellstart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-1-10 16384]
Lotus SmartSuite 97 Registrierung.lnk - c:\lotus\register\remind32.exe [1995-11-6 45056]
.
R2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\Drivers\HDvid.sys [x]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [x]
R3 camfilt;camfilt;c:\windows\system32\Drivers\camfilt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [x]
R3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\DRIVERS\NETFWDSL.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 21:52]
.
2012-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-04 09:50]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-04 09:50]
.
2006-05-18 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-08-19 02:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.kult.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-18 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(808)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-08-18 14:56:49
ComboFix-quarantined-files.txt 2012-08-18 12:56
.
Vor Suchlauf: 18 Verzeichnis(se), 382.658.846.720 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 382.833.950.720 Bytes frei
.
- - End Of File - - 2FCCE6E18F6635EBA807A78A77327922
|
|
18.08.2012, 14:40
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Live Security Platinum |
| antivirus, dateien, dll, ergebnis, fehler, file, folge, laden, live, meldung, neues, neuinstallation, nicht mehr, nicht mehr öffnen, not, probleme, quarantäne, rundll, scan, security, software, start, surfen, tr/atraps.gen, tr/atraps.gen2., warnung, öffnen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
