| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.08.2012, 15:13
| #16 |
 |  TR/ATRAPS.Gen und TR/ATRAPS.Gen2 OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.08.2012 16:00:39 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\stephanie behnsch\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,82% Memory free 4,78 Gb Paging File | 4,39 Gb Available in Paging File | 91,93% Paging File free Paging file location(s): D:\pagefile.sys 3000 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 19,41 Gb Free Space | 39,74% Space Free | Partition Type: NTFS Drive D: | 323,77 Gb Total Space | 320,48 Gb Free Space | 98,98% Space Free | Partition Type: NTFS Computer Name: BABY | User Name: stephanie behnsch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.15 15:58:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stephanie behnsch\Eigene Dateien\Downloads\OTL.exe PRC - [2012.08.09 04:31:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 09:19:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 09:19:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 09:19:29 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2008.12.23 19:10:41 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.02.05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2007.04.10 10:25:52 | 000,249,856 | ---- | M] (BL) -- C:\Programme\lg_fwupdate\fwupdate.exe PRC - [2006.12.15 03:23:27 | 000,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_11\bin\jusched.exe PRC - [2006.09.01 12:01:42 | 000,671,744 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2006.08.31 11:47:00 | 002,162,688 | R--- | M] (Gainward Co.) -- C:\WINDOWS\TBPanel.exe PRC - [2006.08.03 14:29:02 | 000,244,520 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe PRC - [2006.08.03 10:44:52 | 000,529,968 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe PRC - [2006.07.19 13:03:56 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.exe PRC - [2006.01.11 10:06:36 | 000,147,456 | ---- | M] (AccSys GmbH) -- C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.05.09 09:19:30 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.12.23 19:10:40 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2008.02.05 19:18:58 | 000,068,120 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVCSPS.dll MOD - [2006.08.31 11:47:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006.08.31 11:47:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006.08.31 11:47:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll MOD - [2006.08.31 11:47:00 | 000,032,768 | R--- | M] () -- C:\WINDOWS\TBPanelExt.dll MOD - [2006.08.31 11:47:00 | 000,005,120 | R--- | M] () -- C:\WINDOWS\TBManage.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.04 18:00:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.30 18:18:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.09 09:19:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 09:19:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.02.05 19:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2008.02.05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.02.05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2006.01.11 10:06:36 | 000,147,456 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe -- (accsvc) SRV - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install) DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\VClone.sys -- (VClone) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp\bDMusicb.sys -- (bDMusicb) DRV - [2012.05.09 09:19:30 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 09:19:30 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.16 11:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.06.16 11:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.10.13 14:39:36 | 000,013,824 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPub2521.sys -- (HPub2521) DRV - [2010.10.12 12:41:32 | 000,020,480 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPMo2521.sys -- (HPMo2521) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.01 08:51:28 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.02.06 04:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.02.06 04:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.02.06 04:17:37 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2008.02.06 04:17:26 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2008.02.05 19:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.02.05 19:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007.12.31 18:18:19 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09) DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09) DRV - [2007.05.18 18:09:04 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06) DRV - [2006.09.01 13:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2006.08.31 11:47:00 | 000,005,306 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2006.08.31 11:47:00 | 000,005,306 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2006.08.04 10:29:24 | 000,043,904 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2006.07.27 03:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.07.19 13:29:08 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe) DRV - [2006.07.19 13:28:56 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2006.07.12 11:58:02 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.03.17 20:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2006.03.06 13:45:52 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2006.02.07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO) DRV - [2005.07.08 18:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2005.07.08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005.07.08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.bearshare.com/sidebar.html?src=ssb IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\SearchScopes\Google: "URL" = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\STEPHA~1\ANWEND~1\Flatcast\NpFv522.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.30 18:18:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.04 14:58:09 | 000,000,000 | ---D | M] [2011.11.27 20:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Extensions [2009.07.30 17:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2002.01.01 00:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions [2002.01.01 00:06:27 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e} [2010.06.25 04:36:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.17 00:09:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.02 17:00:04 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\plugin@yontoo.com [2002.01.01 00:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\staged [2011.11.09 07:21:50 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\youtube2mp3@mondayx.de [2012.06.08 00:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2012.07.30 18:18:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NPPDLicenseHelper.dll [2012.02.27 14:15:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.27 14:15:05 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.27 14:15:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.27 14:15:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.27 14:15:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.27 14:15:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {AB44C409-77B8-430C-8B6F-DCE502C196F6} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found. O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe File not found O4 - HKLM..\Run: [Gainward] C:\WINDOWS\TBPanel.exe (Gainward Co.) O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe (BL) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WLAN Quick-Starter] C:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe (AccSys GmbH) O4 - HKU\S-1-5-21-1547161642-725345543-723958394-1004..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (Heidi Computers Ltd) O4 - HKU\S-1-5-21-1547161642-725345543-723958394-1004..\Run: [ICQUpdater] "C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp\IcqUpdater.exe" -update 648 "C:\PROGRA~1\ICQ6\updates" "C:\PROGRA~1\ICQ6" "C:\PROGRA~1\ICQ6\ICQ.exe noupdater=1" /autorun File not found O4 - HKU\S-1-5-21-1547161642-725345543-723958394-1004..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\stephanie behnsch\Startmenü\Programme\Autostart\Adobe Media Player.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data] O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61E9A9B7-B073-49EF-AF50-2783E87AE4D2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB6F1656-BB8D-443D-9F3D-1DFC7DBD3E93}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.16 15:39:48 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\Shell\AutoRun\command - "" = G:\ASUSACPI.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: SharedAccess - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.15 15:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.08.12 18:14:22 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.30 18:32:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Apple Computer [2007.04.05 22:29:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\stephanie behnsch\usbsermptxp.sys [2007.04.05 22:29:18 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\stephanie behnsch\usbsermpt.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.15 16:04:53 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [2012.08.15 16:00:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.15 15:50:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.15 15:49:34 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.08.15 15:49:34 | 000,000,354 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2012.08.15 15:49:32 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.15 15:49:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.15 07:17:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 13:26:40 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.07 10:49:58 | 000,001,712 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\U\00000001.@ [2012.02.16 13:01:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.04 00:38:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.01.26 12:39:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.01.21 16:10:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2011.01.21 16:10:24 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2011.01.21 16:06:46 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\$_hpcst$.hpc [2010.10.09 15:26:12 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins001.exe [2010.10.09 15:26:12 | 000,000,937 | ---- | C] () -- C:\WINDOWS\unins001.dat [2009.08.02 15:03:56 | 000,291,832 | ---- | C] ( ) -- C:\Programme\Gemeinsame Dateien\delete.exe [2008.08.19 17:51:31 | 000,329,967 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\NMM-MetaData.db [2007.04.05 22:29:18 | 000,009,232 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\USB_MOT_BRIT.INF [2007.04.05 22:29:18 | 000,006,947 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\USBMOT2000.INF [2007.04.05 22:29:18 | 000,006,009 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\USBMOT2000XP.INF [2007.04.05 22:29:18 | 000,005,877 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\USB_CMCS_2000.INF [2007.04.05 22:29:18 | 000,005,813 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\USB_MOT_A1000.INF [2007.04.05 22:29:15 | 000,019,758 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\1175804955-oem15.PNF [2007.04.05 22:29:15 | 000,011,167 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\1175804955-oem15.inf [2007.04.02 10:58:41 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.12.24 07:23:02 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.16 15:28:26 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe [2006.02.28 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\@ [2006.02.28 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\@ ========== LOP Check ========== [2010.12.24 14:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alawar Stargaze [2008.11.21 18:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astar Games [2007.07.11 19:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest Software [2008.03.22 22:59:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2008.10.05 12:51:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2008.12.08 20:08:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Christmasville [2009.07.18 10:29:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads [2009.07.09 18:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2008.11.01 20:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EscapeTheMuseum [2011.08.02 12:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flood Light Games [2009.06.07 18:25:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fullscreen=true [2008.08.24 17:08:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameHouse [2008.03.22 22:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2010.05.22 13:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HideAndSecret3 [2009.03.13 22:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2011.08.19 17:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium [2010.09.13 11:51:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\JollyBear [2008.03.22 22:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.11.04 12:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maximize Games [2010.09.14 13:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Merscom [2009.04.13 18:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mushroom Age [2006.12.16 15:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies [2011.10.31 16:08:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Particles [2008.08.19 17:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.03.14 23:57:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst [2012.02.17 00:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2007.12.01 13:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenSeven [2007.05.19 22:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simple Star [2007.05.19 22:51:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simple Star Shared [2008.12.24 00:18:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpinTop Games [2011.10.07 22:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.08.09 00:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2009.07.09 18:16:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2007.04.14 17:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2007.12.10 17:37:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1} [2009.05.31 14:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012.07.11 19:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\AlawarEntertainment [2011.10.31 13:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Awem [2008.12.26 16:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\cerasus.media [2012.05.18 21:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Deep Shadows [2012.02.17 00:12:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\DVDVideoSoft [2011.05.04 06:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.07.11 18:48:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\EntwinedSoD [2010.08.04 18:26:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\EPSON [2010.10.09 15:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Flatcast [2008.03.22 23:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Haufe [2007.04.02 12:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\ICQLite [2009.08.03 14:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Inteniumv1002 [2007.05.27 21:39:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Leadertech [2012.07.11 14:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\MagicIndie [2010.09.14 13:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Merscom [2008.08.19 17:28:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\PC Suite [2009.07.18 10:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\ProtectDisc [2012.02.17 00:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Samsung [2007.12.01 13:47:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\ScreenSeven [2010.07.02 18:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Settlement. Colossus [2007.05.20 00:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Simple Star [2009.12.20 17:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\SprillRichiGerman [2008.01.26 23:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\TomTom [2008.09.25 18:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Zylom ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2012.07.11 14:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Far Mills [2011.08.17 16:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\ZA_PreservedFiles < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.07.25 13:02:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Adobe [2007.05.27 21:34:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\AdobeUM [2007.05.20 00:48:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Ahead [2012.07.11 19:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\AlawarEntertainment [2012.07.30 18:32:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Apple Computer [2007.08.26 13:47:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Arcsoft [2012.01.25 22:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Avira [2011.10.31 13:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Awem [2008.12.26 16:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\cerasus.media [2006.12.16 17:04:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\CyberLink [2012.05.18 21:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Deep Shadows [2007.04.09 16:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\DivX [2011.06.20 16:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\dvdcss [2012.02.17 00:12:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\DVDVideoSoft [2011.05.04 06:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.07.11 18:48:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\EntwinedSoD [2010.08.04 18:26:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\EPSON [2010.10.09 15:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Flatcast [2009.07.01 16:11:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Google [2007.12.31 18:36:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Hamachi [2008.03.22 23:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Haufe [2007.04.02 12:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\ICQLite [2008.09.17 17:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Identities [2007.12.02 21:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\InstallShield [2009.08.03 14:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Inteniumv1002 [2007.05.27 21:39:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Leadertech [2006.12.16 14:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Logitech [2007.04.02 12:26:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Macromedia [2012.07.11 14:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\MagicIndie [2012.07.02 17:10:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Malwarebytes [2010.09.14 13:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Merscom [2008.03.22 22:56:49 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Microsoft [2012.08.07 12:05:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Microsoft Games [2009.05.04 19:13:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla [2007.08.11 13:41:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Nero [2008.08.19 17:28:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\PC Suite [2009.07.18 10:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\ProtectDisc [2012.02.17 00:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Samsung [2007.12.01 13:47:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\ScreenSeven [2010.07.02 18:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Settlement. Colossus [2007.05.20 00:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Simple Star [2012.08.15 16:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Skype [2011.10.21 22:08:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\skypePM [2009.12.20 17:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\SprillRichiGerman [2007.04.02 18:31:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Sun [2008.01.26 23:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\TomTom [2011.03.12 15:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\vlc [2011.12.24 10:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\ZoomBrowser EX [2008.09.25 18:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Zylom < %APPDATA%\*.exe /s > [2008.07.25 13:02:37 | 000,037,176 | ---- | M] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008.07.25 13:06:58 | 001,526,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011.06.02 19:36:10 | 003,081,376 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2006.12.16 14:34:13 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Microsoft\Installer\{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.08.30 13:49:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.08.30 13:49:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.08.30 13:49:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.08.30 13:49:41 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.12.17 15:02:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.12.17 15:02:45 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.12.17 15:02:45 | 000,462,848 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:81A3F151 @Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3B3A35EC @Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E98C5DD9 @Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:62197B73 @Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0D31DA45 @Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0AC32449 @Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7E26B7DC @Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:72E546C1 @Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B652B720 @Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:389D51A1 @Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:997E6AF4 @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4FE30352 @Alternate Data Stream - 108 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 @Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7C8950EF @Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5216CD26 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.08.2012 16:00:39 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Dokumente und Einstellungen\stephanie behnsch\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,82% Memory free
4,78 Gb Paging File | 4,39 Gb Available in Paging File | 91,93% Paging File free
Paging file location(s): D:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 19,41 Gb Free Space | 39,74% Space Free | Partition Type: NTFS
Drive D: | 323,77 Gb Total Space | 320,48 Gb Free Space | 98,98% Space Free | Partition Type: NTFS
Computer Name: BABY | User Name: stephanie behnsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2808E975-BD01-47DD-9852-54E3C622BDDC}" = WLAN Monitor
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E40268F4-7E9F-4E07-B773-7FF64971F42E}" = WLAN Quick-Starter
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Eraser" = Eraser
"ESET Online Scanner" = ESET Online Scanner v3
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Gainward" = EXPERTool
"HaaliMkx" = Haali Media Splitter
"Hardcopy(c__hardcopy)" = Hardcopy (c:\hardcopy)
"InCD!UninstallKey" = InCD
"lvdrivers_11.70" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver" = ProtectDisc Helper Driver
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rommé 1" = Rommé 1
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.08.2012 04:08:06 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 11.08.2012 16:31:25 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.08.2012 05:45:47 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.08.2012 12:14:20 | Computer Name = BABY | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 12.08.2012 12:14:20 | Computer Name = BABY | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 13.08.2012 03:33:00 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.08.2012 14:24:04 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.08.2012 14:59:33 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.08.2012 00:37:35 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.08.2012 12:31:40 | Computer Name = BABY | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TeaTimer.exe, Version 1.4.0.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 15.08.2012 00:46:14 | Computer Name = BABY | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
0018F3C5BA48 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 15.08.2012 00:47:44 | Computer Name = BABY | Source = Service Control Manager | ID = 7024
Description = Der Dienst "InCD Helper" wurde mit folgendem dienstspezifischem Fehler
beendet: 1 (0x1).
Error - 15.08.2012 00:47:44 | Computer Name = BABY | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 15.08.2012 00:47:44 | Computer Name = BABY | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 15.08.2012 00:47:44 | Computer Name = BABY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 15.08.2012 09:49:24 | Computer Name = BABY | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
0018F3C5BA48 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 15.08.2012 09:50:56 | Computer Name = BABY | Source = Service Control Manager | ID = 7024
Description = Der Dienst "InCD Helper" wurde mit folgendem dienstspezifischem Fehler
beendet: 1 (0x1).
Error - 15.08.2012 09:50:56 | Computer Name = BABY | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 15.08.2012 09:50:56 | Computer Name = BABY | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 15.08.2012 09:50:56 | Computer Name = BABY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
< End of report >
|
|
15.08.2012, 20:36
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/ATRAPS.Gen und TR/ATRAPS.Gen2Code:
ATTFilter (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
__________________ |
|
15.08.2012, 22:46
| #18 | |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2Zitat:
wie bekomme ich das denn weg??? da gibts zwar eine Uninstall-datei, aber da tut sich nichts bei doppelklick und unter systemsteuerung-Software wird es mir nicht angezeigt..... Geändert von funny83 (15.08.2012 um 23:43 Uhr) |
|
16.08.2012, 09:51
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hm scheinen irgendwelche Reste zu sein Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp\bDMusicb.sys -- (bDMusicb)
DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
FF - user.js - File not found
[2002.01.01 00:06:27 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2010.06.25 04:36:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O2 - BHO: (no name) - {AB44C409-77B8-430C-8B6F-DCE502C196F6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O4 - HKU\S-1-5-21-1547161642-725345543-723958394-1004..\Run: [ICQUpdater] "C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp\IcqUpdater.exe" -update 648 "C:\PROGRA~1\ICQ6\updates" "C:\PROGRA~1\ICQ6" "C:\PROGRA~1\ICQ6\ICQ.exe noupdater=1" /autorun File not found
O4 - HKU\S-1-5-21-1547161642-725345543-723958394-1004..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\stephanie behnsch\Startmenü\Programme\Autostart\Adobe Media Player.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.16 15:39:48 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\Shell\AutoRun\command - "" = G:\ASUSACPI.exe
@Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:81A3F151
@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3B3A35EC
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E98C5DD9
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:62197B73
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0D31DA45
@Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0AC32449
@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7E26B7DC
@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:72E546C1
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B652B720
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:389D51A1
@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:997E6AF4
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4FE30352
@Alternate Data Stream - 108 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
@Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7C8950EF
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5216CD26
:Files
C:\Programme\Yontoo
C:\Dokumente und Einstellungen\All Users\Application Data\ZA_PreservedFiles
C:\Programme\Gemeinsame Dateien\delete.exe
C:\Programme\CheckPoint
C:\Programme\Uninstall_CDS.exe
C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\L
C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\L
C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\U
C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\U
C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\n
C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\n
C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\@
C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.08.2012, 10:18
| #20 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2Code:
ATTFilter All processes killed
========== OTL ==========
Service IswSvc stopped successfully!
Service IswSvc deleted successfully!
C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe moved successfully.
Service bDMusicb stopped successfully!
Service bDMusicb deleted successfully!
File C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp\bDMusicb.sys not found.
Service ISWKL stopped successfully!
Service ISWKL deleted successfully!
C:\Programme\CheckPoint\ZAForceField\ISWKL.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\Plugins folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\modules folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\components folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e} folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Anwendungsdaten\Mozilla\Firefox\Profiles\tlwc3q0n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB44C409-77B8-430C-8B6F-DCE502C196F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB44C409-77B8-430C-8B6F-DCE502C196F6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ICQUpdater deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Nero PhotoShow Media Manager deleted successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Startmenü\Programme\Autostart\Adobe Media Player.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1547161642-725345543-723958394-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b2eb90f-8dcd-11db-95b8-806d6172696f}\ not found.
File G:\ASUSACPI.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:81A3F151 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3B3A35EC deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E98C5DD9 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:62197B73 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0D31DA45 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0AC32449 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7E26B7DC deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:72E546C1 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B652B720 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:389D51A1 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:997E6AF4 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4FE30352 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7C8950EF deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5216CD26 deleted successfully.
========== FILES ==========
File\Folder C:\Programme\Yontoo not found.
C:\Dokumente und Einstellungen\All Users\Application Data\ZA_PreservedFiles folder moved successfully.
C:\Programme\Gemeinsame Dateien\delete.exe moved successfully.
C:\Programme\CheckPoint\ZAForceField\Updates folder moved successfully.
C:\Programme\CheckPoint\ZAForceField\Trustchecker\Search folder moved successfully.
C:\Programme\CheckPoint\ZAForceField\Trustchecker folder moved successfully.
C:\Programme\CheckPoint\ZAForceField\Plugins folder moved successfully.
C:\Programme\CheckPoint\ZAForceField\ISWUL_MIN folder moved successfully.
C:\Programme\CheckPoint\ZAForceField\GUI\HtmlPages folder moved successfully.
C:\Programme\CheckPoint\ZAForceField\GUI folder moved successfully.
C:\Programme\CheckPoint\ZAForceField\CFG folder moved successfully.
C:\Programme\CheckPoint\ZAForceField folder moved successfully.
C:\Programme\CheckPoint folder moved successfully.
C:\Programme\Uninstall_CDS.exe moved successfully.
C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\L folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\L folder moved successfully.
C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\U folder moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\U folder moved successfully.
File\Folder C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\n not found.
File\Folder C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\n not found.
C:\WINDOWS\Installer\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\@ moved successfully.
C:\Dokumente und Einstellungen\stephanie behnsch\Lokale Einstellungen\Anwendungsdaten\{71f9f210-d409-52c2-fb9c-74b4ef03873c}\@ moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: LocalService
->Temp folder emptied: 1133400 bytes
->Temporary Internet Files folder emptied: 2133812 bytes
->Flash cache emptied: 405 bytes
User: NetworkService
->Temp folder emptied: 1065944 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: stephanie behnsch
->Temp folder emptied: 2422562 bytes
->Temporary Internet Files folder emptied: 8951927 bytes
->Java cache emptied: 46854560 bytes
->FireFox cache emptied: 87014295 bytes
->Flash cache emptied: 233880501 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 803511 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45961580 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 412,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: stephanie behnsch
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.57.0 log created on 08162012_110939
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj06.dll not found!
PendingFileRenameOperations files...
File C:\WINDOWS\temp\logishrd\LVPrcInj06.dll not found!
Registry entries deleted on Reboot...
|
|
16.08.2012, 11:55
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
|
16.08.2012, 12:07
| #22 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2Code:
ATTFilter 13:03:21.0390 2352 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
13:03:21.0500 2352 ============================================================
13:03:21.0500 2352 Current date / time: 2012/08/16 13:03:21.0500
13:03:21.0500 2352 SystemInfo:
13:03:21.0500 2352
13:03:21.0500 2352 OS Version: 5.1.2600 ServicePack: 3.0
13:03:21.0500 2352 Product type: Workstation
13:03:21.0500 2352 ComputerName: BABY
13:03:21.0500 2352 UserName: stephanie behnsch
13:03:21.0500 2352 Windows directory: C:\WINDOWS
13:03:21.0500 2352 System windows directory: C:\WINDOWS
13:03:21.0500 2352 Processor architecture: Intel x86
13:03:21.0500 2352 Number of processors: 2
13:03:21.0500 2352 Page size: 0x1000
13:03:21.0500 2352 Boot type: Normal boot
13:03:21.0500 2352 ============================================================
13:03:22.0156 2352 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:03:22.0171 2352 ============================================================
13:03:22.0171 2352 \Device\Harddisk0\DR0:
13:03:22.0171 2352 MBR partitions:
13:03:22.0171 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61AB7E8
13:03:22.0187 2352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61AB866, BlocksNum 0x2878C45B
13:03:22.0187 2352 ============================================================
13:03:22.0203 2352 C: <-> \Device\Harddisk0\DR0\Partition1
13:03:22.0218 2352 D: <-> \Device\Harddisk0\DR0\Partition2
13:03:22.0234 2352 ============================================================
13:03:22.0234 2352 Initialize success
13:03:22.0234 2352 ============================================================
13:04:11.0296 4052 ============================================================
13:04:11.0296 4052 Scan started
13:04:11.0296 4052 Mode: Manual; SigCheck; TDLFS;
13:04:11.0296 4052 ============================================================
13:04:11.0625 4052 ================ Scan services =============================
13:04:11.0750 4052 Abiosdsk - ok
13:04:11.0750 4052 abp480n5 - ok
13:04:11.0796 4052 [ 28d5f4855a5fead40fb9abccedefb9e0 ] accsvc C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
13:04:12.0593 4052 accsvc ( UnsignedFile.Multi.Generic ) - warning
13:04:12.0593 4052 accsvc - detected UnsignedFile.Multi.Generic (1)
13:04:12.0625 4052 [ 44010948bde6ade50dd1386657c73e83 ] ACEDRV06 C:\WINDOWS\system32\drivers\ACEDRV06.sys
13:04:12.0640 4052 ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning
13:04:12.0640 4052 ACEDRV06 - detected UnsignedFile.Multi.Generic (1)
13:04:12.0671 4052 [ bd4e8c841716d5f2804ce000cfe61524 ] acedrv09 C:\WINDOWS\system32\drivers\acedrv09.sys
13:04:12.0750 4052 acedrv09 - ok
13:04:12.0765 4052 [ a6fe70357a68ad1e279cd1012419cce6 ] acedrv11 C:\WINDOWS\system32\drivers\acedrv11.sys
13:04:12.0781 4052 acedrv11 - ok
13:04:12.0812 4052 [ 7b19e528f2f40524e2c40f754a571eb8 ] acehlp09 C:\WINDOWS\system32\drivers\acehlp09.sys
13:04:12.0828 4052 acehlp09 - ok
13:04:12.0859 4052 [ ac407f1a62c3a300b4f2b5a9f1d55b2c ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:04:13.0484 4052 ACPI - ok
13:04:13.0500 4052 [ 9e1ca3160dafb159ca14f83b1e317f75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:04:13.0625 4052 ACPIEC - ok
13:04:13.0656 4052 [ ab0d9669bab1009e48cc91117e59912b ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:04:13.0718 4052 ADIHdAudAddService - ok
13:04:13.0781 4052 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:04:13.0796 4052 AdobeFlashPlayerUpdateSvc - ok
13:04:13.0812 4052 adpu160m - ok
13:04:13.0812 4052 [ 03be587e90c8b37c7ff1fe2e9c1d1c90 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
13:04:13.0843 4052 AEAudio - ok
13:04:13.0859 4052 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:04:13.0953 4052 aec - ok
13:04:13.0968 4052 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:04:14.0015 4052 AFD - ok
13:04:14.0015 4052 Aha154x - ok
13:04:14.0031 4052 aic78u2 - ok
13:04:14.0031 4052 aic78xx - ok
13:04:14.0062 4052 [ 738d80cc01d7bc7584be917b7f544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:04:14.0156 4052 Alerter - ok
13:04:14.0171 4052 [ 190cd73d4984f94d823f9444980513e5 ] ALG C:\WINDOWS\System32\alg.exe
13:04:14.0218 4052 ALG - ok
13:04:14.0218 4052 AliIde - ok
13:04:14.0234 4052 amsint - ok
13:04:14.0281 4052 [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
13:04:14.0296 4052 AntiVirSchedulerService - ok
13:04:14.0328 4052 [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:04:14.0343 4052 AntiVirService - ok
13:04:14.0343 4052 AppMgmt - ok
13:04:14.0359 4052 asc - ok
13:04:14.0359 4052 asc3350p - ok
13:04:14.0359 4052 asc3550 - ok
13:04:14.0468 4052 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:04:14.0500 4052 aspnet_state - ok
13:04:14.0531 4052 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:04:14.0625 4052 AsyncMac - ok
13:04:14.0640 4052 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:04:14.0734 4052 atapi - ok
13:04:14.0734 4052 Atdisk - ok
13:04:14.0765 4052 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:04:14.0859 4052 Atmarpc - ok
13:04:14.0890 4052 [ 58ed0d5452df7be732193e7999c6b9a4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:04:14.0984 4052 AudioSrv - ok
13:04:15.0000 4052 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:04:15.0109 4052 audstub - ok
13:04:15.0109 4052 [ d5541f0afb767e85fc412fc609d96a74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:04:15.0125 4052 avgntflt - ok
13:04:15.0156 4052 [ 7d967a682d4694df7fa57d63a2db01fe ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:04:15.0171 4052 avipbb - ok
13:04:15.0187 4052 [ 271cfd1a989209b1964e24d969552bf7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:04:15.0203 4052 avkmgr - ok
13:04:15.0234 4052 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:04:15.0343 4052 Beep - ok
13:04:15.0359 4052 [ d6f603772a789bb3228f310d650b8bd1 ] BITS C:\WINDOWS\system32\qmgr.dll
13:04:15.0468 4052 BITS - ok
13:04:15.0484 4052 [ 3f56903e124e820aeece6d471583c6c1 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
13:04:15.0500 4052 Bonjour Service - ok
13:04:15.0531 4052 [ b71549f23736adf83a571061c47777fd ] Browser C:\WINDOWS\System32\browser.dll
13:04:15.0562 4052 Browser - ok
13:04:15.0593 4052 [ 175418424b0973ae9004257ebc60431c ] Cardex C:\WINDOWS\system32\drivers\TBPANEL.SYS
13:04:15.0609 4052 Cardex ( UnsignedFile.Multi.Generic ) - warning
13:04:15.0609 4052 Cardex - detected UnsignedFile.Multi.Generic (1)
13:04:15.0640 4052 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:04:15.0718 4052 cbidf2k - ok
13:04:15.0734 4052 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:04:15.0843 4052 CCDECODE - ok
13:04:15.0843 4052 cd20xrnt - ok
13:04:15.0859 4052 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:04:15.0968 4052 Cdaudio - ok
13:04:16.0000 4052 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:04:16.0093 4052 Cdfs - ok
13:04:16.0109 4052 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:04:16.0203 4052 Cdrom - ok
13:04:16.0218 4052 Changer - ok
13:04:16.0234 4052 [ 28e3040d1f1ca2008cd6b29dfebc9a5e ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:04:16.0328 4052 CiSvc - ok
13:04:16.0359 4052 [ 778a30ed3c134eb7e406afc407e9997d ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:04:16.0453 4052 ClipSrv - ok
13:04:16.0468 4052 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:04:16.0593 4052 clr_optimization_v2.0.50727_32 - ok
13:04:16.0593 4052 CmdIde - ok
13:04:16.0593 4052 COMSysApp - ok
13:04:16.0609 4052 Cpqarray - ok
13:04:16.0640 4052 [ 611f824e5c703a5a899f84c5f1699e4d ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:04:16.0734 4052 CryptSvc - ok
13:04:16.0734 4052 dac2w2k - ok
13:04:16.0734 4052 dac960nt - ok
13:04:16.0781 4052 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:04:16.0812 4052 DcomLaunch - ok
13:04:16.0812 4052 dgderdrv - ok
13:04:16.0843 4052 [ 846517582e1ddbde54fd2fdb60b6aa3a ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
13:04:16.0859 4052 dg_ssudbus - ok
13:04:16.0875 4052 [ c29a1c9b75ba38fa37f8c44405dec360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:04:16.0968 4052 Dhcp - ok
13:04:17.0000 4052 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:04:17.0078 4052 Disk - ok
13:04:17.0093 4052 dmadmin - ok
13:04:17.0140 4052 [ 0dcfc8395a99fecbb1ef771cec7fe4ea ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:04:17.0281 4052 dmboot - ok
13:04:17.0312 4052 [ 53720ab12b48719d00e327da470a619a ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:04:17.0406 4052 dmio - ok
13:04:17.0437 4052 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:04:17.0531 4052 dmload - ok
13:04:17.0546 4052 [ 25c83ffbba13b554eb6d59a9b2e2ee78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:04:17.0640 4052 dmserver - ok
13:04:17.0656 4052 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:04:17.0765 4052 DMusic - ok
13:04:17.0781 4052 [ 407f3227ac618fd1ca54b335b083de07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:04:17.0828 4052 Dnscache - ok
13:04:17.0875 4052 [ 676e36c4ff5bcea1900f44182b9723e6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:04:17.0968 4052 Dot3svc - ok
13:04:17.0984 4052 dpti2o - ok
13:04:18.0000 4052 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:04:18.0078 4052 drmkaud - ok
13:04:18.0109 4052 [ 4e4f2fddab0a0736d7671134dcce91fb ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:04:18.0203 4052 EapHost - ok
13:04:18.0234 4052 [ 877c18558d70587aa7823a1a308ac96b ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:04:18.0328 4052 ERSvc - ok
13:04:18.0359 4052 [ a3edbe9053889fb24ab22492472b39dc ] Eventlog C:\WINDOWS\system32\services.exe
13:04:18.0375 4052 Eventlog - ok
13:04:18.0406 4052 [ af4f6b5739d18ca7972ab53e091cbc74 ] EventSystem C:\WINDOWS\system32\es.dll
13:04:18.0437 4052 EventSystem - ok
13:04:18.0468 4052 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:04:18.0562 4052 Fastfat - ok
13:04:18.0593 4052 [ 2db7d303c36ddd055215052f118e8e75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:04:18.0625 4052 FastUserSwitchingCompatibility - ok
13:04:18.0640 4052 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:04:18.0734 4052 Fdc - ok
13:04:18.0750 4052 [ b0678a548587c5f1967b0d70bacad6c1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:04:18.0859 4052 Fips - ok
13:04:18.0890 4052 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:04:18.0984 4052 Flpydisk - ok
13:04:19.0000 4052 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:04:19.0093 4052 FltMgr - ok
13:04:19.0140 4052 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:04:19.0156 4052 FontCache3.0.0.0 - ok
13:04:19.0171 4052 [ b07663a810e861eebfd0eac7e82ca62d ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
13:04:19.0187 4052 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:04:19.0187 4052 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:04:19.0203 4052 [ f96c429788350db4ba6771c3034dfd88 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
13:04:19.0203 4052 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
13:04:19.0203 4052 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
13:04:19.0203 4052 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:04:19.0296 4052 Fs_Rec - ok
13:04:19.0312 4052 [ 8f1955ce42e1484714b542f341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:04:19.0390 4052 Ftdisk - ok
13:04:19.0421 4052 [ b45f1df1cce34e2af422f0ed78cd70ef ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
13:04:19.0468 4052 FWLANUSB - ok
13:04:19.0484 4052 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:04:19.0593 4052 Gpc - ok
13:04:19.0640 4052 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
13:04:19.0656 4052 gupdate - ok
13:04:19.0656 4052 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
13:04:19.0671 4052 gupdatem - ok
13:04:19.0687 4052 [ d30b31375c40309425c21efe75db90bb ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:04:19.0703 4052 hamachi - ok
13:04:19.0718 4052 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:04:19.0812 4052 HDAudBus - ok
13:04:19.0859 4052 [ cb66bf85bf599befd6c6a57c2e20357f ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:04:19.0953 4052 helpsvc - ok
13:04:19.0968 4052 [ b35da85e60c0103f2e4104532da2f12b ] HidServ C:\WINDOWS\System32\hidserv.dll
13:04:20.0062 4052 HidServ - ok
13:04:20.0078 4052 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:04:20.0171 4052 hidusb - ok
13:04:20.0203 4052 [ ed29f14101523a6e0e808107405d452c ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:04:20.0296 4052 hkmsvc - ok
13:04:20.0312 4052 [ b7bc52acc3cd3087b6de15210a2a0c4c ] HPMo2521 C:\WINDOWS\system32\DRIVERS\HPMo2521.sys
13:04:20.0406 4052 HPMo2521 - ok
13:04:20.0406 4052 hpn - ok
13:04:20.0421 4052 [ 5b2888eb6767dd0261cb1f8602d7e780 ] HPub2521 C:\WINDOWS\system32\Drivers\HPub2521.sys
13:04:20.0437 4052 HPub2521 - ok
13:04:20.0468 4052 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:04:20.0515 4052 HTTP - ok
13:04:20.0515 4052 [ 9e4adb854cebcfb81a4b36718feecd16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:04:20.0625 4052 HTTPFilter - ok
13:04:20.0640 4052 i2omgmt - ok
13:04:20.0640 4052 i2omp - ok
13:04:20.0656 4052 [ e283b97cfbeb86c1d86baed5f7846a92 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
13:04:20.0765 4052 i8042prt - ok
13:04:20.0796 4052 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:04:20.0796 4052 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:04:20.0796 4052 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:04:20.0875 4052 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:04:20.0906 4052 idsvc - ok
13:04:20.0937 4052 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:04:21.0031 4052 Imapi - ok
13:04:21.0046 4052 [ d4b413aa210c21e46aedd2ba5b68d38e ] ImapiService C:\WINDOWS\system32\imapi.exe
13:04:21.0156 4052 ImapiService - ok
13:04:21.0171 4052 [ b87fc7c71632240dac8f4d20e9ce8377 ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys
13:04:21.0187 4052 InCDfs ( UnsignedFile.Multi.Generic ) - warning
13:04:21.0187 4052 InCDfs - detected UnsignedFile.Multi.Generic (1)
13:04:21.0187 4052 [ 2e878405128ec98886eb9c2216ac7bd6 ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys
13:04:21.0203 4052 InCDPass ( UnsignedFile.Multi.Generic ) - warning
13:04:21.0203 4052 InCDPass - detected UnsignedFile.Multi.Generic (1)
13:04:21.0203 4052 [ ddf078917a42f105385d7eb6debb3433 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
13:04:21.0203 4052 InCDrec ( UnsignedFile.Multi.Generic ) - warning
13:04:21.0203 4052 InCDrec - detected UnsignedFile.Multi.Generic (1)
13:04:21.0218 4052 [ 7f352360e947ad2cd4ba60de27b1a299 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
13:04:21.0234 4052 incdrm ( UnsignedFile.Multi.Generic ) - warning
13:04:21.0234 4052 incdrm - detected UnsignedFile.Multi.Generic (1)
13:04:21.0281 4052 [ e9372a17c22fc4e5c9fd8798a97775fc ] InCDsrv C:\Programme\Ahead\InCD\InCDsrv.exe
13:04:21.0312 4052 InCDsrv ( UnsignedFile.Multi.Generic ) - warning
13:04:21.0312 4052 InCDsrv - detected UnsignedFile.Multi.Generic (1)
13:04:21.0328 4052 ini910u - ok
13:04:21.0328 4052 IntelIde - ok
13:04:21.0359 4052 [ 4c7d2750158ed6e7ad642d97bffae351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:04:21.0468 4052 intelppm - ok
13:04:21.0484 4052 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:04:21.0578 4052 Ip6Fw - ok
13:04:21.0593 4052 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:04:21.0687 4052 IpFilterDriver - ok
13:04:21.0703 4052 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:04:21.0796 4052 IpInIp - ok
13:04:21.0812 4052 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:04:21.0906 4052 IpNat - ok
13:04:21.0937 4052 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:04:22.0031 4052 IPSec - ok
13:04:22.0062 4052 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:04:22.0125 4052 IRENUM - ok
13:04:22.0140 4052 [ 6dfb88f64135c525433e87648bda30de ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:04:22.0250 4052 isapnp - ok
13:04:22.0328 4052 [ a38441ed570f190cc041a7be49488fa7 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
13:04:22.0343 4052 JavaQuickStarterService - ok
13:04:22.0359 4052 [ c995c0e8b4503fac38793bb0236ad246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
13:04:22.0375 4052 JGOGO - ok
13:04:22.0390 4052 [ dafcafacde7de95e136ff5109422531d ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
13:04:22.0406 4052 JRAID - ok
13:04:22.0421 4052 [ 1704d8c4c8807b889e43c649b478a452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:04:22.0515 4052 Kbdclass - ok
13:04:22.0531 4052 [ b6d6c117d771c98130497265f26d1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:04:22.0625 4052 kbdhid - ok
13:04:22.0656 4052 KiesAllShare - ok
13:04:22.0687 4052 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:04:22.0781 4052 kmixer - ok
13:04:22.0812 4052 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:04:22.0875 4052 KSecDD - ok
13:04:22.0906 4052 [ 2bbdcb79900990f0716dfcb714e72de7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:04:22.0937 4052 lanmanserver - ok
13:04:22.0968 4052 [ 1869b14b06b44b44af70548e1ea3303f ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:04:23.0015 4052 lanmanworkstation - ok
13:04:23.0031 4052 [ 17638894e150efee66d97bce8f037519 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
13:04:23.0046 4052 LBeepKE ( UnsignedFile.Multi.Generic ) - warning
13:04:23.0046 4052 LBeepKE - detected UnsignedFile.Multi.Generic (1)
13:04:23.0062 4052 lbrtfdc - ok
13:04:23.0093 4052 [ eaed22460dad9ccd9c9a58c78e717497 ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
13:04:23.0140 4052 LHidKe - ok
13:04:23.0156 4052 [ 636714b7d43c8d0c80449123fd266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:04:23.0265 4052 LmHosts - ok
13:04:23.0265 4052 [ d1fd76ea56cd653d7b55a0fac96ee416 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:04:23.0281 4052 LMouKE - ok
13:04:23.0328 4052 [ 9ce361764c5dd5fa5506510fe5d2297b ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
13:04:23.0343 4052 LVcKap - ok
13:04:23.0406 4052 [ 1d28b53c50cc57062692862b8e083020 ] LVCOMSer C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
13:04:23.0421 4052 LVCOMSer - ok
13:04:23.0437 4052 [ 94d03b31f36bb362fa5713470fcf1c79 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
13:04:23.0437 4052 LVPr2Mon - ok
13:04:23.0453 4052 [ 5a9679d184a408982d5f0bd79874b44f ] LVPrcSrv C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
13:04:23.0468 4052 LVPrcSrv - ok
13:04:23.0515 4052 [ a198cd8a1c813d9ceba29a29d45fc94c ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:04:23.0546 4052 LVRS - ok
13:04:23.0562 4052 [ a87baa316538e526760353ff52742756 ] LVSrvLauncher C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
13:04:23.0562 4052 LVSrvLauncher - ok
13:04:23.0578 4052 [ 8b79a50360fc31df6b7b979b686b4aa2 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
13:04:23.0593 4052 LVUSBSta - ok
13:04:23.0609 4052 [ b7550a7107281d170ce85524b1488c98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:04:23.0718 4052 Messenger - ok
13:04:23.0906 4052 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:04:24.0015 4052 mnmdd - ok
13:04:24.0046 4052 [ c2f1d365fd96791b037ee504868065d3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:04:24.0140 4052 mnmsrvc - ok
13:04:24.0359 4052 [ 6fb74ebd4ec57a6f1781de3852cc3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:04:24.0468 4052 Modem - ok
13:04:24.0484 4052 [ 1992e0d143b09653ab0f9c5e04b0fd65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:04:24.0593 4052 MODEMCSA - ok
13:04:24.0625 4052 [ b24ce8005deab254c0251e15cb71d802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:04:24.0718 4052 Mouclass - ok
13:04:24.0750 4052 [ 66a6f73c74e1791464160a7065ce711a ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:04:24.0843 4052 mouhid - ok
13:04:24.0859 4052 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:04:24.0953 4052 MountMgr - ok
13:04:25.0000 4052 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:04:25.0015 4052 MozillaMaintenance - ok
13:04:25.0015 4052 mraid35x - ok
13:04:25.0015 4052 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:04:25.0109 4052 MRxDAV - ok
13:04:25.0140 4052 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:04:25.0187 4052 MRxSmb - ok
13:04:25.0218 4052 [ 35a031af38c55f92d28aa03ee9f12cc9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:04:25.0312 4052 MSDTC - ok
13:04:25.0328 4052 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:04:25.0406 4052 Msfs - ok
13:04:25.0421 4052 MSIServer - ok
13:04:25.0421 4052 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:04:25.0531 4052 MSKSSRV - ok
13:04:25.0546 4052 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:04:25.0640 4052 MSPCLOCK - ok
13:04:25.0656 4052 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:04:25.0734 4052 MSPQM - ok
13:04:25.0765 4052 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:04:25.0859 4052 mssmbios - ok
13:04:25.0859 4052 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:04:25.0953 4052 MSTEE - ok
13:04:25.0968 4052 [ d48659bb24c48345d926ecb45c1ebdf5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:04:26.0000 4052 MTsensor - ok
13:04:26.0015 4052 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:04:26.0062 4052 Mup - ok
13:04:26.0062 4052 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:04:26.0156 4052 NABTSFEC - ok
13:04:26.0203 4052 [ 46bb15ae2ac7d025d6d2567b876817bd ] napagent C:\WINDOWS\System32\qagentrt.dll
13:04:26.0296 4052 napagent - ok
13:04:26.0312 4052 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:04:26.0406 4052 NDIS - ok
13:04:26.0421 4052 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:04:26.0515 4052 NdisIP - ok
13:04:26.0531 4052 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:04:26.0562 4052 NdisTapi - ok
13:04:26.0578 4052 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:04:26.0687 4052 Ndisuio - ok
13:04:26.0687 4052 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:04:26.0781 4052 NdisWan - ok
13:04:26.0812 4052 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:04:26.0843 4052 NDProxy - ok
13:04:26.0843 4052 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:04:26.0937 4052 NetBIOS - ok
13:04:26.0968 4052 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:04:27.0062 4052 NetBT - ok
13:04:27.0093 4052 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDE C:\WINDOWS\system32\netdde.exe
13:04:27.0171 4052 NetDDE - ok
13:04:27.0187 4052 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:04:27.0265 4052 NetDDEdsdm - ok
13:04:27.0296 4052 [ afb8261b56cba0d86aeb6df682af9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:04:27.0390 4052 Netlogon - ok
13:04:27.0406 4052 [ e6d88f1f6745bf00b57e7855a2ab696c ] Netman C:\WINDOWS\System32\netman.dll
13:04:27.0500 4052 Netman - ok
13:04:27.0546 4052 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:04:27.0546 4052 NetTcpPortSharing - ok
13:04:27.0578 4052 [ f1b67b6b0751ae0e6e964b02821206a3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:04:27.0593 4052 Nla - ok
13:04:27.0609 4052 [ d21fee8db254ba762656878168ac1db6 ] NPF C:\WINDOWS\system32\drivers\npf.sys
13:04:27.0625 4052 NPF ( UnsignedFile.Multi.Generic ) - warning
13:04:27.0625 4052 NPF - detected UnsignedFile.Multi.Generic (1)
13:04:27.0625 4052 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:04:27.0718 4052 Npfs - ok
13:04:27.0734 4052 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:04:27.0843 4052 Ntfs - ok
13:04:27.0843 4052 [ afb8261b56cba0d86aeb6df682af9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:04:27.0937 4052 NtLmSsp - ok
13:04:27.0968 4052 [ 56af4064996fa5bac9c449b1514b4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:04:28.0062 4052 NtmsSvc - ok
13:04:28.0078 4052 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
13:04:28.0187 4052 Null - ok
13:04:28.0296 4052 [ 5645072033c2e51386e91bc137c0beb5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:04:28.0531 4052 nv - ok
13:04:28.0546 4052 [ 60d62603950220b51df57e461a601659 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:04:28.0562 4052 NVSvc - ok
13:04:28.0593 4052 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:04:28.0687 4052 NwlnkFlt - ok
13:04:28.0687 4052 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:04:28.0765 4052 NwlnkFwd - ok
13:04:28.0828 4052 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
13:04:28.0843 4052 ose - ok
13:04:28.0859 4052 [ f84785660305b9b903fb3bca8ba29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:04:28.0953 4052 Parport - ok
13:04:29.0000 4052 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:04:29.0093 4052 PartMgr - ok
13:04:29.0125 4052 [ c2bf987829099a3eaa2ca6a0a90ecb4f ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:04:29.0203 4052 ParVdm - ok
13:04:29.0218 4052 [ 387e8dedc343aa2d1efbc30580273acd ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:04:29.0312 4052 PCI - ok
13:04:29.0312 4052 PCIDump - ok
13:04:29.0328 4052 [ 59ba86d9a61cbcf4df8e598c331f5b82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:04:29.0421 4052 PCIIde - ok
13:04:29.0437 4052 [ a2a966b77d61847d61a3051df87c8c97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:04:29.0531 4052 Pcmcia - ok
13:04:29.0531 4052 PDCOMP - ok
13:04:29.0531 4052 PDFRAME - ok
13:04:29.0546 4052 PDRELI - ok
13:04:29.0546 4052 PDRFRAME - ok
13:04:29.0562 4052 [ b071495101df7dd946cc6850f0203c8a ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
13:04:29.0578 4052 pepifilter - ok
13:04:29.0578 4052 perc2 - ok
13:04:29.0578 4052 perc2hib - ok
13:04:29.0671 4052 [ 39c3cdf1f845e8cc14331bbd3799c7cb ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
13:04:29.0781 4052 PID_PEPI - ok
13:04:29.0796 4052 [ a3edbe9053889fb24ab22492472b39dc ] PlugPlay C:\WINDOWS\system32\services.exe
13:04:29.0812 4052 PlugPlay - ok
13:04:29.0812 4052 [ afb8261b56cba0d86aeb6df682af9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:04:29.0906 4052 PolicyAgent - ok
13:04:29.0921 4052 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:04:30.0015 4052 PptpMiniport - ok
13:04:30.0031 4052 [ afb8261b56cba0d86aeb6df682af9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:04:30.0125 4052 ProtectedStorage - ok
13:04:30.0125 4052 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:04:30.0218 4052 PSched - ok
13:04:30.0234 4052 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:04:30.0312 4052 Ptilink - ok
13:04:30.0328 4052 ql1080 - ok
13:04:30.0328 4052 Ql10wnt - ok
13:04:30.0328 4052 ql12160 - ok
13:04:30.0343 4052 ql1240 - ok
13:04:30.0343 4052 ql1280 - ok
13:04:30.0359 4052 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:04:30.0468 4052 RasAcd - ok
13:04:30.0500 4052 [ f5ba6caccdb66c8f048e867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:04:30.0578 4052 RasAuto - ok
13:04:30.0609 4052 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:04:30.0703 4052 Rasl2tp - ok
13:04:30.0718 4052 [ f9a7b66ea345726edb5862a46b1eccd5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:04:30.0812 4052 RasMan - ok
13:04:30.0812 4052 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:04:30.0906 4052 RasPppoe - ok
13:04:30.0906 4052 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:04:31.0000 4052 Raspti - ok
13:04:31.0015 4052 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:04:31.0125 4052 Rdbss - ok
13:04:31.0125 4052 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:04:31.0218 4052 RDPCDD - ok
13:04:31.0250 4052 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:04:31.0281 4052 RDPWD - ok
13:04:31.0296 4052 [ 263af18af0f3db99f574c95f284ccec9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:04:31.0390 4052 RDSessMgr - ok
13:04:31.0421 4052 [ ed761d453856f795a7fe056e42c36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:04:31.0515 4052 redbook - ok
13:04:31.0531 4052 [ 0e97ec96d6942ceec2d188cc2eb69a01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:04:31.0640 4052 RemoteAccess - ok
13:04:31.0671 4052 [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
13:04:31.0750 4052 ROOTMODEM - ok
13:04:31.0765 4052 [ 2a02e21867497df20b8fc95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:04:31.0875 4052 RpcLocator - ok
13:04:31.0906 4052 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:04:31.0921 4052 RpcSs - ok
13:04:31.0953 4052 [ a3b23fb3f295694091f51865f98588b2 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:04:31.0953 4052 rspndr ( UnsignedFile.Multi.Generic ) - warning
13:04:31.0953 4052 rspndr - detected UnsignedFile.Multi.Generic (1)
13:04:32.0000 4052 [ 4bdd71b4b521521499dfd14735c4f398 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:04:32.0093 4052 RSVP - ok
13:04:32.0109 4052 [ f58a92e8b9caebe2fa8e73ada7d9bd4c ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:04:32.0125 4052 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
13:04:32.0125 4052 RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
13:04:32.0125 4052 [ afb8261b56cba0d86aeb6df682af9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:04:32.0218 4052 SamSs - ok
13:04:32.0250 4052 [ dcec079fad95d36c8dd5cb6d779dfe32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:04:32.0343 4052 SCardSvr - ok
13:04:32.0375 4052 [ a050194a44d7fa8d7186ed2f4e8367ae ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:04:32.0468 4052 Schedule - ok
13:04:32.0515 4052 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:04:32.0562 4052 Secdrv - ok
13:04:32.0578 4052 [ bee4cfd1d48c23b44cf4b974b0b79b2b ] seclogon C:\WINDOWS\System32\seclogon.dll
13:04:32.0671 4052 seclogon - ok
13:04:32.0703 4052 [ b6a6b409fda9d9ebd3aadb838d3d7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
13:04:32.0718 4052 SenFiltService - ok
13:04:32.0750 4052 [ 2aac9b6ed9eddffb721d6452e34d67e3 ] SENS C:\WINDOWS\system32\sens.dll
13:04:32.0843 4052 SENS - ok
13:04:32.0859 4052 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:04:32.0968 4052 serenum - ok
13:04:32.0968 4052 [ cf24eb4f0412c82bcd1f4f35a025e31d ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:04:33.0062 4052 Serial - ok
13:04:33.0125 4052 [ 3ec8de67b1c78c31e54c0f030e6bd7d5 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
13:04:33.0156 4052 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:04:33.0156 4052 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
13:04:33.0171 4052 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:04:33.0265 4052 Sfloppy - ok
13:04:33.0281 4052 [ 2db7d303c36ddd055215052f118e8e75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:04:33.0296 4052 ShellHWDetection - ok
13:04:33.0296 4052 Simbad - ok
13:04:33.0328 4052 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:04:33.0421 4052 SLIP - ok
13:04:33.0421 4052 Sparrow - ok
13:04:33.0437 4052 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:04:33.0531 4052 splitter - ok
13:04:33.0562 4052 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:04:33.0593 4052 Spooler - ok
13:04:33.0593 4052 sptd - ok
13:04:33.0625 4052 [ 50fa898f8c032796d3b1b9951bb5a90f ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:04:33.0671 4052 sr - ok
13:04:33.0687 4052 [ fe77a85495065f3ad59c5c65b6c54182 ] srservice C:\WINDOWS\system32\srsvc.dll
13:04:33.0734 4052 srservice - ok
13:04:33.0765 4052 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:04:33.0796 4052 Srv - ok
13:04:33.0828 4052 [ b2063ce662af3ab20045121a5b716df6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
13:04:34.0015 4052 sscebus - ok
13:04:34.0046 4052 [ 66799dc0afe3dcaf8368cae17394a762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
13:04:34.0062 4052 sscemdfl - ok
13:04:34.0078 4052 [ cbf03ffc08f8db547bab2f79aa663d16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
13:04:34.0093 4052 sscemdm - ok
13:04:34.0125 4052 [ 60cd4ad33aa52e58faac3abad18cf8ef ] ssceserd C:\WINDOWS\system32\DRIVERS\ssceserd.sys
13:04:34.0125 4052 ssceserd - ok
13:04:34.0156 4052 [ 4df5b05dfaec29e13e1ed6f6ee12c500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:04:34.0203 4052 SSDPSRV - ok
13:04:34.0250 4052 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:04:34.0265 4052 ssmdrv - ok
13:04:34.0296 4052 [ a96126953bb5cbf83c5a8cd101a4ec23 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
13:04:34.0312 4052 ssudmdm - ok
13:04:34.0359 4052 [ bc2c5985611c5356b24aeb370953ded9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:04:34.0453 4052 stisvc - ok
13:04:34.0468 4052 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:04:34.0562 4052 streamip - ok
13:04:34.0578 4052 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:04:34.0687 4052 swenum - ok
13:04:34.0703 4052 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:04:34.0796 4052 swmidi - ok
13:04:34.0796 4052 SwPrv - ok
13:04:34.0812 4052 symc810 - ok
13:04:34.0812 4052 symc8xx - ok
13:04:34.0812 4052 sym_hi - ok
13:04:34.0828 4052 sym_u3 - ok
13:04:34.0828 4052 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:04:34.0921 4052 sysaudio - ok
13:04:34.0953 4052 [ 2903fffa2523926d6219428040dce6b9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:04:35.0046 4052 SysmonLog - ok
13:04:35.0078 4052 [ 05903cac4b98908d55ea5774775b382e ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:04:35.0171 4052 TapiSrv - ok
13:04:35.0187 4052 [ 175418424b0973ae9004257ebc60431c ] TBPanel C:\WINDOWS\system32\drivers\TBPanel.sys
13:04:35.0187 4052 TBPanel ( UnsignedFile.Multi.Generic ) - warning
13:04:35.0187 4052 TBPanel - detected UnsignedFile.Multi.Generic (1)
13:04:35.0234 4052 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:04:35.0250 4052 Tcpip - ok
13:04:35.0281 4052 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:04:35.0375 4052 TDPIPE - ok
13:04:35.0390 4052 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:04:35.0484 4052 TDTCP - ok
13:04:35.0500 4052 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:04:35.0593 4052 TermDD - ok
13:04:35.0625 4052 [ b7de02c863d8f5a005a7bf375375a6a4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:04:35.0718 4052 TermService - ok
13:04:35.0734 4052 [ 2db7d303c36ddd055215052f118e8e75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:04:35.0750 4052 Themes - ok
13:04:35.0781 4052 [ efef22b9577e5051057fde1ae381b50c ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
13:04:35.0796 4052 TomTomHOMEService - ok
13:04:35.0796 4052 TosIde - ok
13:04:35.0812 4052 [ 626504572b175867f30f3215c04b3e2f ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:04:35.0906 4052 TrkWks - ok
13:04:35.0921 4052 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:04:36.0015 4052 Udfs - ok
13:04:36.0015 4052 ultra - ok
13:04:36.0046 4052 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:04:36.0140 4052 Update - ok
13:04:36.0171 4052 [ 1dfd8975d8c89214b98d9387c1125b49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:04:36.0218 4052 upnphost - ok
13:04:36.0234 4052 [ 9b11e6118958e63e1fef129466e2bda7 ] UPS C:\WINDOWS\System32\ups.exe
13:04:36.0328 4052 UPS - ok
13:04:36.0343 4052 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:04:36.0437 4052 usbaudio - ok
13:04:36.0468 4052 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:04:36.0578 4052 usbccgp - ok
13:04:36.0593 4052 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:04:36.0671 4052 usbehci - ok
13:04:36.0687 4052 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:04:36.0781 4052 usbhub - ok
13:04:36.0796 4052 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:04:36.0906 4052 usbprint - ok
13:04:36.0921 4052 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:04:37.0015 4052 usbscan - ok
13:04:37.0031 4052 [ 49106ee29074e6a3d3ac9e24c6d791d8 ] usbsermptxp C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
13:04:37.0109 4052 usbsermptxp - ok
13:04:37.0140 4052 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:04:37.0234 4052 usbstor - ok
13:04:37.0250 4052 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:04:37.0343 4052 usbuhci - ok
13:04:37.0343 4052 VClone - ok
13:04:37.0359 4052 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:04:37.0453 4052 VgaSave - ok
13:04:37.0453 4052 ViaIde - ok
13:04:37.0453 4052 [ a5a712f4e880874a477af790b5186e1d ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:04:37.0562 4052 VolSnap - ok
13:04:37.0578 4052 [ 68f106273be29e7b7ef8266977268e78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:04:37.0640 4052 VSS - ok
13:04:37.0656 4052 [ 7b353059e665f8b7ad2bbeaef597cf45 ] W32Time C:\WINDOWS\system32\w32time.dll
13:04:37.0765 4052 W32Time - ok
13:04:37.0796 4052 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:04:37.0890 4052 Wanarp - ok
13:04:37.0921 4052 [ d918617b46457b9ac28027722e30f647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:04:37.0953 4052 Wdf01000 - ok
13:04:37.0953 4052 WDICA - ok
13:04:37.0968 4052 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:04:38.0062 4052 wdmaud - ok
13:04:38.0078 4052 [ 81727c9873e3905a2ffc1ebd07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:04:38.0171 4052 WebClient - ok
13:04:38.0218 4052 [ 6f3f3973d97714cc5f906a19fe883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:04:38.0312 4052 winmgmt - ok
13:04:38.0359 4052 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:04:38.0421 4052 WmdmPmSN - ok
13:04:38.0453 4052 [ 93908111ba57a6e60ec2fa2de202105c ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:04:38.0546 4052 WmiApSrv - ok
13:04:38.0625 4052 [ bf05650bb7df5e9ebdd25974e22403bb ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
13:04:38.0687 4052 WMPNetworkSvc - ok
13:04:38.0703 4052 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:04:38.0718 4052 WpdUsb - ok
13:04:38.0750 4052 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:04:38.0843 4052 WS2IFSL - ok
13:04:38.0859 4052 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:04:38.0953 4052 WSTCODEC - ok
13:04:38.0984 4052 [ 7b4fe05202aa6bf9f4dfd0e6a0d8a085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:04:39.0093 4052 wuauserv - ok
13:04:39.0109 4052 [ 50eb9e21963b4f06fd010d007d54351b ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:04:39.0156 4052 WudfPf - ok
13:04:39.0171 4052 [ 6e209664bdea8a15b5e8e480d6c607c2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:04:39.0171 4052 WudfRd - ok
13:04:39.0203 4052 [ ae93084d2d236887ba56467ae42b4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:04:39.0218 4052 WudfSvc - ok
13:04:39.0250 4052 [ c4f109c005f6725162d2d12ca751e4a7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:04:39.0343 4052 WZCSVC - ok
13:04:39.0359 4052 [ 0ada34871a2e1cd2caafed1237a47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:04:39.0453 4052 xmlprov - ok
13:04:39.0468 4052 ================ Scan global ===============================
13:04:39.0484 4052 (2c60091ca5f67c3032eab3b30390c27f) C:\WINDOWS\system32\basesrv.dll
13:04:39.0531 4052 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
13:04:39.0562 4052 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
13:04:39.0562 4052 (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:04:39.0578 4052 [Global] - ok
13:04:39.0578 4052 ================ Scan MBR ==================================
13:04:39.0593 4052 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:04:39.0781 4052 \Device\Harddisk0\DR0 - ok
13:04:39.0781 4052 ================ Scan VBR ==================================
13:04:39.0781 4052 Boot (0x1200) (64e4ec456aafc79c09626f9b6c29719f) \Device\Harddisk0\DR0\Partition1
13:04:39.0781 4052 \Device\Harddisk0\DR0\Partition1 - ok
13:04:39.0796 4052 Boot (0x1200) (7ac519535c8edfd7116ab5d051db4e55) \Device\Harddisk0\DR0\Partition2
13:04:39.0796 4052 \Device\Harddisk0\DR0\Partition2 - ok
13:04:39.0796 4052 ============================================================
13:04:39.0796 4052 Scan finished
13:04:39.0796 4052 ============================================================
13:04:39.0921 2152 Detected object count: 17
13:04:39.0921 2152 Actual detected object count: 17
13:05:03.0281 2152 accsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0281 2152 accsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0281 2152 ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0281 2152 ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0281 2152 Cardex ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0281 2152 Cardex ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0281 2152 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0281 2152 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0281 2152 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0281 2152 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 InCDsrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 InCDsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 LBeepKE ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 LBeepKE ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 NPF ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0296 2152 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0296 2152 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0312 2152 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0312 2152 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:03.0312 2152 TBPanel ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:03.0312 2152 TBPanel ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.08.2012, 13:40
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 18:56
| #24 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Mh, während des vorganges, kam ein fenster in dem stand, dass ich keine Wiederherstellungskonsole installiert habe! er wollte sie dann selber installieren! dann kam aber wieder die fehlermeldung, dass dies nicht funktioniert hat. ich habe alles mit OK bestätigt, er hat dann weiter gemacht. aber am ende kam keine combofix.txt. auch im arbeitsplatz/C: finde ich nichts dazu...... |
|
17.08.2012, 19:19
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2012, 20:03
| #26 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 das herunterladen der Wiederherstellungskonsole ist schon wieder fehlgeschlagen....... ich dreh hier noch durch.... was sind das denn für menschen die so einen mist verbreiten?!? mann,mann,mann... an der stelle mal vielen lieben dank für deine hilfe!!!!! und nun...? edit: Meine Windows Firewall ist deaktiviert und lässt sich nicht mehr aktivieren..... hat das damit was zu tun??? mh, also ich blick da nicht ganz durch. die combofix.exe finde ich irgentwie gar nicht. ich hab nur den combofix installer, dann auf dem laufwerk c: eine datei mit dem Arbeitsplatz symbol (wenn ich dort drauf klicke, dann komme ich auf arbeitsplatz) und im ordner "prefetch" eine datei namens Combofix.exe-26A7C934. mehr ordner zu combofix finde ich gar nicht. bin ich einfach nur zu blöde oder läuft da was schief???? ach mensch, sorry! ich bin einfach nur zu blöde! die "combofix Installer" ist wohl die combofix.exe. Steht jedenfalls bei eigenschaften... macht mich alles etwas nervös hier.... machen wir weiter bei der Wiederherstellungskonsole..... Geändert von funny83 (17.08.2012 um 20:40 Uhr) |
|
18.08.2012, 11:39
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Warum das mit der WHK nicht klappt ist mittlerweile bekannt....M$ hat die dazu benötigte Datei von ihrem Server genommen  Wenn du eine ganz normale Windows-XP-CD hast können wir die per Hand installieren, ansonsten müssen wir ohne WHK weitermachen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2012, 15:06
| #28 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Meine ordnung nun wieder... nach langem suchen hab ich die cd nun endlich gefunden!! hast du eine anleitung für mich, wie ich eine WHK installieren kann mit der CD??? |
|
19.08.2012, 17:41
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Das hättest du auch selbst mit Google gefunden => Installieren und Verwenden der Wiederherstellungskonsole in Windows XP
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2012, 21:46
| #30 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2 so, wollte die WHK von der CD installieren! ich hab aber SP3 und die CD ist noch SP2. der zeigt mir eine fehlermeldung an. beim starten des rechners muss ich zwischen windows xp home edition oder der WHK wählen. wenn ich letzteres wähle, dann kommt die fehlermeldung, dass die WHK nicht vollständig ist. ComboFix findet auch keine WHK... wollte dann einen Installationsordner anlegen wie bei Microsoft auch beschrieben, aber das funktioniert auch nicht.... ich weiß keinen rat mehr! ich glaube wir müssen ohne WHK weitermachen.... Geändert von funny83 (19.08.2012 um 22:10 Uhr) |
|
| Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
| abend, ahnung, avira, compu, computer, computern, gefunde, gestern, große, langsam, malewarebytes, melde, meldet, minute, minuten, minutentakt, neu, system, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, tr/atraps.gen2, tr/atraps.gen2!, troja, unwissend, virus, virus gefunden, ziemlich |
Linear-Darstellung
