| |
| |||||||
Log-Analyse und Auswertung: Nach löschen von Live Security Platinum System sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.08.2012, 11:09
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Nach löschen von Live Security Platinum System sauber? Dein kompletter Name? Bitte nur Familiennamen unkenntlich machen, bei Vornamen allein muss man das nun wirklich nicht!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.08.2012, 11:30
| #17 |
 | Nach löschen von Live Security Platinum System sauber? Sorry!
__________________Hier das Log ohne edit: Code:
ATTFilter OTL logfile created on: 31.08.2012 09:43:50 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dokumente und Einstellungen\uli\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,42 Mb Total Physical Memory | 596,62 Mb Available Physical Memory | 58,35% Memory free
2,40 Gb Paging File | 2,00 Gb Available in Paging File | 83,12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 47,28 Gb Total Space | 23,63 Gb Free Space | 49,99% Space Free | Partition Type: NTFS
Drive D: | 34,15 Gb Total Space | 30,77 Gb Free Space | 90,09% Space Free | Partition Type: NTFS
Drive E: | 11,69 Gb Total Space | 4,47 Gb Free Space | 38,22% Space Free | Partition Type: FAT32
Computer Name: *** | User Name: uli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.30 14:39:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\uli\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.08.08 09:29:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 11:45:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 11:45:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 11:45:12 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.19 12:54:18 | 005,333,504 | R--- | M] (Linksys) -- C:\Programme\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2005.09.11 16:33:12 | 000,014,336 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe
PRC - [2005.09.11 16:33:10 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2005.09.02 15:14:52 | 000,081,920 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
PRC - [2005.08.17 10:05:20 | 000,061,440 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2005.07.04 16:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Programme\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2005.03.16 13:52:02 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2005.01.05 16:54:26 | 001,118,208 | ---- | M] (AuthenTec, Inc.) -- C:\Programme\Fingerprint Sensor\ATSwpNav.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.08 11:45:13 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2005.09.12 09:43:38 | 002,253,216 | R--- | M] () -- C:\Programme\Softex\OmniPass\sftxtgp.dll
MOD - [2005.09.11 16:39:48 | 000,025,024 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2005.09.11 16:39:10 | 000,049,152 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPGina.dll
MOD - [2005.09.11 16:33:12 | 000,014,336 | ---- | M] () -- C:\Programme\Softex\OmniPass\OPXPApp.exe
MOD - [2005.09.11 16:30:56 | 000,110,592 | ---- | M] () -- C:\Programme\Softex\OmniPass\ginastub.dll
MOD - [2005.09.11 16:30:38 | 000,303,104 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2005.09.11 16:30:20 | 000,876,544 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2005.09.11 16:30:08 | 000,012,288 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2005.09.11 16:30:06 | 000,360,448 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2005.09.11 16:29:50 | 000,009,216 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2005.09.02 15:14:52 | 000,081,920 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
MOD - [2005.09.02 02:25:26 | 000,045,056 | R--- | M] () -- C:\Programme\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\Security.dll
MOD - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
MOD - [2002.04.24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\GEMWEP.DLL
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Programme\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe -- (WUSB54GCSVC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.29 13:36:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 11:45:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 11:45:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2005.09.15 17:02:40 | 000,114,784 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2005.09.15 17:02:38 | 000,258,146 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2005.09.15 17:02:16 | 001,081,344 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.09.11 16:33:10 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2003.03.09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\M9205.sys -- (ULiM9205)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\M9207BDA.sys -- (M9207)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.08 11:45:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 11:45:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.11 14:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.06.25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117obex.sys -- (s117obex)
DRV - [2007.06.25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007.06.25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt)
DRV - [2007.06.25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117unic.sys -- (s117unic)
DRV - [2007.06.25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117nd5.sys -- (s117nd5)
DRV - [2007.06.25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007.06.25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus)
DRV - [2006.01.12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005.09.11 16:23:38 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005.09.06 15:37:04 | 000,401,408 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.09.06 15:35:06 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.09.06 15:34:58 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.09.06 15:33:46 | 001,342,138 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.09.06 15:31:20 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.09.06 15:31:06 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005.09.06 15:30:22 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.09.06 15:28:06 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.08.30 22:42:36 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.08.18 15:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005.06.08 03:35:08 | 000,799,744 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.05.19 16:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005.05.13 18:39:24 | 001,094,881 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.03.04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005.02.01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.07.13 13:00:26 | 000,067,968 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2003.09.25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google/
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-2964789255-3232969532-4144632550-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.29 13:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.19 18:20:39 | 000,000,000 | ---D | M]
[2010.10.13 12:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Mozilla\Extensions
[2012.08.30 15:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Mozilla\Firefox\Profiles\5ib9d8xi.default\extensions
[2012.08.30 15:13:22 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Mozilla\Firefox\Profiles\5ib9d8xi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.10.27 16:08:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Mozilla\Firefox\Profiles\5ib9d8xi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.19 18:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.19 18:20:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.20 10:16:04 | 000,061,403 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ULI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\5IB9D8XI.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.07.19 18:20:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.08.29 13:36:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.30 09:56:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 13:36:18 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.30 09:56:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 09:56:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 09:56:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 09:56:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.08.29 13:33:36 | 000,444,268 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15258 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Programme\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1007..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google-Suche - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\uli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Im Cache gespeicherte Seite - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verweisseiten - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343739718250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Programme\Softex\OmniPass\opxpgina.dll) - C:\Programme\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 () - hxxp://i.ebayimg.com/00/$%28KGrHqZ,%21l4E2EEKctCHBNoubLqq,Q%7E%7E_12.JPG
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.12 16:42:29 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e7c0b78-2a44-11da-901b-00038a000015}\Shell\AutoRun\command - "" = appsetup.exe
O33 - MountPoints2\{71ed4c93-1fad-11da-870b-00038a000015}\Shell\AutoRun\command - "" = appsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "x10nets"
MsConfig - Services: "RichVideo"
MsConfig - Services: "CyberLink Media Library Service"
MsConfig - Services: "CLSched"
MsConfig - Services: "CLCapSvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 1000 series.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe - (Hewlett-Packard)
MsConfig - StartUpReg: 6F638BFE0001730A0043AE847B07D329 - hkey= - key= - File not found
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AntivirusRegistration - hkey= - key= - File not found
MsConfig - StartUpReg: AOLDialer - hkey= - key= - File not found
MsConfig - StartUpReg: AOLMIcon - hkey= - key= - File not found
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: AzMixerSel - hkey= - key= - C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: High Definition Audio Property Page Shortcut - hkey= - key= - File not found
MsConfig - StartUpReg: InstantOn - hkey= - key= - C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: OmniPass - hkey= - key= - C:\Programme\Softex\OmniPass\scureapp.exe ()
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.08.30 18:19:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\uli\Recent
[2012.08.20 14:29:03 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.08.02 18:19:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.08.02 18:19:46 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.31 09:45:21 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 09:42:11 | 000,006,100 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\wklnhst.dat
[2012.08.31 09:19:36 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.31 09:18:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.30 14:39:33 | 000,000,924 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit OTL(1).lnk
[2012.08.29 13:33:36 | 000,444,268 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.08.27 18:31:34 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.08.27 18:28:25 | 000,444,142 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120829-133336.backup
[2012.08.27 18:14:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.21 15:03:23 | 000,000,946 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit adwcleaner.lnk
[2012.08.21 10:01:40 | 000,163,356 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\Kinder können ehrlich sein.pdf
[2012.08.20 17:49:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.20 14:22:44 | 000,001,006 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit esetsmartinstaller_enu.lnk
[2012.08.20 10:29:41 | 000,444,142 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120827-182825.backup
[2012.08.20 10:04:55 | 000,001,102 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Eigene Dateien\cc_20120820_100452.reg
[2012.08.09 09:58:00 | 000,444,098 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120820-102941.backup
[2012.08.02 18:23:37 | 000,000,636 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\M-bam.zip
[2012.08.02 18:23:28 | 000,000,858 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\Gmer.zip
[2012.08.02 18:23:09 | 000,006,529 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\otl extra.zip
[2012.08.02 18:19:07 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit 7z920.lnk
[2012.08.02 09:42:16 | 000,443,918 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120809-095800.backup
[2012.08.02 09:36:04 | 000,000,669 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit Rezepte.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.30 14:39:33 | 000,000,924 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit OTL(1).lnk
[2012.08.21 15:03:23 | 000,000,946 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit adwcleaner.lnk
[2012.08.21 10:01:40 | 000,163,356 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\Kinder können ehrlich sein.pdf
[2012.08.20 14:22:44 | 000,001,006 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit esetsmartinstaller_enu.lnk
[2012.08.20 10:04:53 | 000,001,102 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Eigene Dateien\cc_20120820_100452.reg
[2012.08.02 18:23:37 | 000,000,636 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\M-bam.zip
[2012.08.02 18:23:28 | 000,000,858 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\Gmer.zip
[2012.08.02 18:23:09 | 000,006,529 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\otl extra.zip
[2012.08.02 18:19:07 | 000,000,917 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit 7z920.lnk
[2012.08.02 09:36:04 | 000,000,669 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Desktop\Verknüpfung mit Rezepte.lnk
[2012.07.31 15:42:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\defogger_reenable
[2012.05.10 15:22:23 | 000,000,961 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2012.05.07 18:21:25 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2012.02.17 17:42:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.23 12:41:00 | 000,000,118 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\default.pls
[2011.10.08 10:06:42 | 000,011,426 | -H-- | C] () -- C:\WINDOWS\hpothb07.dat
[2011.10.08 10:05:59 | 000,000,253 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\hpothb07.tif
[2011.10.08 10:05:59 | 000,000,169 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\hpothb07.dat
[2011.10.08 10:05:27 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\uli\hpothb07.tif
[2011.10.08 10:05:27 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\uli\hpothb07.dat
[2010.12.25 09:28:14 | 000,019,554 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010.12.25 09:28:14 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010.12.24 17:33:25 | 000,019,554 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010.12.24 17:33:25 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010.10.13 12:35:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010.10.13 12:00:34 | 000,006,100 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\wklnhst.dat
[2010.10.13 12:00:30 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.13 12:00:30 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== LOP Check ==========
[2012.07.19 18:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6F638BFE0001730A0043AE847B07D329
[2005.09.12 16:36:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications
[2005.09.12 16:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2005.09.07 13:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings
[2005.09.07 13:16:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2012.02.21 17:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\DVDVideoSoft
[2012.02.21 17:41:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.15 09:37:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1293262233.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.01.04 14:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Adobe
[2010.10.20 11:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\AdobeUM
[2011.12.23 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Ahead
[2010.10.13 12:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\AOL
[2005.09.11 06:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\ATI
[2011.10.13 17:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Avira
[2005.09.20 16:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\CyberLink
[2012.02.21 17:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\DVDVideoSoft
[2012.02.21 17:41:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.01.24 17:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Google
[2010.10.26 11:35:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Help
[2010.12.25 09:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Hewlett-Packard
[2005.08.18 19:28:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Identities
[2012.05.10 15:22:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\InstallShield
[2005.09.07 17:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Macromedia
[2010.10.14 10:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Malwarebytes
[2012.05.07 16:19:57 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Microsoft
[2010.10.13 12:27:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Mozilla
[2005.09.07 18:13:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Real
[2011.04.05 10:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Skype
[2011.12.13 18:06:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Sun
[2011.06.11 12:43:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\U3
[2005.09.07 15:58:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\You've Got Pictures Screensaver
< %APPDATA%\*.exe /s >
[2005.09.08 06:38:21 | 000,016,158 | R--- | M] () -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\Microsoft\Installer\{2A4AF2C5-1920-4287-9950-A7BE42F5C0BA}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\uli\Anwendungsdaten\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.10.13 13:41:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010.10.13 13:41:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.10.13 13:41:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010.10.13 13:41:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2005.08.18 21:20:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.08.18 21:20:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.08.18 21:20:00 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
|
|
31.08.2012, 13:38
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach löschen von Live Security Platinum System sauber? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2964789255-3232969532-4144632550-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.12 16:42:29 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e7c0b78-2a44-11da-901b-00038a000015}\Shell\AutoRun\command - "" = appsetup.exe
O33 - MountPoints2\{71ed4c93-1fad-11da-870b-00038a000015}\Shell\AutoRun\command - "" = appsetup.exe
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6F638BFE0001730A0043AE847B07D329
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
01.09.2012, 08:36
| #19 |
| | Nach löschen von Live Security Platinum System sauber? Hier das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2964789255-3232969532-4144632550-1006\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2964789255-3232969532-4144632550-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2964789255-3232969532-4144632550-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e7c0b78-2a44-11da-901b-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e7c0b78-2a44-11da-901b-00038a000015}\ not found.
File appsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ed4c93-1fad-11da-870b-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71ed4c93-1fad-11da-870b-00038a000015}\ not found.
File appsetup.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6F638BFE0001730A0043AE847B07D329 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Besitzer
User: corinna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 358802 bytes
->Flash cache emptied: 348 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 278662 bytes
->Flash cache emptied: 348 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: uli
->Temp folder emptied: 16787936 bytes
->Temporary Internet Files folder emptied: 669383 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 61568315 bytes
->Flash cache emptied: 678 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3614087 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10548 bytes
RecycleBin emptied: 599452 bytes
Total Files Cleaned = 80,00 mb
[EMPTYFLASH]
User: All Users
User: Besitzer
User: corinna
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: uli
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.59.1 log created on 09012012_094339
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
01.09.2012, 12:05
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach löschen von Live Security Platinum System sauber? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2012, 13:46
| #21 |
| | Nach löschen von Live Security Platinum System sauber? Das Log Code:
ATTFilter 14:17:13.0921 2060 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:17:14.0140 2060 ============================================================
14:17:14.0140 2060 Current date / time: 2012/09/01 14:17:14.0140
14:17:14.0140 2060 SystemInfo:
14:17:14.0140 2060
14:17:14.0140 2060 OS Version: 5.1.2600 ServicePack: 3.0
14:17:14.0140 2060 Product type: Workstation
14:17:14.0140 2060 ComputerName: BIGULI
14:17:14.0140 2060 UserName: uli
14:17:14.0140 2060 Windows directory: C:\WINDOWS
14:17:14.0140 2060 System windows directory: C:\WINDOWS
14:17:14.0140 2060 Processor architecture: Intel x86
14:17:14.0140 2060 Number of processors: 1
14:17:14.0140 2060 Page size: 0x1000
14:17:14.0140 2060 Boot type: Normal boot
14:17:14.0140 2060 ============================================================
14:17:15.0812 2060 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:17:15.0843 2060 ============================================================
14:17:15.0843 2060 \Device\Harddisk0\DR0:
14:17:15.0843 2060 MBR partitions:
14:17:15.0843 2060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5E8F4DD
14:17:15.0859 2060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5E8F55B, BlocksNum 0x444CCAB
14:17:15.0890 2060 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0xA2DC245, BlocksNum 0x1768FB9
14:17:15.0890 2060 ============================================================
14:17:15.0921 2060 C: <-> \Device\Harddisk0\DR0\Partition1
14:17:15.0984 2060 D: <-> \Device\Harddisk0\DR0\Partition2
14:17:16.0000 2060 E: <-> \Device\Harddisk0\DR0\Partition3
14:17:16.0000 2060 ============================================================
14:17:16.0000 2060 Initialize success
14:17:16.0000 2060 ============================================================
14:20:44.0140 2960 ============================================================
14:20:44.0140 2960 Scan started
14:20:44.0140 2960 Mode: Manual; SigCheck; TDLFS;
14:20:44.0140 2960 ============================================================
14:20:44.0781 2960 ================ Scan services =============================
14:20:45.0031 2960 [ 53C2589BD342534A50E869F20C6AC2B9 ] 3xHybrid C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
14:20:45.0984 2960 3xHybrid - ok
14:20:46.0000 2960 Abiosdsk - ok
14:20:46.0015 2960 abp480n5 - ok
14:20:46.0078 2960 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:20:47.0140 2960 ACPI - ok
14:20:47.0187 2960 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:20:47.0359 2960 ACPIEC - ok
14:20:47.0359 2960 adpu160m - ok
14:20:47.0390 2960 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:20:47.0531 2960 aec - ok
14:20:47.0578 2960 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:20:47.0593 2960 AegisP ( UnsignedFile.Multi.Generic ) - warning
14:20:47.0593 2960 AegisP - detected UnsignedFile.Multi.Generic (1)
14:20:47.0640 2960 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:20:47.0671 2960 AFD - ok
14:20:47.0765 2960 [ BA1EF9282AB269A984A150D6EBCE2E4D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:20:47.0890 2960 AgereSoftModem - ok
14:20:47.0906 2960 Aha154x - ok
14:20:47.0906 2960 aic78u2 - ok
14:20:47.0921 2960 aic78xx - ok
14:20:47.0953 2960 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:20:48.0078 2960 Alerter - ok
14:20:48.0093 2960 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
14:20:48.0265 2960 ALG - ok
14:20:48.0265 2960 AliIde - ok
14:20:48.0281 2960 amsint - ok
14:20:48.0390 2960 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
14:20:48.0453 2960 AntiVirSchedulerService - ok
14:20:48.0484 2960 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
14:20:48.0500 2960 AntiVirService - ok
14:20:48.0515 2960 AppMgmt - ok
14:20:48.0562 2960 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:20:48.0687 2960 Arp1394 - ok
14:20:48.0687 2960 asc - ok
14:20:48.0703 2960 asc3350p - ok
14:20:48.0718 2960 asc3550 - ok
14:20:48.0843 2960 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:20:48.0875 2960 aspnet_state - ok
14:20:48.0906 2960 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:20:49.0093 2960 AsyncMac - ok
14:20:49.0125 2960 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:20:49.0296 2960 atapi - ok
14:20:49.0312 2960 Atdisk - ok
14:20:49.0390 2960 [ 60D2D92BD2390C50BCE4106113F8B83B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:20:49.0437 2960 Ati HotKey Poller - ok
14:20:49.0515 2960 [ 1BC00580219007683339B3A78B8F2232 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:20:49.0640 2960 ati2mtag - ok
14:20:49.0656 2960 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:20:49.0796 2960 Atmarpc - ok
14:20:49.0828 2960 [ D19C1309C83123647B233A71E8A05683 ] ATSWPDRV C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
14:20:49.0906 2960 ATSWPDRV - ok
14:20:49.0968 2960 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:20:50.0140 2960 AudioSrv - ok
14:20:50.0171 2960 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:20:50.0343 2960 audstub - ok
14:20:50.0390 2960 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:20:50.0421 2960 avgntflt - ok
14:20:50.0453 2960 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:20:50.0484 2960 avipbb - ok
14:20:50.0500 2960 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:20:50.0531 2960 avkmgr - ok
14:20:50.0578 2960 [ 438179ABE9B7A922A21B8D6369FF52FF ] BCM42RLY C:\WINDOWS\System32\BCM42RLY.SYS
14:20:50.0609 2960 BCM42RLY ( UnsignedFile.Multi.Generic ) - warning
14:20:50.0609 2960 BCM42RLY - detected UnsignedFile.Multi.Generic (1)
14:20:50.0656 2960 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:20:50.0828 2960 Beep - ok
14:20:50.0906 2960 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
14:20:51.0093 2960 BITS - ok
14:20:51.0140 2960 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
14:20:51.0218 2960 Browser - ok
14:20:51.0281 2960 [ 436D5A1321921CA284A163D51B9197D2 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
14:20:51.0328 2960 btaudio ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0328 2960 btaudio - detected UnsignedFile.Multi.Generic (1)
14:20:51.0359 2960 [ D7493926236FADB5FC597EE74EE54F27 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
14:20:51.0390 2960 BTDriver ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0390 2960 BTDriver - detected UnsignedFile.Multi.Generic (1)
14:20:51.0468 2960 [ F1829392F47E0B766F062AE2D1490B0E ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:20:51.0593 2960 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0593 2960 BTKRNL - detected UnsignedFile.Multi.Generic (1)
14:20:51.0640 2960 [ BFE983A7DF25C416E5E543816F454DFA ] BTSERIAL C:\WINDOWS\system32\drivers\btserial.sys
14:20:51.0656 2960 BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0656 2960 BTSERIAL - detected UnsignedFile.Multi.Generic (1)
14:20:51.0687 2960 [ EEF1823CF73302F8C116512D6299351C ] BTSLBCSP C:\WINDOWS\system32\drivers\btslbcsp.sys
14:20:51.0718 2960 BTSLBCSP ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0718 2960 BTSLBCSP - detected UnsignedFile.Multi.Generic (1)
14:20:51.0812 2960 [ 649FEB4AF4741AE14663003F6704C77B ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:20:51.0828 2960 btwdins ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0828 2960 btwdins - detected UnsignedFile.Multi.Generic (1)
14:20:51.0843 2960 [ BCE013487A9BE62351000EF37CC22949 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:20:51.0875 2960 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0875 2960 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
14:20:51.0921 2960 [ A0275336156D0BD1EB6913CA7DEAB2AF ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
14:20:51.0937 2960 btwmodem ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0937 2960 btwmodem - detected UnsignedFile.Multi.Generic (1)
14:20:51.0953 2960 [ 2241C5BF7BFDB8A501274F6837C6B10A ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
14:20:51.0968 2960 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:20:51.0968 2960 BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:20:52.0015 2960 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:20:52.0234 2960 cbidf2k - ok
14:20:52.0281 2960 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:20:52.0406 2960 CCDECODE - ok
14:20:52.0406 2960 cd20xrnt - ok
14:20:52.0453 2960 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:20:52.0578 2960 Cdaudio - ok
14:20:52.0609 2960 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:20:52.0734 2960 Cdfs - ok
14:20:52.0765 2960 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:20:52.0890 2960 Cdrom - ok
14:20:52.0890 2960 Changer - ok
14:20:52.0937 2960 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:20:53.0062 2960 CiSvc - ok
14:20:53.0203 2960 [ 1A81AC19E3597ABB678F404DAEDF6D14 ] CLCapSvc C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
14:20:53.0218 2960 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
14:20:53.0218 2960 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
14:20:53.0234 2960 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:20:53.0343 2960 ClipSrv - ok
14:20:53.0390 2960 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:20:53.0421 2960 clr_optimization_v2.0.50727_32 - ok
14:20:53.0468 2960 [ 3A301048A8D6C4D39A9A34C83465EF26 ] CLSched C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
14:20:53.0500 2960 CLSched ( UnsignedFile.Multi.Generic ) - warning
14:20:53.0500 2960 CLSched - detected UnsignedFile.Multi.Generic (1)
14:20:53.0515 2960 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:20:53.0640 2960 CmBatt - ok
14:20:53.0656 2960 CmdIde - ok
14:20:53.0656 2960 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:20:53.0843 2960 Compbatt - ok
14:20:53.0843 2960 COMSysApp - ok
14:20:53.0875 2960 Cpqarray - ok
14:20:53.0890 2960 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:20:54.0015 2960 CryptSvc - ok
14:20:54.0078 2960 [ E36C72BF36309F3FA92F775DFCB38956 ] CyberLink Media Library Service C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
14:20:54.0250 2960 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
14:20:54.0250 2960 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
14:20:54.0265 2960 dac2w2k - ok
14:20:54.0265 2960 dac960nt - ok
14:20:54.0625 2960 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:20:54.0734 2960 DcomLaunch - ok
14:20:54.0796 2960 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:20:54.0921 2960 Dhcp - ok
14:20:54.0953 2960 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:20:55.0078 2960 Disk - ok
14:20:55.0078 2960 dmadmin - ok
14:20:55.0109 2960 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:20:55.0343 2960 dmboot - ok
14:20:55.0359 2960 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:20:55.0515 2960 dmio - ok
14:20:55.0546 2960 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:20:55.0687 2960 dmload - ok
14:20:55.0750 2960 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:20:55.0906 2960 dmserver - ok
14:20:55.0921 2960 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:20:56.0078 2960 DMusic - ok
14:20:56.0125 2960 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:20:56.0234 2960 Dnscache - ok
14:20:56.0281 2960 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:20:56.0421 2960 Dot3svc - ok
14:20:56.0437 2960 dpti2o - ok
14:20:56.0468 2960 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:20:56.0609 2960 drmkaud - ok
14:20:56.0640 2960 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:20:56.0812 2960 EapHost - ok
14:20:56.0843 2960 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:20:57.0031 2960 ERSvc - ok
14:20:57.0078 2960 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
14:20:57.0156 2960 Eventlog - ok
14:20:57.0218 2960 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
14:20:57.0250 2960 EventSystem - ok
14:20:57.0296 2960 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:20:57.0500 2960 Fastfat - ok
14:20:57.0546 2960 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:20:57.0609 2960 FastUserSwitchingCompatibility - ok
14:20:57.0671 2960 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
14:20:57.0890 2960 Fax - ok
14:20:57.0906 2960 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:20:58.0015 2960 Fdc - ok
14:20:58.0031 2960 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:20:58.0140 2960 Fips - ok
14:20:58.0156 2960 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:20:58.0281 2960 Flpydisk - ok
14:20:58.0328 2960 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:20:58.0453 2960 FltMgr - ok
14:20:58.0531 2960 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:20:58.0546 2960 FontCache3.0.0.0 - ok
14:20:58.0562 2960 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:20:58.0703 2960 Fs_Rec - ok
14:20:58.0734 2960 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:20:58.0875 2960 Ftdisk - ok
14:20:58.0890 2960 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:20:59.0015 2960 Gpc - ok
14:20:59.0062 2960 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
14:20:59.0078 2960 GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
14:20:59.0078 2960 GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
14:20:59.0140 2960 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
14:20:59.0156 2960 gupdate - ok
14:20:59.0171 2960 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
14:20:59.0187 2960 gupdatem - ok
14:20:59.0218 2960 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
14:20:59.0265 2960 HdAudAddService - ok
14:20:59.0312 2960 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:20:59.0421 2960 HDAudBus - ok
14:20:59.0484 2960 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:20:59.0593 2960 helpsvc - ok
14:20:59.0593 2960 HidServ - ok
14:20:59.0625 2960 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:20:59.0781 2960 HidUsb - ok
14:20:59.0828 2960 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:20:59.0968 2960 hkmsvc - ok
14:21:00.0000 2960 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\WINDOWS\system32\drivers\Hotkey.sys
14:21:00.0015 2960 Hotkey ( UnsignedFile.Multi.Generic ) - warning
14:21:00.0015 2960 Hotkey - detected UnsignedFile.Multi.Generic (1)
14:21:00.0031 2960 hpn - ok
14:21:00.0062 2960 [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:21:00.0125 2960 HPZid412 - ok
14:21:00.0156 2960 [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:21:00.0203 2960 HPZipr12 - ok
14:21:00.0234 2960 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:21:00.0312 2960 HPZius12 - ok
14:21:00.0359 2960 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:21:00.0437 2960 HTTP - ok
14:21:00.0468 2960 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:21:00.0609 2960 HTTPFilter - ok
14:21:00.0625 2960 i2omgmt - ok
14:21:00.0625 2960 i2omp - ok
14:21:00.0671 2960 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:21:00.0890 2960 i8042prt - ok
14:21:01.0000 2960 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:21:01.0078 2960 idsvc - ok
14:21:01.0078 2960 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:21:01.0203 2960 Imapi - ok
14:21:01.0250 2960 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
14:21:01.0375 2960 ImapiService - ok
14:21:01.0390 2960 ini910u - ok
14:21:01.0609 2960 [ 98B7FAB86755A42FE8EB04538A4CD6C8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:21:01.0906 2960 IntcAzAudAddService - ok
14:21:01.0921 2960 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:21:02.0156 2960 IntelIde - ok
14:21:02.0203 2960 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:21:02.0343 2960 intelppm - ok
14:21:02.0359 2960 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:21:02.0484 2960 Ip6Fw - ok
14:21:02.0515 2960 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:21:02.0656 2960 IpFilterDriver - ok
14:21:02.0656 2960 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:21:02.0781 2960 IpInIp - ok
14:21:02.0781 2960 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:21:02.0906 2960 IpNat - ok
14:21:02.0937 2960 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:21:03.0046 2960 IPSec - ok
14:21:03.0078 2960 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:21:03.0187 2960 irda - ok
14:21:03.0203 2960 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:21:03.0328 2960 IRENUM - ok
14:21:03.0375 2960 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
14:21:03.0500 2960 Irmon - ok
14:21:03.0515 2960 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:21:03.0640 2960 isapnp - ok
14:21:03.0812 2960 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
14:21:03.0828 2960 JavaQuickStarterService - ok
14:21:03.0843 2960 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:21:03.0968 2960 Kbdclass - ok
14:21:04.0000 2960 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:21:04.0109 2960 kmixer - ok
14:21:04.0156 2960 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:21:04.0250 2960 KSecDD - ok
14:21:04.0296 2960 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:21:04.0375 2960 lanmanserver - ok
14:21:04.0437 2960 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:21:04.0484 2960 lanmanworkstation - ok
14:21:04.0484 2960 lbrtfdc - ok
14:21:04.0515 2960 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:21:04.0687 2960 LmHosts - ok
14:21:04.0703 2960 M9207 - ok
14:21:04.0703 2960 mailKmd - ok
14:21:04.0734 2960 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:21:04.0968 2960 Messenger - ok
14:21:05.0015 2960 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:21:05.0140 2960 mnmdd - ok
14:21:05.0187 2960 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:21:05.0296 2960 mnmsrvc - ok
14:21:05.0343 2960 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:21:05.0468 2960 Modem - ok
14:21:05.0500 2960 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:21:05.0625 2960 Mouclass - ok
14:21:05.0671 2960 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:21:05.0796 2960 mouhid - ok
14:21:05.0843 2960 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:21:05.0937 2960 MountMgr - ok
14:21:06.0015 2960 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:21:06.0046 2960 MozillaMaintenance - ok
14:21:06.0062 2960 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
14:21:06.0187 2960 MPE - ok
14:21:06.0187 2960 mraid35x - ok
14:21:06.0203 2960 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:21:06.0312 2960 MRxDAV - ok
14:21:06.0375 2960 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:21:06.0453 2960 MRxSmb - ok
14:21:06.0500 2960 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:21:06.0625 2960 MSDTC - ok
14:21:06.0640 2960 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:21:06.0781 2960 Msfs - ok
14:21:06.0796 2960 MSIServer - ok
14:21:06.0812 2960 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:21:06.0937 2960 MSKSSRV - ok
14:21:06.0953 2960 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:21:07.0078 2960 MSPCLOCK - ok
14:21:07.0093 2960 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:21:07.0203 2960 MSPQM - ok
14:21:07.0234 2960 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:21:07.0359 2960 mssmbios - ok
14:21:07.0390 2960 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:21:07.0515 2960 MSTEE - ok
14:21:07.0546 2960 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:21:07.0562 2960 Mup - ok
14:21:07.0593 2960 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:21:07.0718 2960 NABTSFEC - ok
14:21:07.0765 2960 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
14:21:07.0906 2960 napagent - ok
14:21:07.0937 2960 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:21:08.0062 2960 NDIS - ok
14:21:08.0093 2960 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:21:08.0203 2960 NdisIP - ok
14:21:08.0250 2960 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:21:08.0281 2960 NdisTapi - ok
14:21:08.0296 2960 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:21:08.0421 2960 Ndisuio - ok
14:21:08.0453 2960 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:21:08.0578 2960 NdisWan - ok
14:21:08.0625 2960 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:21:08.0687 2960 NDProxy - ok
14:21:08.0703 2960 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:21:08.0812 2960 NetBIOS - ok
14:21:08.0843 2960 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:21:08.0953 2960 NetBT - ok
14:21:09.0000 2960 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
14:21:09.0140 2960 NetDDE - ok
14:21:09.0140 2960 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:21:09.0250 2960 NetDDEdsdm - ok
14:21:09.0296 2960 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:21:09.0406 2960 Netlogon - ok
14:21:09.0437 2960 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
14:21:09.0562 2960 Netman - ok
14:21:09.0593 2960 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:21:09.0609 2960 NetTcpPortSharing - ok
14:21:09.0640 2960 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:21:09.0750 2960 NIC1394 - ok
14:21:09.0796 2960 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
14:21:09.0843 2960 Nla - ok
14:21:09.0859 2960 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:21:09.0968 2960 Npfs - ok
14:21:09.0984 2960 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:21:10.0093 2960 NSCIRDA - ok
14:21:10.0125 2960 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:21:10.0265 2960 Ntfs - ok
14:21:10.0265 2960 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:21:10.0390 2960 NtLmSsp - ok
14:21:10.0437 2960 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:21:10.0593 2960 NtmsSvc - ok
14:21:10.0609 2960 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:21:10.0750 2960 Null - ok
14:21:10.0796 2960 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:21:10.0921 2960 NwlnkFlt - ok
14:21:10.0937 2960 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:21:11.0062 2960 NwlnkFwd - ok
14:21:11.0093 2960 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:21:11.0218 2960 ohci1394 - ok
14:21:11.0296 2960 [ C3694C3F4588D252E3515AA77700DB20 ] omniserv C:\Programme\Softex\OmniPass\Omniserv.exe
14:21:11.0312 2960 omniserv ( UnsignedFile.Multi.Generic ) - warning
14:21:11.0312 2960 omniserv - detected UnsignedFile.Multi.Generic (1)
14:21:11.0312 2960 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:21:11.0437 2960 Parport - ok
14:21:11.0453 2960 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:21:11.0578 2960 PartMgr - ok
14:21:11.0625 2960 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:21:11.0750 2960 ParVdm - ok
14:21:11.0765 2960 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:21:11.0890 2960 PCI - ok
14:21:11.0890 2960 PCIDump - ok
14:21:11.0921 2960 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:21:12.0031 2960 PCIIde - ok
14:21:12.0062 2960 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:21:12.0187 2960 Pcmcia - ok
14:21:12.0187 2960 PDCOMP - ok
14:21:12.0203 2960 PDFRAME - ok
14:21:12.0203 2960 PDRELI - ok
14:21:12.0203 2960 PDRFRAME - ok
14:21:12.0218 2960 perc2 - ok
14:21:12.0234 2960 perc2hib - ok
14:21:12.0265 2960 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
14:21:12.0312 2960 PlugPlay - ok
14:21:12.0328 2960 [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:21:12.0359 2960 Pml Driver HPZ12 - ok
14:21:12.0375 2960 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:21:12.0484 2960 PolicyAgent - ok
14:21:12.0515 2960 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:21:12.0625 2960 PptpMiniport - ok
14:21:12.0625 2960 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:21:12.0750 2960 ProtectedStorage - ok
14:21:12.0750 2960 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:21:12.0875 2960 PSched - ok
14:21:12.0875 2960 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:21:13.0000 2960 Ptilink - ok
14:21:13.0000 2960 ql1080 - ok
14:21:13.0015 2960 Ql10wnt - ok
14:21:13.0015 2960 ql12160 - ok
14:21:13.0031 2960 ql1240 - ok
14:21:13.0046 2960 ql1280 - ok
14:21:13.0093 2960 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:21:13.0203 2960 RasAcd - ok
14:21:13.0234 2960 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:21:13.0343 2960 RasAuto - ok
14:21:13.0390 2960 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:21:13.0453 2960 Rasirda - ok
14:21:13.0484 2960 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:21:13.0593 2960 Rasl2tp - ok
14:21:13.0625 2960 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:21:13.0750 2960 RasMan - ok
14:21:13.0750 2960 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:21:13.0875 2960 RasPppoe - ok
14:21:13.0906 2960 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:21:14.0046 2960 Raspti - ok
14:21:14.0078 2960 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:21:14.0203 2960 Rdbss - ok
14:21:14.0250 2960 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:21:14.0359 2960 RDPCDD - ok
14:21:14.0406 2960 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:21:14.0437 2960 RDPWD - ok
14:21:14.0500 2960 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:21:14.0625 2960 RDSessMgr - ok
14:21:14.0656 2960 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:21:14.0781 2960 redbook - ok
14:21:14.0812 2960 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:21:14.0921 2960 RemoteAccess - ok
14:21:15.0015 2960 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Programme\CyberLink\Shared Files\RichVideo.exe
14:21:15.0015 2960 RichVideo ( UnsignedFile.Multi.Generic ) - warning
14:21:15.0015 2960 RichVideo - detected UnsignedFile.Multi.Generic (1)
14:21:15.0046 2960 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
14:21:15.0171 2960 RpcLocator - ok
14:21:15.0203 2960 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:21:15.0250 2960 RpcSs - ok
14:21:15.0296 2960 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:21:15.0406 2960 RSVP - ok
14:21:15.0453 2960 [ 6EA04A4370609E5E1EAEEE898A2AB6AC ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
14:21:15.0515 2960 RT73 - ok
14:21:15.0562 2960 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:21:15.0640 2960 RTL8023xp - ok
14:21:15.0687 2960 [ 1F561844318914E7EB6E54673A4CC54C ] s117bus C:\WINDOWS\system32\DRIVERS\s117bus.sys
14:21:15.0703 2960 s117bus - ok
14:21:15.0750 2960 [ BA93EEC3CDF6A63B77AE66221AA4F902 ] s117mdfl C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
14:21:15.0765 2960 s117mdfl - ok
14:21:15.0765 2960 [ CBA12FD8A8EE5B5CDFBBAE2381CD6703 ] s117mdm C:\WINDOWS\system32\DRIVERS\s117mdm.sys
14:21:15.0796 2960 s117mdm - ok
14:21:15.0812 2960 [ BD6483E64B1DA17E812B34BCDEFD9459 ] s117mgmt C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
14:21:15.0828 2960 s117mgmt - ok
14:21:15.0843 2960 [ C7CA36C3054B4CD47A1F6611B046E2F9 ] s117nd5 C:\WINDOWS\system32\DRIVERS\s117nd5.sys
14:21:15.0859 2960 s117nd5 - ok
14:21:15.0890 2960 [ E290B3A6B58FB72CA97DD48D64E4FC1C ] s117obex C:\WINDOWS\system32\DRIVERS\s117obex.sys
14:21:15.0921 2960 s117obex - ok
14:21:15.0921 2960 [ 5C4D1BA23C7511AC880E8BA7BAA80DBA ] s117unic C:\WINDOWS\system32\DRIVERS\s117unic.sys
14:21:15.0953 2960 s117unic - ok
14:21:15.0968 2960 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
14:21:16.0140 2960 SamSs - ok
14:21:16.0187 2960 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:21:16.0312 2960 SCardSvr - ok
14:21:16.0375 2960 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:21:16.0515 2960 Schedule - ok
14:21:16.0515 2960 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:21:16.0640 2960 sdbus - ok
14:21:16.0656 2960 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:21:16.0765 2960 Secdrv - ok
14:21:16.0796 2960 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
14:21:16.0921 2960 seclogon - ok
14:21:16.0921 2960 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
14:21:17.0062 2960 SENS - ok
14:21:17.0093 2960 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
14:21:17.0203 2960 Serial - ok
14:21:17.0234 2960 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:21:17.0359 2960 Sfloppy - ok
14:21:17.0421 2960 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:21:17.0562 2960 SharedAccess - ok
14:21:17.0609 2960 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:21:17.0671 2960 ShellHWDetection - ok
14:21:17.0671 2960 Simbad - ok
14:21:17.0703 2960 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:21:17.0812 2960 SLIP - ok
14:21:17.0828 2960 Sparrow - ok
14:21:17.0859 2960 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:21:17.0984 2960 splitter - ok
14:21:18.0015 2960 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:21:18.0062 2960 Spooler - ok
14:21:18.0093 2960 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:21:18.0218 2960 sr - ok
14:21:18.0265 2960 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
14:21:18.0375 2960 srservice - ok
14:21:18.0437 2960 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:21:18.0484 2960 Srv - ok
14:21:18.0500 2960 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:21:18.0656 2960 SSDPSRV - ok
14:21:18.0703 2960 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:21:18.0718 2960 ssmdrv - ok
14:21:18.0781 2960 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:21:18.0968 2960 stisvc - ok
14:21:18.0984 2960 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:21:19.0140 2960 streamip - ok
14:21:19.0187 2960 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:21:19.0343 2960 swenum - ok
14:21:19.0375 2960 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:21:19.0484 2960 swmidi - ok
14:21:19.0500 2960 SwPrv - ok
14:21:19.0515 2960 symc810 - ok
14:21:19.0531 2960 symc8xx - ok
14:21:19.0531 2960 sym_hi - ok
14:21:19.0546 2960 sym_u3 - ok
14:21:19.0593 2960 [ 9D7385AD343EEED23A61D4AC5AE44601 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:21:19.0640 2960 SynTP - ok
14:21:19.0656 2960 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:21:19.0765 2960 sysaudio - ok
14:21:19.0796 2960 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:21:19.0937 2960 SysmonLog - ok
14:21:19.0953 2960 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:21:20.0078 2960 TapiSrv - ok
14:21:20.0140 2960 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:21:20.0203 2960 Tcpip - ok
14:21:20.0250 2960 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:21:20.0375 2960 TDPIPE - ok
14:21:20.0406 2960 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:21:20.0531 2960 TDTCP - ok
14:21:20.0546 2960 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:21:20.0671 2960 TermDD - ok
14:21:20.0703 2960 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
14:21:20.0812 2960 TermService - ok
14:21:20.0843 2960 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:21:20.0859 2960 Themes - ok
14:21:20.0906 2960 [ 1154850749ECD019972D901EA6C6950C ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
14:21:20.0937 2960 tifm21 - ok
14:21:20.0953 2960 TosIde - ok
14:21:20.0953 2960 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:21:21.0093 2960 TrkWks - ok
14:21:21.0109 2960 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:21:21.0234 2960 Udfs - ok
14:21:21.0250 2960 ULiM9205 - ok
14:21:21.0265 2960 ultra - ok
14:21:21.0296 2960 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:21:21.0437 2960 Update - ok
14:21:21.0500 2960 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:21:21.0625 2960 upnphost - ok
14:21:21.0671 2960 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
14:21:21.0796 2960 UPS - ok
14:21:21.0859 2960 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:21:21.0984 2960 usbaudio - ok
14:21:21.0984 2960 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:21:22.0109 2960 usbccgp - ok
14:21:22.0140 2960 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:21:22.0265 2960 usbehci - ok
14:21:22.0281 2960 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:21:22.0390 2960 usbhub - ok
14:21:22.0421 2960 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:21:22.0546 2960 usbprint - ok
14:21:22.0562 2960 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:21:22.0671 2960 USBSTOR - ok
14:21:22.0703 2960 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:21:22.0828 2960 usbuhci - ok
14:21:22.0843 2960 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:21:22.0953 2960 VgaSave - ok
14:21:22.0953 2960 ViaIde - ok
14:21:22.0984 2960 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:21:23.0109 2960 VolSnap - ok
14:21:23.0125 2960 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
14:21:23.0250 2960 VSS - ok
14:21:23.0406 2960 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:21:23.0625 2960 w29n51 - ok
14:21:23.0671 2960 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
14:21:23.0796 2960 W32Time - ok
14:21:23.0828 2960 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:21:24.0015 2960 Wanarp - ok
14:21:24.0046 2960 wanatw - ok
14:21:24.0046 2960 Wbutton - ok
14:21:24.0062 2960 WDICA - ok
14:21:24.0093 2960 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:21:24.0281 2960 wdmaud - ok
14:21:24.0296 2960 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:21:24.0468 2960 WebClient - ok
14:21:24.0562 2960 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:21:24.0671 2960 winmgmt - ok
14:21:24.0734 2960 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:21:24.0828 2960 WmdmPmSN - ok
14:21:24.0859 2960 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:21:24.0984 2960 WmiApSrv - ok
14:21:25.0109 2960 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
14:21:25.0171 2960 WMPNetworkSvc - ok
14:21:25.0187 2960 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:21:25.0203 2960 WpdUsb - ok
14:21:25.0250 2960 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:21:25.0406 2960 wscsvc - ok
14:21:25.0437 2960 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:21:25.0593 2960 WSTCODEC - ok
14:21:25.0625 2960 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:21:25.0796 2960 wuauserv - ok
14:21:25.0859 2960 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:21:25.0906 2960 WudfPf - ok
14:21:25.0937 2960 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:21:25.0984 2960 WudfRd - ok
14:21:26.0015 2960 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:21:26.0046 2960 WudfSvc - ok
14:21:26.0156 2960 [ CCFDECD6060EA8EB0F8466782A97FF21 ] WUSB54GCSVC C:\Programme\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
14:21:26.0156 2960 WUSB54GCSVC ( UnsignedFile.Multi.Generic ) - warning
14:21:26.0156 2960 WUSB54GCSVC - detected UnsignedFile.Multi.Generic (1)
14:21:26.0218 2960 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:21:26.0406 2960 WZCSVC - ok
14:21:26.0468 2960 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
14:21:26.0484 2960 x10nets ( UnsignedFile.Multi.Generic ) - warning
14:21:26.0484 2960 x10nets - detected UnsignedFile.Multi.Generic (1)
14:21:26.0515 2960 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:21:26.0765 2960 xmlprov - ok
14:21:26.0796 2960 [ 41CF36A3CC7786575247ED456918E112 ] XUIF C:\WINDOWS\system32\Drivers\x10ufx2.sys
14:21:26.0843 2960 XUIF - ok
14:21:26.0859 2960 ================ Scan global ===============================
14:21:26.0906 2960 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
14:21:26.0953 2960 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:21:26.0968 2960 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:21:27.0000 2960 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
14:21:27.0000 2960 [Global] - ok
14:21:27.0000 2960 ================ Scan MBR ==================================
14:21:27.0015 2960 [ E39003396D3323DE43CFB10CFEDA484A ] \Device\Harddisk0\DR0
14:21:27.0390 2960 \Device\Harddisk0\DR0 - ok
14:21:27.0406 2960 ================ Scan VBR ==================================
14:21:27.0406 2960 [ 16287BBD7917EFBA2DF8EE2EE221DAD7 ] \Device\Harddisk0\DR0\Partition1
14:21:27.0406 2960 \Device\Harddisk0\DR0\Partition1 - ok
14:21:27.0437 2960 [ 6A09434E35517CEF5E6F63EB563818A8 ] \Device\Harddisk0\DR0\Partition2
14:21:27.0453 2960 \Device\Harddisk0\DR0\Partition2 - ok
14:21:27.0468 2960 [ 1483D1C76D7D9175ACE215C824ED8F10 ] \Device\Harddisk0\DR0\Partition3
14:21:27.0468 2960 \Device\Harddisk0\DR0\Partition3 - ok
14:21:27.0484 2960 ============================================================
14:21:27.0484 2960 Scan finished
14:21:27.0484 2960 ============================================================
14:21:27.0609 2992 Detected object count: 20
14:21:27.0609 2992 Actual detected object count: 20
14:32:49.0656 2992 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0656 2992 BCM42RLY ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 BCM42RLY ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0656 2992 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0656 2992 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0656 2992 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0656 2992 BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0656 2992 BTSLBCSP ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 BTSLBCSP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0656 2992 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0656 2992 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0671 2992 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0671 2992 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0687 2992 omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0687 2992 omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0687 2992 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0687 2992 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0687 2992 WUSB54GCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0687 2992 WUSB54GCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0687 2992 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:49.0687 2992 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.09.2012, 14:01
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach löschen von Live Security Platinum System sauber? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2012, 15:07
| #23 |
| | Nach löschen von Live Security Platinum System sauber? Combofix Logfile: Code:
ATTFilter ComboFix 12-08-31.08 - uli 01.09.2012 16:06:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.571 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\uli\Eigene Dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-01 bis 2012-09-01 ))))))))))))))))))))))))))))))
.
.
2012-09-01 07:43 . 2012-09-01 07:43 -------- d-----w- C:\_OTL
2012-08-29 11:36 . 2012-08-29 11:36 73696 ----a-w- c:\programme\Mozilla Firefox\breakpadinjector.dll
2012-08-20 12:29 . 2012-08-20 12:29 -------- d-----w- c:\programme\ESET
2012-08-02 16:19 . 2012-08-02 16:19 -------- d-----w- c:\programme\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-07-19 16:20 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-12-13 16:09 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-07-19 16:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 13:03 . 2012-04-18 08:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 13:03 . 2011-06-04 08:35 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2005-08-19 02:14 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-08-18 17:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2005-08-19 02:14 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2010-10-14 08:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:39 . 2005-08-19 02:14 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2005-08-19 02:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2005-08-19 02:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2005-08-19 02:14 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2008-04-14 02:22 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2005-08-19 02:14 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2009-08-06 18:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-08-19 02:14 152576 ----a-w- c:\windows\system32\schannel.dll
2012-08-29 11:36 . 2011-03-28 14:03 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\programme\Fingerprint Sensor\ATSwpNav -run" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-08-17 61440]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-09-02 81920]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2005-09-11 14:39 49152 ----a-w- c:\programme\Softex\OmniPass\OPXPGina.dll
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 1000 series.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-05-11 11:12 88204 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-30 22:40 57344 ----a-w- c:\programme\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-11 17:51 53248 ----a-w- c:\programme\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 15:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn]
2005-03-25 22:07 93640 ----a-w- c:\programme\CyberLink\PowerCinema Linux\ion_install.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2005-09-11 14:38 1847296 ----a-w- c:\programme\Softex\OmniPass\scureapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-09-15 15:02 139264 ----a-w- c:\programme\Home Cinema\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\programme\Home Cinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-08-18 05:20 14820864 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-08-25 13:25 737369 ----a-w- c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 07:56 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"RichVideo"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%ProgramFiles%\\MSN Messenger\\msnmsgr.exe"=
"%ProgramFiles%\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.10.2011 17:05 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [13.10.2011 17:05 86224]
S1 M9207;ULi M9207 USB DVB-T / TV BOX;c:\windows\system32\DRIVERS\M9207BDA.sys --> c:\windows\system32\DRIVERS\M9207BDA.sys [?]
S1 mailKmd;mailKmd; [x]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [24.01.2012 17:25 136176]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18.09.2005 16:18 799744]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [24.01.2012 17:25 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [26.04.2012 09:07 114144]
S3 ULiM9205;TVBOX service;c:\windows\system32\Drivers\M9205.sys --> c:\windows\system32\Drivers\M9205.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 32201711
*Deregistered* - 32201711
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-15 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4293262233.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-24 15:25]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-24 15:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google/
IE: &Google-Suche - c:\programme\google\GoogleToolbar2.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\uli\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Im Cache gespeicherte Seite - c:\programme\google\GoogleToolbar2.dll/cmcache.html
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verweisseiten - c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\uli\Anwendungsdaten\Mozilla\Firefox\Profiles\5ib9d8xi.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-6F638BFE0001730A0043AE847B07D329 - c:\dokumente und einstellungen\All Users\Anwendungsdaten\6F638BFE0001730A0043AE847B07D329\6F638BFE0001730A0043AE847B07D329.exe
MSConfigStartUp-AntivirusRegistration - c:\programme\CA\Etrust Antivirus\Register.exe
MSConfigStartUp-AOLDialer - c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
MSConfigStartUp-AOLMIcon - c:\programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-01 16:15
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
c:\programme\Softex\OmniPass\opxpgina.dll
.
Zeit der Fertigstellung: 2012-09-01 16:18:43
ComboFix-quarantined-files.txt 2012-09-01 14:18
.
Vor Suchlauf: 9 Verzeichnis(se), 25.206.816.768 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 25.210.429.440 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9FC922B669A3EEA40735B8285C1D9BDA
|
|
03.09.2012, 11:07
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach löschen von Live Security Platinum System sauber? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.09.2012, 08:31
| #25 |
| | Nach löschen von Live Security Platinum System sauber? Sorry hat was länger gedauert. Hier die Logs: GMER Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-03 17:52:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM100JC rev.YN100-08
Running: i91tfpvm.exe; Driver: C:\DOKUME~1\uli\LOKALE~1\Temp\kgtdqpog.sys
---- System - GMER 1.0.15 ----
SSDT F7C1C964 ZwClose
SSDT F7C1C91E ZwCreateKey
SSDT F7C1C96E ZwCreateSection
SSDT F7C1C914 ZwCreateThread
SSDT F7C1C923 ZwDeleteKey
SSDT F7C1C92D ZwDeleteValueKey
SSDT F7C1C95F ZwDuplicateObject
SSDT F7C1C932 ZwLoadKey
SSDT F7C1C900 ZwOpenProcess
SSDT F7C1C905 ZwOpenThread
SSDT F7C1C987 ZwQueryValueKey
SSDT F7C1C93C ZwReplaceKey
SSDT F7C1C978 ZwRequestWaitReplyPort
SSDT F7C1C937 ZwRestoreKey
SSDT F7C1C973 ZwSetContextThread
SSDT F7C1C97D ZwSetSecurityObject
SSDT F7C1C928 ZwSetValueKey
SSDT F7C1C982 ZwSystemDebugControl
SSDT F7C1C90F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF67B3F80]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:21:42 on 03.09.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 15.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FRU Task #Hewlett-Packard#hp psc 1200 series#1293262233.job" - ? - C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl "scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.4.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\WINDOWS\System32\BCM42RLY.SYS "Bluetooth Port Client Driver" (BTSLBCSP) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btslbcsp.sys "Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys "Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys "Bluetooth-Modem" (btwmodem) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwmodem.sys "catchme" (catchme) - ? - C:\DOKUME~1\uli\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "GTNDIS5 NDIS Protocol Driver" (GTNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\GTNDIS5.SYS "Hotkey" (Hotkey) - ? - C:\WINDOWS\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kgtdqpog" (kgtdqpog) - ? - C:\DOKUME~1\uli\LOKALE~1\Temp\kgtdqpog.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mailKmd" (mailKmd) - ? - C:\WINDOWS\system32\drivers\mailKmd.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TVBOX service" (ULiM9205) - ? - C:\WINDOWS\System32\Drivers\M9205.sys (File not found) "ULi M9207 USB DVB-T / TV BOX" (M9207) - ? - C:\WINDOWS\System32\DRIVERS\M9207BDA.sys (File not found) "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys "WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys (File not found) "Wbutton" (Wbutton) - ? - C:\WINDOWS\system32\drivers\Wbutton.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys [Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- "(0) Source" - ? - hxxp://i.ebayimg.com/00/$%28KGrHqZ,%21l4E2EEKctCHBNoubLqq,Q%7E%7E_12.JPG (HTTP value) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Programme\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Programme\Softex\OmniPass\opfolderext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "MedionShop" - ? - hxxp://www.medionshop.de/ (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar2.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343739718250 {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} "SysInfo Class" - "Husdawg, LLC" - C:\Programme\SystemRequirementsLab\srldetect_intel_4.3.1.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar2.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - c:\programme\google\googletoolbar2.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\uli\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ATSwpNav" - "AuthenTec, Inc." - "C:\Programme\Fingerprint Sensor\ATSwpNav" -run "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CtrlVol" - "Wistron" - "C:\Programme\Launch Manager\CtrlVol.exe" "HotkeyApp" - "Wistron" - "C:\Programme\Launch Manager\HotkeyApp.exe" "LaunchAp" - ? - "C:\Programme\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron" - "C:\Programme\Launch Manager\OSD.exe" "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "Wbutton" - ? - "C:\Programme\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Programme\Softex\OmniPass\Omniserv.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WUSB54GCSVC" (WUSB54GCSVC) - "GEMTEKS" - C:\Programme\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\logon.scr (File not found) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "OPXPGina" - ? - C:\Programme\Softex\OmniPass\opxpgina.dll (File found, but it contains no detailed information) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 18:26:32
-----------------------------
18:26:32.453 OS Version: Windows 5.1.2600 Service Pack 3
18:26:32.453 Number of processors: 1 586 0xD08
18:26:32.453 ComputerName: BIGULI UserName: uli
18:26:33.890 Initialize success
18:37:28.453 AVAST engine defs: 12090300
18:38:19.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:38:19.484 Disk 0 Vendor: SAMSUNG_HM100JC YN100-08 Size: 95396MB BusType: 3
18:38:19.578 Disk 0 MBR read successfully
18:38:19.593 Disk 0 MBR scan
18:38:19.703 Disk 0 unknown MBR code
18:38:19.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 48414 MB offset 63
18:38:19.750 Disk 0 Partition - 00 0F Extended LBA 46955 MB offset 99153180
18:38:19.843 Disk 0 Partition 2 00 12 Compaq diag 23 MB offset 195318270
18:38:19.937 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 34969 MB offset 99153243
18:38:19.968 Disk 0 Partition - 00 05 Extended 11985 MB offset 170770950
18:38:20.078 Disk 0 Partition 4 00 0B FAT32 MSWIN4.1 11985 MB offset 170771013
18:38:20.140 Disk 0 scanning sectors +195366465
18:38:20.546 Disk 0 scanning C:\WINDOWS\system32\drivers
18:39:54.515 Service scanning
18:40:18.328 Modules scanning
18:41:42.281 Disk 0 trace - called modules:
18:41:42.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:41:42.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f50ab8]
18:41:42.406 3 CLASSPNP.SYS[f75d0fd7] -> nt!IofCallDriver -> \Device\0000007e[0x86fdd3b8]
18:41:42.421 5 ACPI.sys[f7466620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f0dd98]
18:41:42.781 AVAST engine scan C:\WINDOWS
18:42:30.250 AVAST engine scan C:\WINDOWS\system32
18:56:08.734 AVAST engine scan C:\WINDOWS\system32\drivers
18:58:02.562 AVAST engine scan C:\Dokumente und Einstellungen\uli
20:24:49.343 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:27:09.343 Scan finished successfully
20:34:35.359 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\uli\Desktop\MBR.dat"
20:34:35.375 The log file has been saved successfully to "C:\Dokumente und Einstellungen\uli\Desktop\aswMBR.txt"
|
|
04.09.2012, 15:34
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach löschen von Live Security Platinum System sauber? Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.09.2012, 17:12
| #27 |
| | Nach löschen von Live Security Platinum System sauber? Das Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-04 17:19:57
-----------------------------
17:19:57.187 OS Version: Windows 5.1.2600 Service Pack 3
17:19:57.187 Number of processors: 1 586 0xD08
17:19:57.187 ComputerName: BIGULI UserName: uli
17:19:57.421 Initialize success
17:20:09.562 AVAST engine defs: 12090300
17:20:21.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:20:21.812 Disk 0 Vendor: SAMSUNG_HM100JC YN100-08 Size: 95396MB BusType: 3
17:20:21.828 Disk 0 MBR read successfully
17:20:21.843 Disk 0 MBR scan
17:20:21.890 Disk 0 unknown MBR code
17:20:21.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 48414 MB offset 63
17:20:21.921 Disk 0 Partition - 00 0F Extended LBA 46955 MB offset 99153180
17:20:21.953 Disk 0 Partition 2 00 12 Compaq diag 23 MB offset 195318270
17:20:21.984 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 34969 MB offset 99153243
17:20:22.000 Disk 0 Partition - 00 05 Extended 11985 MB offset 170770950
17:20:22.046 Disk 0 Partition 4 00 0B FAT32 MSWIN4.1 11985 MB offset 170771013
17:20:22.062 Disk 0 scanning sectors +195366465
17:20:22.156 Disk 0 scanning C:\WINDOWS\system32\drivers
17:20:42.968 Service scanning
17:21:05.500 Modules scanning
17:21:14.296 Disk 0 trace - called modules:
17:21:14.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:21:14.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f50ab8]
17:21:14.375 3 CLASSPNP.SYS[f75d0fd7] -> nt!IofCallDriver -> \Device\0000007e[0x86fdd3b8]
17:21:14.390 5 ACPI.sys[f7466620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f0dd98]
17:21:14.656 AVAST engine scan C:\WINDOWS
17:21:25.390 AVAST engine scan C:\WINDOWS\system32
17:25:35.656 AVAST engine scan C:\WINDOWS\system32\drivers
17:26:07.140 AVAST engine scan C:\Dokumente und Einstellungen\uli
17:59:57.562 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:00:48.093 Scan finished successfully
18:13:25.859 Verifying
18:13:36.421 Disk 0 Windows 501 MBR fixed successfully
18:16:16.203 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\uli\Desktop\MBR.dat"
"
|
|
04.09.2012, 19:19
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach löschen von Live Security Platinum System sauber? Hast du den MBR wirklich gefixt? Er wird immer noch als unbekannt angezeigt was nicht der Fall ist, wenn man mit aswMBR auch den MBR neu machen lässt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2012, 10:28
| #29 |
| | Nach löschen von Live Security Platinum System sauber? Ich habe aswMBR.exe noch mal mit der neuen Virus Definition ausgeführt.(noch nicht gefixt) Das neue Log : Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-05 09:40:51
-----------------------------
09:40:51.296 OS Version: Windows 5.1.2600 Service Pack 3
09:40:51.296 Number of processors: 1 586 0xD08
09:40:51.296 ComputerName: BIGULI UserName: uli
09:40:52.359 Initialize success
09:49:37.906 AVAST engine defs: 12090401
09:50:19.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:50:19.984 Disk 0 Vendor: SAMSUNG_HM100JC YN100-08 Size: 95396MB BusType: 3
09:50:20.000 Disk 0 MBR read successfully
09:50:20.015 Disk 0 MBR scan
09:50:20.125 Disk 0 Windows XP default MBR code
09:50:20.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 48414 MB offset 63
09:50:20.140 Disk 0 Partition - 00 0F Extended LBA 46955 MB offset 99153180
09:50:20.171 Disk 0 Partition 2 00 12 Compaq diag 23 MB offset 195318270
09:50:20.218 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 34969 MB offset 99153243
09:50:20.234 Disk 0 Partition - 00 05 Extended 11985 MB offset 170770950
09:50:20.265 Disk 0 Partition 4 00 0B FAT32 MSWIN4.1 11985 MB offset 170771013
09:50:20.281 Disk 0 scanning sectors +195366465
09:50:20.406 Disk 0 scanning C:\WINDOWS\system32\drivers
09:50:39.609 Service scanning
09:51:04.218 Modules scanning
09:51:12.453 Disk 0 trace - called modules:
09:51:12.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:51:12.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f50ab8]
09:51:12.531 3 CLASSPNP.SYS[f75d0fd7] -> nt!IofCallDriver -> \Device\0000007e[0x86fdd3b8]
09:51:12.546 5 ACPI.sys[f7466620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f0dd98]
09:51:13.250 AVAST engine scan C:\WINDOWS
09:51:23.343 AVAST engine scan C:\WINDOWS\system32
09:54:51.453 AVAST engine scan C:\WINDOWS\system32\drivers
09:55:18.218 AVAST engine scan C:\Dokumente und Einstellungen\uli
10:28:37.500 AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:29:25.687 Scan finished successfully
11:27:10.625 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\uli\Desktop\MBR.dat"
11:27:10.656 The log file has been saved successfully to "C:\Dokumente und Einstellungen\uli\Desktop\aswMBR.txt"
|
|
05.09.2012, 14:33
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach löschen von Live Security Platinum System sauber?Code:
ATTFilter 09:50:20.125 Disk 0 Windows XP default MBR code
Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nach löschen von Live Security Platinum System sauber? |
| 0xc0000001, antivir, avira, bho, converter, desktop, error, fehler, firefox, flash player, google earth, hdaudio.sys, home, homepage, hotkey.sys, installation, launch, logfile, mozilla, mp3, object, plug-in, programm, realtek, registry, safer networking, scan, security, senden, software, system, virus, windows internet |
Linear-Darstellung
