| |
| |||||||
Log-Analyse und Auswertung: Keine Öffnung von Links im Outlook möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.09.2012, 15:45
| #31 |
 |  Keine Öffnung von Links im Outlook möglichCode:
ATTFilter OTL logfile created on: 12.09.2012 16:20:38 - Run 4 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Dokumente und Einstellungen\INES\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,80 Mb Total Physical Memory | 154,87 Mb Available Physical Memory | 30,32% Memory free 993,50 Mb Paging File | 544,88 Mb Available in Paging File | 54,84% Paging File free Paging file location(s): G:\pagefile.sys 512 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 4,84 Gb Free Space | 24,76% Space Free | Partition Type: NTFS Drive D: | 24,42 Gb Total Space | 22,47 Gb Free Space | 92,00% Space Free | Partition Type: NTFS Drive E: | 29,30 Gb Total Space | 22,98 Gb Free Space | 78,44% Space Free | Partition Type: NTFS Drive F: | 19,53 Gb Total Space | 17,96 Gb Free Space | 91,92% Space Free | Partition Type: NTFS Drive G: | 19,02 Gb Total Space | 13,41 Gb Free Space | 70,51% Space Free | Partition Type: NTFS Computer Name: INES-COMPI | User Name: INES | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.12 16:15:18 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\INES\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.08 12:12:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 13:01:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 13:00:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 13:00:52 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.13 17:49:00 | 000,101,528 | ---- | M] () -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE PRC - [2007.01.19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002.01.05 11:22:14 | 001,748,992 | ---- | M] () -- C:\ScanPanel\ScnPanel.exe PRC - [2000.04.06 13:26:34 | 000,037,888 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\InstantAccess.exe ========== Modules (No Company Name) ========== MOD - [2012.05.08 13:01:00 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.09.11 11:48:38 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wlanapp.dll MOD - [2007.04.13 17:49:00 | 000,101,528 | ---- | M] () -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE MOD - [2002.01.05 11:22:14 | 001,748,992 | ---- | M] () -- C:\ScanPanel\ScnPanel.exe MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll MOD - [2000.04.06 13:26:58 | 000,046,080 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\WordAccess.dll MOD - [2000.04.06 13:26:42 | 000,033,280 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\OfficeAccess.dll MOD - [2000.04.06 13:26:36 | 000,008,704 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\MSAppAccess.dll MOD - [2000.04.06 13:26:34 | 000,037,888 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\InstantAccess.exe MOD - [2000.04.06 13:26:30 | 000,035,840 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\ExcelAccess.dll MOD - [1998.12.16 15:37:28 | 000,133,632 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\IAResGER.dll MOD - [1998.12.14 11:35:20 | 000,022,016 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\REGDATA.DLL MOD - [1998.12.14 11:21:24 | 000,119,808 | ---- | M] () -- C:\Programme\TextBridge Pro 8.0\Bin\Tbmhook.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (Rasmogutdm) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - File not found [Disabled | Stopped] -- C:\Programme\a-squared Free\a2service.exe -- (a2free) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.27 15:40:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 13:01:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 13:00:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService) SRV - [2007.04.13 17:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2007.01.19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2005.02.12 00:12:48 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbae.sys -- (adiusbae) DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 13:01:00 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 13:01:00 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:02 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.12 17:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2007.05.12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2005.02.19 20:59:18 | 000,036,864 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV61.sys -- (SSHDRV61) DRV - [2005.02.01 16:42:58 | 000,165,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx) DRV - [2005.02.01 16:41:40 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC) DRV - [2005.01.20 04:25:38 | 000,965,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.11.10 06:30:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp) DRV - [2003.10.31 04:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid) DRV - [2003.08.26 16:25:14 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003.08.26 16:24:06 | 000,675,840 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003.08.26 16:22:34 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2001.08.10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) DRV - [1997.04.22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\SearchScopes\{6C86EB15-9056-420D-ACE0-A34AD9A617DB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Unity Player (Enabled) = C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll O1 HOSTS File: ([2006.02.17 12:50:32 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [InstantAccess] C:\Programme\TextBridge Pro 8.0\Bin\InstantAccess.exe () O4 - HKLM..\Run: [RegisterDropHandler] C:\Programme\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe () O4 - HKU\S-1-5-21-583907252-1592454029-725345543-1006..\Run: [PCSpeedUp] C:\Programme\PC Beschleunigen\PCSpeedUp.lnk () O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Programme\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-1592454029-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Suche - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108211994656 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E18EC742-44D5-440A-A96A-0DE7C181E460}: DhcpNameServer = 80.69.100.182 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.02.11 14:18:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "a2free" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - - File not found MsConfig - StartUpReg: D-Link AirPlus G DWL-G510 - hkey= - key= - C:\Programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe (D-Link) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: kgawm - hkey= - key= - File not found MsConfig - StartUpReg: lycosInside - hkey= - key= - File not found MsConfig - StartUpReg: Miro - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: updateMgr - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1732DB49-448B-43D1-7A47-FBE0149FD2B3} - NetShow ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.11 18:27:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.09.05 16:48:16 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\INES\Desktop\OTL.exe [2012.09.02 14:03:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\INES\Recent [2012.09.01 14:11:38 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.01 11:15:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Malwarebytes [2012.09.01 11:15:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.01 11:15:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.01 11:15:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.31 15:18:42 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ [2012.08.31 15:18:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Canon iP2600 series [2012.08.31 15:18:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information [2012.08.31 15:18:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2012.08.30 15:40:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\CANON [2012.08.30 15:39:17 | 000,000,000 | ---D | C] -- C:\Programme\CanonBJ(2) [2012.08.27 14:39:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google [2009.03.30 16:39:00 | 001,723,032 | ---- | C] (Softland ) -- C:\Programme\PDF Umwandler.exe [2008.11.23 14:57:14 | 001,745,744 | ---- | C] (Screenomania.com ) -- C:\Programme\cities3d_setup.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.12 16:34:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{19843669-D59F-4391-9B90-D328EFFA1DE2}.job [2012.09.12 16:15:18 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\INES\Desktop\OTL.exe [2012.09.12 16:02:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.12 15:50:09 | 000,000,192 | ---- | M] () -- C:\WINDOWS\ScrAntic.ini [2012.09.12 15:40:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.12 15:22:53 | 000,001,194 | ---- | M] () -- C:\WINDOWS\ScnPanel.ini [2012.09.12 15:22:27 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{E18EC742-44D5-440A-A96A-0DE7C181E460} [2012.09.12 15:22:12 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2012.09.12 15:21:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.12 15:21:07 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.12 15:15:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.11 18:27:28 | 000,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.03 19:48:14 | 000,511,265 | ---- | M] () -- C:\Dokumente und Einstellungen\INES\Desktop\adwcleaner.exe [2012.08.30 16:33:38 | 000,136,826 | ---- | M] () -- F:\INES\Thamm, Steve.V2011 [2012.08.30 14:48:46 | 000,019,668 | ---- | M] () -- F:\INES\Telefonliste Damen.pdf [2012.08.29 11:46:58 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\INES\defogger_reenable [2012.08.27 16:05:36 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.03 19:48:11 | 000,511,265 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Desktop\adwcleaner.exe [2012.09.01 11:15:09 | 000,000,641 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 11:46:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\defogger_reenable [2012.05.13 11:48:18 | 000,004,685 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Foto Ives3.jpg [2012.05.13 11:33:50 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini [2012.05.12 17:31:16 | 000,045,056 | R--- | C] () -- C:\WINDOWS\GetKey.dll [2012.05.12 17:11:37 | 000,011,544 | ---- | C] () -- C:\WINDOWS\Dusb4ar.ini [2012.05.12 17:11:37 | 000,002,677 | ---- | C] () -- C:\WINDOWS\Ausba4.ini [2012.05.12 17:11:37 | 000,001,194 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini [2012.05.12 17:11:36 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Artec48.sys [2012.05.12 17:11:26 | 000,167,936 | ---- | C] () -- C:\WINDOWS\Ausba4.dll [2012.05.12 17:11:23 | 000,001,737 | ---- | C] () -- C:\WINDOWS\Flach48U141.ini [2012.05.12 17:10:47 | 000,167,936 | R--- | C] () -- C:\WINDOWS\A4.dll [2012.05.12 15:26:25 | 000,000,188 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2012.05.12 15:26:25 | 000,000,084 | ---- | C] () -- C:\WINDOWS\Tb98.ini [2012.05.12 15:26:13 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL [2012.05.12 15:26:13 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL [2012.05.12 15:26:13 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL [2012.05.12 15:26:13 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL [2012.05.12 15:26:13 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE [2012.05.12 15:13:52 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816White12.dat [2012.05.12 15:13:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\6816Error.dat [2012.05.12 15:13:49 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816Dark12.dat [2012.05.12 15:13:45 | 000,000,006 | ---- | C] () -- C:\WINDOWS\6816Exposure.dat [2012.05.12 15:13:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Offset.dat [2012.05.12 15:13:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Gain.dat [2012.04.18 15:39:37 | 000,000,630 | ---- | C] () -- C:\WINDOWS\wiso.ini [2012.02.17 13:35:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.23 14:15:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.02.07 11:53:50 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll [2011.02.07 11:53:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2010.11.01 13:46:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2010.11.01 13:46:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\FS.INI [2009.04.08 16:24:49 | 000,313,413 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\kgawm_nav.dat [2009.04.05 16:04:14 | 000,003,738 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\kgawm_navps.dat [2009.04.05 16:04:14 | 000,002,981 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\kgawm.dat [2009.04.05 11:25:21 | 000,298,997 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\yyquu_nav.dat [2009.04.05 11:25:21 | 000,003,041 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\yyquu.dat [2009.04.05 11:25:21 | 000,002,050 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\yyquu_navps.dat [2009.03.22 14:17:35 | 003,006,976 | ---- | C] () -- C:\Programme\TvantsSetup.exe [2009.01.10 16:32:06 | 000,253,052 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\wgiaw_nav.dat [2009.01.10 16:32:06 | 000,003,487 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\wgiaw.dat [2009.01.10 16:32:06 | 000,000,321 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\wgiaw_navps.dat [2008.11.23 16:21:15 | 002,700,657 | ---- | C] () -- C:\Programme\2006climbing1024x768.exe [2008.11.23 15:32:50 | 002,353,945 | ---- | C] () -- C:\Programme\GlobFXSpaceTravel.exe [2008.11.23 15:22:55 | 001,357,166 | ---- | C] () -- C:\Programme\Jonny.exe [2008.11.22 12:08:19 | 027,580,296 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AdbeRdr90_de_DE.exe [2008.05.03 11:00:56 | 000,420,034 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\tuoqeir_nav.dat [2008.05.03 11:00:54 | 000,005,002 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\tuoqeir.dat [2008.05.03 11:00:54 | 000,000,507 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\tuoqeir_navps.dat [2008.05.02 19:06:36 | 000,420,034 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\torbkzvns_nav.dat [2008.05.02 19:06:36 | 000,005,180 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\torbkzvns.dat [2008.05.02 19:06:36 | 000,000,507 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\torbkzvns_navps.dat [2008.05.01 18:09:58 | 000,420,034 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\ctuwtxcwrl_nav.dat [2008.05.01 18:09:18 | 000,005,521 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\ctuwtxcwrl.dat [2008.05.01 18:09:18 | 000,000,292 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\ctuwtxcwrl_navps.dat [2008.04.26 13:30:26 | 000,420,034 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\lfcmdxkmq_nav.dat [2008.04.26 13:30:26 | 000,006,183 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\lfcmdxkmq.dat [2008.04.26 13:30:26 | 000,000,865 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\lfcmdxkmq_navps.dat [2007.01.15 12:10:21 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\presets.ini [2006.04.29 17:53:30 | 000,000,246 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\.java.policy [2006.02.17 13:00:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2005.07.20 12:33:53 | 000,000,021 | ---- | C] () -- C:\Programme\AVPersonalAVWIN.INI [2005.04.07 20:02:34 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2008.05.17 13:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.03.17 13:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.03.29 13:04:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2010.05.02 14:17:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.08.31 15:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2011.12.27 12:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender [2008.01.18 11:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay [2008.05.17 13:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2008.12.25 13:25:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008.04.17 22:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2008.04.17 22:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2008.05.17 13:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2007.09.12 18:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.12.27 12:25:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2007.03.16 12:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WholeSecurity [2008.07.16 19:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2008.11.24 15:05:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wmp [2011.12.27 12:25:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.06.29 17:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.03.07 12:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Auslogics [2012.05.16 15:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Buhl Data Service [2008.01.18 11:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\eBay [2009.06.19 16:14:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\FILEminimizer [2008.05.17 14:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Haufe [2008.12.25 13:25:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\ICQ [2011.06.06 15:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Laconic Software [2009.04.13 11:25:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Lexware [2007.09.12 18:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Participatory Culture Foundation [2007.09.12 18:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\PCF-VLC [2011.12.27 12:27:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\TuneUp Software [2007.09.06 18:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\WholeSecurity [2008.05.21 15:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IVES\Anwendungsdaten\eBay [2008.12.27 18:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IVES\Anwendungsdaten\ICQ [2009.04.28 18:21:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IVES\Anwendungsdaten\Lexware [2007.09.18 10:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\IVES\Anwendungsdaten\WholeSecurity [2012.01.04 15:48:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software [2008.01.20 13:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\STEVE\Anwendungsdaten\eBay [2009.07.30 20:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\STEVE\Anwendungsdaten\ICQ [2009.04.14 16:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\STEVE\Anwendungsdaten\Lexware [2012.09.12 16:34:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{19843669-D59F-4391-9B90-D328EFFA1DE2}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2005.02.12 00:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Adobe [2005.05.02 13:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\AdobeUM [2007.09.07 20:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Apple Computer [2011.03.07 12:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Auslogics [2011.10.14 14:22:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Avira [2012.05.16 15:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Buhl Data Service [2009.12.25 18:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\dvdcss [2008.01.18 11:31:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\eBay [2009.06.19 16:14:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\FILEminimizer [2006.10.21 15:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Google [2008.05.17 14:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Haufe [2005.02.11 17:38:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Help [2008.12.25 13:25:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\ICQ [2005.02.11 17:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Identities [2011.02.07 11:35:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\InstallShield [2011.06.06 15:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Laconic Software [2009.04.13 11:25:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Lexware [2005.06.21 12:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Macromedia [2012.09.01 11:15:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Malwarebytes [2005.02.11 14:02:22 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Microsoft [2005.02.12 00:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Microsoft Web Folders [2007.09.12 18:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Mozilla [2007.09.12 18:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Participatory Culture Foundation [2007.09.12 18:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\PCF-VLC [2007.05.28 11:57:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Sun [2011.12.27 12:27:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\TuneUp Software [2010.02.08 11:08:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\TVU Networks [2010.10.02 18:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\vlc [2007.09.06 18:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\WholeSecurity [2006.12.20 13:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2007.02.21 21:32:58 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2008.05.15 14:26:42 | 022,319,360 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe [2009.04.13 11:22:08 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe [2010.02.08 11:08:26 | 005,562,672 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\TVU Networks\AutoUpgrade\TVUPlayer2.4.9.1.exe [2010.08.31 18:14:42 | 005,642,000 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\INES\Anwendungsdaten\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.08.07 14:01:30 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys [2004.08.04 12:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.02.04 16:45:20 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.02.04 16:45:20 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2008.08.07 14:01:30 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys [2004.08.04 12:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.02.04 16:45:20 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.02.04 16:45:20 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 12:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 12:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VIASRAID.SYS > [2003.10.31 04:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys < MD5 for: WINLOGON.EXE > [2004.08.04 12:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.02.11 13:57:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005.02.11 13:57:30 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005.02.11 13:57:30 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > |
|
12.09.2012, 19:08
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Keine Öffnung von Links im Outlook möglich Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
SRV - File not found [Disabled | Stopped] -- C:\Programme\a-squared Free\a2service.exe -- (a2free)
IE - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-1592454029-725345543-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1592454029-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Suche - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.11 14:18:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
MsConfig - Services: "a2free"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - - File not found
MsConfig - StartUpReg: kgawm - hkey= - key= - File not found
MsConfig - StartUpReg: lycosInside - hkey= - key= - File not found
MsConfig - StartUpReg: Miro - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - File not found
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
C:\WINDOWS\System32\ANIWZCSUSERNAM*
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\kgaw*
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\yyquu*
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\wgiaw*
C:\Programme\2006climbing1024x768.exe
C:\Programme\GlobFXSpaceTravel.exe
C:\Programme\Jonny.exe
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\tuoqei*
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\torbkzvn*
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\ctuwtxcwr*
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\lfcmdxkmq*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
C:\Programme\Yontoo
E:\Programme\PDFCreator\Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
14.09.2012, 02:06
| #33 |
| | Keine Öffnung von Links im Outlook möglich Folgendes Problem. Habe OTL FIX gestartet. Es kam auch die Einblendung. Killing processes, DO NOT INTERRUPT...
__________________Nach ca. 40 Minuten verschwand der OTL sowie alle Verknüpfungssymbole auf dem Deskop. Nur das Deskophintergrundbild war noch zu sehen und der Cursor konnte bewegt werden, hatte aber keine Funktion. Nachdem sich über 4 Stunden nichts geändert hatte, habe ich den Computer per Ein/Ausschaltknopf heruntergefahren und ohne Probleme neu gestartet. Habe den OTL FIX nochmals durchgeführt, mit dem gleichen Ergebnis. Habe den Computer wieder mit Hand ausgeschaltet und ohne Probleme neu gestartrt. Code:
ATTFilter #
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x7c929af2, pid=3952, tid=3576
#
# JRE version: 6.0_26-b03
# Java VM: Java HotSpot(TM) Client VM (20.1-b02 mixed mode, sharing windows-x86 )
# Problematic frame:
# C [ntdll.dll+0x19af2]
#
# If you would like to submit a bug report, please visit:
# hxxp://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x0310e800): JavaThread "AWT-Windows" daemon [_thread_in_native, id=3576, stack(0x03410000,0x03460000)]
siginfo: ExceptionCode=0xc0000005, writing address 0x00000010
Registers:
EAX=0x00000000, EBX=0x00000000, ECX=0x00000bbc, EDX=0x03154ed8
ESP=0x0345f78c, EBP=0x0345f800, ESI=0x03154ec8, EDI=0x00000000
EIP=0x7c929af2, EFLAGS=0x00010246
Top of Stack: (sp=0x0345f78c)
0x0345f78c: 03154ec8 03154d98 00000001 002e002c
0x0345f79c: 6d0c76b4 00060250 0000982c 0345f798
0x0345f7ac: 00000000 0000c04b 0345f784 00000000
0x0345f7bc: 0345f83c 7c839ad8 7c830c98 ffffffff
0x0345f7cc: 7c830c90 7c834ed8 6d062a1c 6d062aa8
0x0345f7dc: 6d101d8c 6d101d6c 6d101d70 6d06422c
0x0345f7ec: 7e37d312 03154d98 7e368b8c 00000000
0x0345f7fc: 00000bbc 0345f848 7c911046 00154ec8
Instructions: (pc=0x7c929af2)
0x7c929ad2: 98 7c f6 d8 57 1b c0 f7 d0 25 e0 e1 98 7c 8b f8
0x7c929ae2: 8b 46 10 3b c3 89 45 fc 0f 84 9e 00 00 00 8b 06
0x7c929af2: ff 40 10 8b 45 fc 83 e0 01 89 45 e8 8b 06 ff 40
0x7c929b02: 14 f6 05 f0 02 fe 7f 01 0f 85 16 9d 02 00 39 5d
Register to memory mapping:
EAX=0x00000000 is an unknown value
EBX=0x00000000 is an unknown value
ECX=0x00000bbc is an unknown value
EDX=0x03154ed8 is an unknown value
ESP=0x0345f78c is pointing into the stack for thread: 0x0310e800
EBP=0x0345f800 is pointing into the stack for thread: 0x0310e800
ESI=0x03154ec8 is an unknown value
EDI=0x00000000 is an unknown value
Stack: [0x03410000,0x03460000], sp=0x0345f78c, free space=317k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [ntdll.dll+0x19af2] RtlpWaitForCriticalSection+0x5b
C [ntdll.dll+0x1046] RtlEnterCriticalSection+0x46
C [USER32.dll+0x8734] GetDC+0x6d
C [USER32.dll+0x8816] GetDC+0x14f
C [USER32.dll+0x89cd] GetWindowLongW+0x127
C [USER32.dll+0x8a10] DispatchMessageW+0xf
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.awt.windows.WToolkit.eventLoop()V+0
j sun.awt.windows.WToolkit.run()V+52
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x031db400 JavaThread "Thread-3" daemon [_thread_in_native, id=2512, stack(0x0e380000,0x0e3d0000)]
0x02b7c400 JavaThread "Thread-12" [_thread_blocked, id=1196, stack(0x03f90000,0x03fe0000)]
0x03127c00 JavaThread "Timer-2" [_thread_blocked, id=2344, stack(0x0e320000,0x0e370000)]
0x03185800 JavaThread "Thread-10" [_thread_blocked, id=3948, stack(0x0e2d0000,0x0e320000)]
0x03159c00 JavaThread "thread applet-RotatingPicture.class-1" [_thread_in_native, id=992, stack(0x0e210000,0x0e260000)]
0x0314f000 JavaThread "AWT-EventQueue-2" [_thread_in_native, id=3712, stack(0x034c0000,0x03510000)]
0x0314c400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=3688, stack(0x035b0000,0x03600000)]
0x0313c000 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=3672, stack(0x03650000,0x036a0000)]
0x0313a000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=120, stack(0x03600000,0x03650000)]
0x02bb2000 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=164, stack(0x030b0000,0x03100000)]
0x03114400 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=1796, stack(0x03560000,0x035b0000)]
0x03111400 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=3568, stack(0x03510000,0x03560000)]
=>0x0310e800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=3576, stack(0x03410000,0x03460000)]
0x0310d000 JavaThread "AWT-Shutdown" [_thread_blocked, id=2568, stack(0x033b0000,0x03400000)]
0x02bbcc00 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3560, stack(0x03360000,0x033b0000)]
0x02bb1000 JavaThread "Timer-0" [_thread_blocked, id=3484, stack(0x03060000,0x030b0000)]
0x02bb2800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3420, stack(0x03010000,0x03060000)]
0x02b71800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3360, stack(0x02de0000,0x02e30000)]
0x02b62c00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=1216, stack(0x02d90000,0x02de0000)]
0x02b61400 JavaThread "Attach Listener" daemon [_thread_blocked, id=3336, stack(0x02d40000,0x02d90000)]
0x02b5fc00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3328, stack(0x02cf0000,0x02d40000)]
0x02b5c800 JavaThread "Finalizer" daemon [_thread_blocked, id=3340, stack(0x02ca0000,0x02cf0000)]
0x02b57c00 JavaThread "Reference Handler" daemon [_thread_blocked, id=3356, stack(0x02c50000,0x02ca0000)]
0x00887c00 JavaThread "main" [_thread_blocked, id=3308, stack(0x00910000,0x00960000)]
Other Threads:
0x02b1b800 VMThread [stack: 0x02c00000,0x02c50000] [id=2688]
0x02b85400 WatcherThread [stack: 0x02e30000,0x02e80000] [id=3164]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 2432K, used 153K [0x22990000, 0x22c30000, 0x25430000)
eden space 2176K, 2% used [0x22990000, 0x2299bd68, 0x22bb0000)
from space 256K, 41% used [0x22bf0000, 0x22c0aa28, 0x22c30000)
to space 256K, 0% used [0x22bb0000, 0x22bb0000, 0x22bf0000)
tenured generation total 5504K, used 736K [0x25430000, 0x25990000, 0x2a990000)
the space 5504K, 13% used [0x25430000, 0x254e8318, 0x254e8400, 0x25990000)
compacting perm gen total 12288K, used 2890K [0x2a990000, 0x2b590000, 0x2e990000)
the space 12288K, 23% used [0x2a990000, 0x2ac629b8, 0x2ac62a00, 0x2b590000)
ro space 10240K, 51% used [0x2e990000, 0x2eebdff8, 0x2eebe000, 0x2f390000)
rw space 12288K, 55% used [0x2f390000, 0x2fa2c208, 0x2fa2c400, 0x2ff90000)
Code Cache [0x00990000, 0x00a88000, 0x02990000)
total_blobs=464 nmethods=252 adapters=148 free_code_cache=32553984 largest_free_block=64
Dynamic libraries:
0x00400000 - 0x00424000 C:\Programme\Java\jre6\bin\java.exe
0x7c910000 - 0x7c9c9000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c908000 C:\WINDOWS\system32\kernel32.dll
0x77da0000 - 0x77e4a000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 - 0x77ee3000 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 - 0x77fd1000 C:\WINDOWS\system32\Secur32.dll
0x5cf00000 - 0x5cf26000 C:\WINDOWS\system32\ShimEng.dll
0x715e0000 - 0x71659000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e360000 - 0x7e3f1000 C:\WINDOWS\system32\USER32.dll
0x77ef0000 - 0x77f39000 C:\WINDOWS\system32\GDI32.dll
0x7e670000 - 0x7ee91000 C:\WINDOWS\system32\SHELL32.dll
0x77be0000 - 0x77c38000 C:\WINDOWS\system32\msvcrt.dll
0x77f40000 - 0x77fb6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774b0000 - 0x775ee000 C:\WINDOWS\system32\ole32.dll
0x76620000 - 0x766d6000 C:\WINDOWS\system32\USERENV.dll
0x72f70000 - 0x72f96000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76330000 - 0x7634d000 C:\WINDOWS\system32\IMM32.DLL
0x773a0000 - 0x774a3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x7c340000 - 0x7c396000 C:\Programme\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000 C:\Programme\Java\jre6\bin\client\jvm.dll
0x76af0000 - 0x76b1e000 C:\WINDOWS\system32\WINMM.dll
0x5d100000 - 0x5d107000 C:\WINDOWS\system32\serwvdrv.dll
0x5b420000 - 0x5b427000 C:\WINDOWS\system32\umdmxfrm.dll
0x6bd00000 - 0x6bd0d000 C:\WINDOWS\system32\SYNCOR11.DLL
0x6d7a0000 - 0x6d7ac000 C:\Programme\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Programme\Java\jre6\bin\java.dll
0x76bb0000 - 0x76bbb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d7e0000 - 0x6d7ef000 C:\Programme\Java\jre6\bin\zip.dll
0x6d420000 - 0x6d426000 C:\Programme\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Programme\Java\jre6\bin\deploy.dll
0x77a50000 - 0x77ae6000 C:\WINDOWS\system32\CRYPT32.dll
0x77af0000 - 0x77b02000 C:\WINDOWS\system32\MSASN1.dll
0x770f0000 - 0x7717b000 C:\WINDOWS\system32\OLEAUT32.dll
0x408b0000 - 0x40996000 C:\WINDOWS\system32\WININET.dll
0x02e80000 - 0x02e89000 C:\WINDOWS\system32\Normaliz.dll
0x452e0000 - 0x45413000 C:\WINDOWS\system32\urlmon.dll
0x40f50000 - 0x4113b000 C:\WINDOWS\system32\iertutil.dll
0x6d6a0000 - 0x6d6e6000 C:\Programme\Java\jre6\bin\regutils.dll
0x77bd0000 - 0x77bd8000 C:\WINDOWS\system32\VERSION.dll
0x6d600000 - 0x6d613000 C:\Programme\Java\jre6\bin\net.dll
0x71a10000 - 0x71a27000 C:\WINDOWS\system32\WS2_32.dll
0x71a00000 - 0x71a08000 C:\WINDOWS\system32\WS2HELP.dll
0x6d620000 - 0x6d629000 C:\Programme\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d14b000 C:\Programme\Java\jre6\bin\awt.dll
0x5d450000 - 0x5d4ea000 C:\WINDOWS\system32\comctl32.dll
0x746a0000 - 0x746ec000 C:\WINDOWS\system32\MSCTF.dll
0x77b10000 - 0x77b32000 C:\WINDOWS\system32\apphelp.dll
0x75250000 - 0x7527e000 C:\WINDOWS\system32\msctfime.ime
0x6d230000 - 0x6d27f000 C:\Programme\Java\jre6\bin\fontmanager.dll
0x719b0000 - 0x719f0000 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 - 0x76f07000 C:\WINDOWS\system32\DNSAPI.dll
0x76d20000 - 0x76d39000 C:\WINDOWS\system32\iphlpapi.dll
0x76f70000 - 0x76f78000 C:\WINDOWS\System32\winrnr.dll
0x76f20000 - 0x76f4d000 C:\WINDOWS\system32\WLDAP32.dll
0x76f80000 - 0x76f86000 C:\WINDOWS\system32\rasadhlp.dll
0x6d1a0000 - 0x6d1c3000 C:\Programme\Java\jre6\bin\dcpr.dll
0x66710000 - 0x66769000 C:\WINDOWS\system32\hnetcfg.dll
0x719f0000 - 0x719f8000 C:\WINDOWS\System32\wshtcpip.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x597d0000 - 0x59825000 C:\WINDOWS\system32\netapi32.dll
VM Arguments:
jvm_args: -D__jvm_launched=1138341977 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Dsun.awt.warmup=true
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid3516_pipe3,read_pipe_name=jpi2_pid3516_pipe2
Launcher Type: SUN_STANDARD
Environment Variables:
PATH=C:\Programme\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\ATI Technologies\ATI Control Panel
USERNAME=INES
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
--------------- S Y S T E M ---------------
OS: Windows XP Build 2600 Service Pack 3
CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 10 stepping 0, cmov, cx8, fxsr, mmx, sse, mmxext, 3dnow, 3dnowext
Memory: 4k page, physical 523056k(66532k free), swap 1017340k(425560k free)
vm_info: Java HotSpot(TM) Client VM (20.1-b02) for windows-x86 JRE (1.6.0_26-b03), built on May 4 2011 00:50:59 by "java_re" with MS VC++ 7.1 (VS2003)
time: Fri Sep 14 03:10:54 2012
elapsed time: 21 seconds
|
|
14.09.2012, 14:47
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Öffnung von Links im Outlook möglich Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.09.2012, 18:42
| #35 |
| | Keine Öffnung von Links im Outlook möglichCode:
ATTFilter All processes killed
========== OTL ==========
Service a2free stopped successfully!
Service a2free deleted successfully!
File C:\Programme\a-squared Free\a2service.exe not found.
Registry key HKEY_USERS\S-1-5-21-583907252-1592454029-725345543-1006\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92085AD4-F48A-450D-BD93-B28CC7DF67CE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-583907252-1592454029-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1592454029-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Suche\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\a2free deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\kgawm\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\lycosInside\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Miro\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\updateMgr\ deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} folder moved successfully.
C:\WINDOWS\System32\ANIWZCSUSERNAME moved successfully.
C:\WINDOWS\System32\ANIWZCSUSERNAME{E18EC742-44D5-440A-A96A-0DE7C181E460} moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\kgawm.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\kgawm_nav.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\kgawm_navps.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\yyquu.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\yyquu_nav.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\yyquu_navps.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\wgiaw.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\wgiaw_nav.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\wgiaw_navps.dat moved successfully.
C:\Programme\2006climbing1024x768.exe moved successfully.
C:\Programme\GlobFXSpaceTravel.exe moved successfully.
C:\Programme\Jonny.exe moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\tuoqeir.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\tuoqeir_nav.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\tuoqeir_navps.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\torbkzvns.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\torbkzvns_nav.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\torbkzvns_navps.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\ctuwtxcwrl.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\ctuwtxcwrl_nav.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\ctuwtxcwrl_navps.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\lfcmdxkmq.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\lfcmdxkmq_nav.dat moved successfully.
C:\Dokumente und Einstellungen\INES\Lokale Einstellungen\Anwendungsdaten\lfcmdxkmq_navps.dat moved successfully.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer not found.
File\Folder C:\Programme\Yontoo not found.
File\Folder E:\Programme\PDFCreator\Toolbar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.
Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.
Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.
C:\Dokumente und Einstellungen\INES\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\INES\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 83 bytes
User: INES
->Temp folder emptied: 8350 bytes
->Java cache emptied: 30693932 bytes
->Google Chrome cache emptied: 15463617 bytes
->Flash cache emptied: 25038 bytes
User: IVES
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1173 bytes
User: LocalService
->Temp folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
User: STEVE
->Temp folder emptied: 0 bytes
->Java cache emptied: 498061 bytes
->Flash cache emptied: 348 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Flash cache emptied: 16384 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 203034090 bytes
Session Manager Tmp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 240,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.3 log created on 09142012_185935
|
|
14.09.2012, 22:59
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Öffnung von Links im Outlook möglich Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Keine Öffnung von Links im Outlook möglich |
|
15.09.2012, 12:47
| #37 |
| | Keine Öffnung von Links im Outlook möglichCode:
ATTFilter 13:33:05.0906 2952 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:33:06.0031 2952 ============================================================
13:33:06.0031 2952 Current date / time: 2012/09/15 13:33:06.0031
13:33:06.0031 2952 SystemInfo:
13:33:06.0031 2952
13:33:06.0031 2952 OS Version: 5.1.2600 ServicePack: 3.0
13:33:06.0031 2952 Product type: Workstation
13:33:06.0031 2952 ComputerName: INES-COMPI
13:33:06.0031 2952 UserName: INES
13:33:06.0031 2952 Windows directory: C:\WINDOWS
13:33:06.0031 2952 System windows directory: C:\WINDOWS
13:33:06.0031 2952 Processor architecture: Intel x86
13:33:06.0031 2952 Number of processors: 1
13:33:06.0031 2952 Page size: 0x1000
13:33:06.0031 2952 Boot type: Normal boot
13:33:06.0031 2952 ============================================================
13:33:07.0593 2952 Drive \Device\Harddisk0\DR0 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:33:07.0687 2952 ============================================================
13:33:07.0687 2952 \Device\Harddisk0\DR0:
13:33:07.0718 2952 MBR partitions:
13:33:07.0718 2952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
13:33:07.0750 2952 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x30D7B35
13:33:07.0750 2952 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x57E9229, BlocksNum 0x3A9A172
13:33:07.0765 2952 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x92833DA, BlocksNum 0x2711637
13:33:07.0781 2952 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0xB994A50, BlocksNum 0x260A9B4
13:33:07.0781 2952 ============================================================
13:33:07.0812 2952 C: <-> \Device\Harddisk0\DR0\Partition1
13:33:07.0843 2952 D: <-> \Device\Harddisk0\DR0\Partition2
13:33:07.0875 2952 E: <-> \Device\Harddisk0\DR0\Partition3
13:33:07.0906 2952 F: <-> \Device\Harddisk0\DR0\Partition4
13:33:07.0937 2952 G: <-> \Device\Harddisk0\DR0\Partition5
13:33:07.0937 2952 ============================================================
13:33:07.0937 2952 Initialize success
13:33:07.0937 2952 ============================================================
13:33:41.0968 1900 ============================================================
13:33:41.0968 1900 Scan started
13:33:41.0968 1900 Mode: Manual; SigCheck; TDLFS;
13:33:41.0968 1900 ============================================================
13:33:42.0875 1900 ================ Scan system memory ========================
13:33:45.0953 1900 System memory - ok
13:33:45.0953 1900 ================ Scan services =============================
13:33:46.0046 1900 a2free - ok
13:33:46.0140 1900 Abiosdsk - ok
13:33:46.0171 1900 abp480n5 - ok
13:33:46.0218 1900 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:33:48.0484 1900 ACPI - ok
13:33:48.0546 1900 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:33:48.0906 1900 ACPIEC - ok
13:33:48.0921 1900 ADILOADER - ok
13:33:48.0953 1900 adiusbae - ok
13:33:49.0000 1900 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
13:33:49.0015 1900 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:33:49.0031 1900 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:33:49.0078 1900 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:33:49.0140 1900 AdobeFlashPlayerUpdateSvc - ok
13:33:49.0156 1900 adpu160m - ok
13:33:49.0203 1900 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
13:33:49.0250 1900 aeaudio - ok
13:33:49.0296 1900 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:33:49.0625 1900 aec - ok
13:33:49.0671 1900 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:33:49.0750 1900 AFD - ok
13:33:49.0765 1900 Aha154x - ok
13:33:49.0796 1900 aic78u2 - ok
13:33:49.0812 1900 aic78xx - ok
13:33:49.0859 1900 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:33:50.0156 1900 Alerter - ok
13:33:50.0203 1900 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
13:33:50.0359 1900 ALG - ok
13:33:50.0390 1900 AliIde - ok
13:33:50.0437 1900 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:33:50.0734 1900 AmdK7 - ok
13:33:50.0765 1900 amsint - ok
13:33:50.0812 1900 [ 920298C7AEF97D8168D219D35975D295 ] ANIO C:\WINDOWS\system32\ANIO.SYS
13:33:50.0828 1900 ANIO ( UnsignedFile.Multi.Generic ) - warning
13:33:50.0828 1900 ANIO - detected UnsignedFile.Multi.Generic (1)
13:33:50.0875 1900 [ AA3D68F26B2A27F660AFC46039B061A4 ] ANIWZCSdService C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
13:33:50.0890 1900 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - warning
13:33:50.0890 1900 ANIWZCSdService - detected UnsignedFile.Multi.Generic (1)
13:33:50.0968 1900 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
13:33:50.0984 1900 AntiVirSchedulerService - ok
13:33:51.0031 1900 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:33:51.0062 1900 AntiVirService - ok
13:33:51.0078 1900 AppMgmt - ok
13:33:51.0109 1900 asc - ok
13:33:51.0125 1900 asc3350p - ok
13:33:51.0156 1900 asc3550 - ok
13:33:51.0203 1900 [ 71356A1370739E25375A1D17B6AE318F ] aslm75 C:\WINDOWS\system32\drivers\aslm75.sys
13:33:51.0234 1900 aslm75 ( UnsignedFile.Multi.Generic ) - warning
13:33:51.0234 1900 aslm75 - detected UnsignedFile.Multi.Generic (1)
13:33:51.0312 1900 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:33:51.0343 1900 aspnet_state - ok
13:33:51.0390 1900 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:33:51.0718 1900 AsyncMac - ok
13:33:51.0765 1900 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:33:52.0140 1900 atapi - ok
13:33:52.0171 1900 Atdisk - ok
13:33:52.0218 1900 [ 8911ECC589539B2A71B09B65BC67B3B6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:33:52.0296 1900 Ati HotKey Poller - ok
13:33:52.0343 1900 [ 3193D76CBEECD6E523227BD9DB08B728 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
13:33:52.0421 1900 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
13:33:52.0421 1900 ATI Smart - detected UnsignedFile.Multi.Generic (1)
13:33:52.0515 1900 [ 1A12941C75BE2003286C7787F21A7F81 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:33:52.0625 1900 ati2mtag - ok
13:33:52.0687 1900 [ 3A1E812F42E1729CA85ABF2D756837D3 ] atinevxx C:\WINDOWS\system32\DRIVERS\atinevxx.sys
13:33:52.0781 1900 atinevxx - ok
13:33:52.0812 1900 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:33:53.0109 1900 Atmarpc - ok
13:33:53.0156 1900 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:33:53.0468 1900 AudioSrv - ok
13:33:53.0515 1900 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:33:53.0828 1900 audstub - ok
13:33:53.0859 1900 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:33:53.0937 1900 avgntflt - ok
13:33:53.0968 1900 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:33:54.0000 1900 avipbb - ok
13:33:54.0031 1900 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:33:54.0062 1900 avkmgr - ok
13:33:54.0093 1900 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:33:54.0375 1900 Beep - ok
13:33:54.0421 1900 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
13:33:54.0843 1900 BITS - ok
13:33:54.0890 1900 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
13:33:54.0968 1900 Browser - ok
13:33:55.0000 1900 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:33:55.0406 1900 cbidf2k - ok
13:33:55.0453 1900 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:33:55.0781 1900 CCDECODE - ok
13:33:55.0796 1900 cd20xrnt - ok
13:33:55.0828 1900 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:33:56.0140 1900 Cdaudio - ok
13:33:56.0171 1900 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:33:56.0484 1900 Cdfs - ok
13:33:56.0515 1900 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:33:56.0828 1900 Cdrom - ok
13:33:56.0859 1900 Changer - ok
13:33:56.0890 1900 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:33:57.0203 1900 CiSvc - ok
13:33:57.0234 1900 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:33:57.0546 1900 ClipSrv - ok
13:33:57.0562 1900 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:57.0609 1900 clr_optimization_v2.0.50727_32 - ok
13:33:57.0640 1900 CmdIde - ok
13:33:57.0671 1900 COMSysApp - ok
13:33:57.0718 1900 Cpqarray - ok
13:33:57.0750 1900 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:33:58.0109 1900 CryptSvc - ok
13:33:58.0125 1900 dac2w2k - ok
13:33:58.0140 1900 dac960nt - ok
13:33:58.0203 1900 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:33:58.0281 1900 DcomLaunch - ok
13:33:58.0328 1900 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:33:58.0640 1900 Dhcp - ok
13:33:58.0687 1900 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:33:59.0015 1900 Disk - ok
13:33:59.0031 1900 dmadmin - ok
13:33:59.0109 1900 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:33:59.0453 1900 dmboot - ok
13:33:59.0484 1900 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:33:59.0796 1900 dmio - ok
13:33:59.0843 1900 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:34:00.0109 1900 dmload - ok
13:34:00.0156 1900 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:34:00.0437 1900 dmserver - ok
13:34:00.0468 1900 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:34:00.0812 1900 DMusic - ok
13:34:00.0859 1900 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:34:00.0921 1900 Dnscache - ok
13:34:00.0968 1900 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:34:01.0281 1900 Dot3svc - ok
13:34:01.0296 1900 dpti2o - ok
13:34:01.0343 1900 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:34:01.0593 1900 drmkaud - ok
13:34:01.0640 1900 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:34:01.0921 1900 EapHost - ok
13:34:01.0984 1900 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:34:02.0265 1900 ERSvc - ok
13:34:02.0296 1900 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
13:34:02.0343 1900 Eventlog - ok
13:34:02.0421 1900 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
13:34:02.0531 1900 EventSystem - ok
13:34:02.0578 1900 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:34:02.0875 1900 Fastfat - ok
13:34:02.0921 1900 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:34:03.0015 1900 FastUserSwitchingCompatibility - ok
13:34:03.0062 1900 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:34:03.0328 1900 Fdc - ok
13:34:03.0375 1900 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:34:03.0734 1900 Fips - ok
13:34:03.0781 1900 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:34:04.0031 1900 Flpydisk - ok
13:34:04.0078 1900 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:34:04.0359 1900 FltMgr - ok
13:34:04.0406 1900 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:34:04.0437 1900 FontCache3.0.0.0 - ok
13:34:04.0468 1900 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:34:04.0765 1900 Fs_Rec - ok
13:34:04.0796 1900 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:34:05.0109 1900 Ftdisk - ok
13:34:05.0156 1900 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:34:05.0531 1900 Gpc - ok
13:34:05.0578 1900 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
13:34:05.0609 1900 gupdate - ok
13:34:05.0609 1900 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
13:34:05.0656 1900 gupdatem - ok
13:34:05.0687 1900 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:34:06.0000 1900 helpsvc - ok
13:34:06.0046 1900 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
13:34:06.0312 1900 HidServ - ok
13:34:06.0343 1900 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:34:06.0640 1900 HidUsb - ok
13:34:06.0687 1900 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:34:06.0953 1900 hkmsvc - ok
13:34:06.0968 1900 hpn - ok
13:34:07.0062 1900 [ F9A4BED3B4117752E0A7EEF69977FE1E ] HRService C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe
13:34:07.0078 1900 HRService - ok
13:34:07.0125 1900 [ E53970B0D5614F0B1220E35052828CC3 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:34:07.0187 1900 HSFHWBS2 - ok
13:34:07.0265 1900 [ 7129D0662665B2442898A0EF8FC85BB5 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:34:07.0421 1900 HSF_DP - ok
13:34:07.0468 1900 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:34:07.0546 1900 HTTP - ok
13:34:07.0578 1900 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:34:07.0906 1900 HTTPFilter - ok
13:34:07.0921 1900 i2omgmt - ok
13:34:07.0937 1900 i2omp - ok
13:34:07.0984 1900 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:34:08.0265 1900 i8042prt - ok
13:34:08.0343 1900 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:34:08.0359 1900 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:34:08.0359 1900 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:34:08.0437 1900 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:34:08.0546 1900 idsvc - ok
13:34:08.0609 1900 [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
13:34:08.0671 1900 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
13:34:08.0671 1900 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
13:34:08.0703 1900 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:34:08.0984 1900 Imapi - ok
13:34:09.0015 1900 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
13:34:09.0328 1900 ImapiService - ok
13:34:09.0343 1900 ini910u - ok
13:34:09.0390 1900 IntelIde - ok
13:34:09.0421 1900 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:34:09.0750 1900 Ip6Fw - ok
13:34:09.0796 1900 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:34:10.0062 1900 IpFilterDriver - ok
13:34:10.0109 1900 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:34:10.0406 1900 IpInIp - ok
13:34:10.0453 1900 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:34:10.0765 1900 IpNat - ok
13:34:10.0812 1900 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:34:11.0093 1900 IPSec - ok
13:34:11.0109 1900 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:34:11.0250 1900 IRENUM - ok
13:34:11.0296 1900 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:34:11.0625 1900 isapnp - ok
13:34:11.0734 1900 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
13:34:11.0765 1900 JavaQuickStarterService - ok
13:34:11.0781 1900 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:34:12.0093 1900 Kbdclass - ok
13:34:12.0140 1900 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:34:12.0406 1900 kmixer - ok
13:34:12.0437 1900 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:34:12.0546 1900 KSecDD - ok
13:34:12.0593 1900 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:34:12.0687 1900 lanmanserver - ok
13:34:12.0734 1900 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:34:12.0828 1900 lanmanworkstation - ok
13:34:12.0859 1900 lbrtfdc - ok
13:34:12.0921 1900 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:34:13.0171 1900 LmHosts - ok
13:34:13.0203 1900 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:34:13.0250 1900 MBAMProtector - ok
13:34:13.0312 1900 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:34:13.0390 1900 MBAMScheduler - ok
13:34:13.0437 1900 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
13:34:13.0515 1900 MBAMService - ok
13:34:13.0562 1900 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:34:13.0593 1900 mdmxsdk - ok
13:34:13.0625 1900 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:34:13.0921 1900 Messenger - ok
13:34:13.0953 1900 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:34:14.0265 1900 mnmdd - ok
13:34:14.0312 1900 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:34:14.0562 1900 mnmsrvc - ok
13:34:14.0593 1900 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:34:14.0890 1900 Modem - ok
13:34:14.0921 1900 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:34:15.0218 1900 MODEMCSA - ok
13:34:15.0250 1900 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:34:15.0515 1900 Mouclass - ok
13:34:15.0546 1900 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:34:15.0828 1900 mouhid - ok
13:34:15.0859 1900 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:34:16.0093 1900 MountMgr - ok
13:34:16.0109 1900 mraid35x - ok
13:34:16.0187 1900 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:34:16.0453 1900 MRxDAV - ok
13:34:16.0546 1900 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:34:16.0812 1900 MRxSmb - ok
13:34:16.0875 1900 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:34:17.0218 1900 MSDTC - ok
13:34:17.0265 1900 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:34:17.0531 1900 Msfs - ok
13:34:17.0546 1900 MSIServer - ok
13:34:17.0578 1900 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:34:17.0859 1900 MSKSSRV - ok
13:34:17.0890 1900 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:34:18.0187 1900 MSPCLOCK - ok
13:34:18.0218 1900 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:34:18.0468 1900 MSPQM - ok
13:34:18.0500 1900 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:34:18.0796 1900 mssmbios - ok
13:34:18.0828 1900 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:34:19.0140 1900 MSTEE - ok
13:34:19.0171 1900 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:34:19.0234 1900 Mup - ok
13:34:19.0265 1900 [ 266DDA3309E41B2E28F718E050A7F558 ] MVDCODEC C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
13:34:19.0328 1900 MVDCODEC - ok
13:34:19.0375 1900 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:34:19.0703 1900 NABTSFEC - ok
13:34:19.0843 1900 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
13:34:20.0203 1900 napagent - ok
13:34:20.0265 1900 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:34:20.0562 1900 NDIS - ok
13:34:20.0593 1900 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:34:20.0937 1900 NdisIP - ok
13:34:20.0968 1900 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:34:21.0062 1900 NdisTapi - ok
13:34:21.0093 1900 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:34:21.0406 1900 Ndisuio - ok
13:34:21.0437 1900 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:34:21.0703 1900 NdisWan - ok
13:34:21.0750 1900 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:34:21.0890 1900 NDProxy - ok
13:34:21.0953 1900 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:34:22.0250 1900 NetBIOS - ok
13:34:22.0312 1900 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:34:22.0609 1900 NetBT - ok
13:34:22.0640 1900 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
13:34:22.0921 1900 NetDDE - ok
13:34:22.0937 1900 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:34:23.0203 1900 NetDDEdsdm - ok
13:34:23.0234 1900 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:34:23.0500 1900 Netlogon - ok
13:34:23.0546 1900 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
13:34:23.0843 1900 Netman - ok
13:34:23.0859 1900 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:34:23.0906 1900 NetTcpPortSharing - ok
13:34:23.0953 1900 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:34:24.0031 1900 Nla - ok
13:34:24.0062 1900 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:34:24.0328 1900 Npfs - ok
13:34:24.0390 1900 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:34:24.0703 1900 Ntfs - ok
13:34:24.0718 1900 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:34:24.0968 1900 NtLmSsp - ok
13:34:25.0015 1900 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:34:25.0375 1900 NtmsSvc - ok
13:34:25.0390 1900 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:34:25.0625 1900 Null - ok
13:34:25.0656 1900 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:34:25.0921 1900 NwlnkFlt - ok
13:34:25.0937 1900 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:34:26.0187 1900 NwlnkFwd - ok
13:34:26.0218 1900 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:34:26.0515 1900 Parport - ok
13:34:26.0562 1900 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:34:26.0812 1900 PartMgr - ok
13:34:26.0843 1900 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:34:27.0125 1900 ParVdm - ok
13:34:27.0156 1900 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:34:27.0453 1900 PCI - ok
13:34:27.0468 1900 PCIDump - ok
13:34:27.0500 1900 PCIIde - ok
13:34:27.0546 1900 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:34:27.0828 1900 Pcmcia - ok
13:34:27.0859 1900 PDCOMP - ok
13:34:27.0890 1900 PDFRAME - ok
13:34:27.0906 1900 PDRELI - ok
13:34:27.0937 1900 PDRFRAME - ok
13:34:27.0968 1900 perc2 - ok
13:34:27.0984 1900 perc2hib - ok
13:34:28.0062 1900 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
13:34:28.0109 1900 PlugPlay - ok
13:34:28.0125 1900 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:34:28.0406 1900 PolicyAgent - ok
13:34:28.0437 1900 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:34:28.0687 1900 PptpMiniport - ok
13:34:28.0703 1900 [ 681F46AF2812C615E23B8DF63F499A9E ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys
13:34:28.0750 1900 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
13:34:28.0750 1900 PQNTDrv - detected UnsignedFile.Multi.Generic (1)
13:34:28.0796 1900 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:34:29.0031 1900 ProtectedStorage - ok
13:34:29.0062 1900 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:34:29.0343 1900 PSched - ok
13:34:29.0375 1900 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:34:29.0656 1900 Ptilink - ok
13:34:29.0671 1900 ql1080 - ok
13:34:29.0703 1900 Ql10wnt - ok
13:34:29.0718 1900 ql12160 - ok
13:34:29.0750 1900 ql1240 - ok
13:34:29.0781 1900 ql1280 - ok
13:34:29.0812 1900 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:34:30.0062 1900 RasAcd - ok
13:34:30.0093 1900 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:34:30.0375 1900 RasAuto - ok
13:34:30.0406 1900 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:34:30.0687 1900 Rasl2tp - ok
13:34:30.0750 1900 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:34:31.0000 1900 RasMan - ok
13:34:31.0062 1900 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:34:31.0359 1900 RasPppoe - ok
13:34:31.0390 1900 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:34:31.0625 1900 Raspti - ok
13:34:31.0671 1900 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:34:31.0937 1900 Rdbss - ok
13:34:31.0953 1900 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:34:32.0250 1900 RDPCDD - ok
13:34:32.0312 1900 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:34:32.0406 1900 RDPWD - ok
13:34:32.0437 1900 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:34:32.0718 1900 RDSessMgr - ok
13:34:32.0750 1900 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:34:33.0031 1900 redbook - ok
13:34:33.0078 1900 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:34:33.0343 1900 RemoteAccess - ok
13:34:33.0390 1900 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
13:34:33.0656 1900 ROOTMODEM - ok
13:34:33.0687 1900 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:34:33.0937 1900 RpcLocator - ok
13:34:34.0000 1900 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:34:34.0031 1900 RpcSs - ok
13:34:34.0078 1900 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:34:34.0359 1900 RSVP - ok
13:34:34.0406 1900 [ 57F390BF7AF0F68BB804387CBC3A4F0D ] RT61 C:\WINDOWS\system32\DRIVERS\RT61.sys
13:34:34.0500 1900 RT61 - ok
13:34:34.0531 1900 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:34:34.0781 1900 SamSs - ok
13:34:34.0812 1900 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:34:35.0125 1900 SCardSvr - ok
13:34:35.0171 1900 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:34:35.0453 1900 Schedule - ok
13:34:35.0500 1900 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:34:35.0609 1900 Secdrv - ok
13:34:35.0656 1900 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
13:34:35.0921 1900 seclogon - ok
13:34:35.0937 1900 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
13:34:36.0250 1900 SENS - ok
13:34:36.0281 1900 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:34:36.0578 1900 serenum - ok
13:34:36.0593 1900 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:34:36.0859 1900 Serial - ok
13:34:36.0937 1900 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:34:37.0218 1900 Sfloppy - ok
13:34:37.0265 1900 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:34:37.0578 1900 SharedAccess - ok
13:34:37.0625 1900 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:34:37.0656 1900 ShellHWDetection - ok
13:34:37.0671 1900 Simbad - ok
13:34:37.0703 1900 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:34:37.0953 1900 SLIP - ok
13:34:38.0015 1900 [ 1D381A07361E4D6A8BE95026B3EBA47A ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:34:38.0078 1900 smwdm - ok
13:34:38.0109 1900 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
13:34:38.0125 1900 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
13:34:38.0125 1900 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
13:34:38.0156 1900 Sparrow - ok
13:34:38.0187 1900 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:34:38.0468 1900 splitter - ok
13:34:38.0500 1900 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:34:38.0546 1900 Spooler - ok
13:34:38.0578 1900 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:34:38.0718 1900 sr - ok
13:34:38.0750 1900 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
13:34:38.0875 1900 srservice - ok
13:34:38.0937 1900 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:34:39.0046 1900 Srv - ok
13:34:39.0078 1900 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:34:39.0218 1900 SSDPSRV - ok
13:34:39.0250 1900 [ 06C1ED78F091FBA7110E965AB5977EFC ] SSHDRV61 C:\WINDOWS\system32\drivers\SSHDRV61.sys
13:34:39.0265 1900 SSHDRV61 ( UnsignedFile.Multi.Generic ) - warning
13:34:39.0265 1900 SSHDRV61 - detected UnsignedFile.Multi.Generic (1)
13:34:39.0296 1900 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:34:39.0328 1900 ssmdrv - ok
13:34:39.0375 1900 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:34:39.0703 1900 stisvc - ok
13:34:39.0734 1900 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:34:40.0000 1900 streamip - ok
13:34:40.0031 1900 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:34:40.0296 1900 swenum - ok
13:34:40.0328 1900 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:34:40.0609 1900 swmidi - ok
13:34:40.0625 1900 SwPrv - ok
13:34:40.0671 1900 symc810 - ok
13:34:40.0703 1900 symc8xx - ok
13:34:40.0718 1900 sym_hi - ok
13:34:40.0750 1900 sym_u3 - ok
13:34:40.0781 1900 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:34:41.0046 1900 sysaudio - ok
13:34:41.0093 1900 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:34:41.0343 1900 SysmonLog - ok
13:34:41.0375 1900 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:34:41.0703 1900 TapiSrv - ok
13:34:41.0734 1900 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:34:41.0812 1900 Tcpip - ok
13:34:41.0828 1900 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:34:42.0125 1900 TDPIPE - ok
13:34:42.0140 1900 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:34:42.0406 1900 TDTCP - ok
13:34:42.0453 1900 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:34:42.0687 1900 TermDD - ok
13:34:42.0734 1900 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:34:43.0000 1900 TermService - ok
13:34:43.0046 1900 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:34:43.0078 1900 Themes - ok
13:34:43.0109 1900 TosIde - ok
13:34:43.0171 1900 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:34:43.0437 1900 TrkWks - ok
13:34:43.0500 1900 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:34:43.0750 1900 uagp35 - ok
13:34:43.0781 1900 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:34:44.0031 1900 Udfs - ok
13:34:44.0062 1900 ultra - ok
13:34:44.0109 1900 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:34:44.0437 1900 Update - ok
13:34:44.0484 1900 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:34:44.0671 1900 upnphost - ok
13:34:44.0718 1900 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
13:34:44.0953 1900 UPS - ok
13:34:45.0000 1900 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:34:45.0234 1900 usbehci - ok
13:34:45.0265 1900 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:34:45.0578 1900 usbhub - ok
13:34:45.0593 1900 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:34:45.0859 1900 usbprint - ok
13:34:45.0890 1900 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:34:46.0156 1900 usbscan - ok
13:34:46.0171 1900 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:34:46.0421 1900 USBSTOR - ok
13:34:46.0453 1900 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:34:46.0750 1900 usbuhci - ok
13:34:46.0781 1900 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:34:47.0031 1900 VgaSave - ok
13:34:47.0078 1900 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:34:47.0343 1900 ViaIde - ok
13:34:47.0390 1900 [ EBE101C01D80A42868F57B327BE1B564 ] viasraid C:\WINDOWS\system32\DRIVERS\viasraid.sys
13:34:47.0453 1900 viasraid - ok
13:34:47.0500 1900 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:34:47.0750 1900 VolSnap - ok
13:34:47.0796 1900 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:34:47.0937 1900 VSS - ok
13:34:47.0984 1900 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
13:34:48.0265 1900 W32Time - ok
13:34:48.0296 1900 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:34:48.0593 1900 Wanarp - ok
13:34:48.0609 1900 WDICA - ok
13:34:48.0656 1900 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:34:48.0921 1900 wdmaud - ok
13:34:48.0968 1900 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:34:49.0203 1900 WebClient - ok
13:34:49.0265 1900 [ 292B0BBA146793A7937D9849BDDB4298 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:34:49.0390 1900 winachsf - ok
13:34:49.0437 1900 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:34:49.0718 1900 winmgmt - ok
13:34:49.0796 1900 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:34:49.0906 1900 WmdmPmSN - ok
13:34:49.0968 1900 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:34:50.0234 1900 WmiApSrv - ok
13:34:50.0328 1900 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
13:34:50.0484 1900 WMPNetworkSvc - ok
13:34:50.0531 1900 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:34:50.0812 1900 wscsvc - ok
13:34:50.0828 1900 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:34:51.0078 1900 WSTCODEC - ok
13:34:51.0109 1900 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:34:51.0406 1900 wuauserv - ok
13:34:51.0437 1900 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:34:51.0515 1900 WudfPf - ok
13:34:51.0562 1900 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:34:51.0593 1900 WudfRd - ok
13:34:51.0625 1900 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:34:51.0703 1900 WudfSvc - ok
13:34:51.0765 1900 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:34:52.0093 1900 WZCSVC - ok
13:34:52.0140 1900 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:34:52.0421 1900 xmlprov - ok
13:34:52.0468 1900 [ DEE4899B4AC10A673B2DF0CDD135167E ] yukonwxp C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
13:34:52.0562 1900 yukonwxp - ok
13:34:52.0609 1900 ================ Scan global ===============================
13:34:52.0640 1900 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
13:34:52.0687 1900 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:34:52.0796 1900 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:34:52.0843 1900 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
13:34:52.0843 1900 [Global] - ok
13:34:52.0843 1900 ================ Scan MBR ==================================
13:34:52.0875 1900 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
13:34:53.0828 1900 \Device\Harddisk0\DR0 - ok
13:34:53.0843 1900 ================ Scan VBR ==================================
13:34:53.0875 1900 [ 750FBC3BB2E7936BE74132989F834B17 ] \Device\Harddisk0\DR0\Partition1
13:34:53.0875 1900 \Device\Harddisk0\DR0\Partition1 - ok
13:34:53.0906 1900 [ 3F8D159C3880D1EE01DBC812DE0CF9CF ] \Device\Harddisk0\DR0\Partition2
13:34:53.0906 1900 \Device\Harddisk0\DR0\Partition2 - ok
13:34:53.0921 1900 [ 8CF41D1AB443443199712A6414199091 ] \Device\Harddisk0\DR0\Partition3
13:34:53.0921 1900 \Device\Harddisk0\DR0\Partition3 - ok
13:34:53.0968 1900 [ 1F36D36578E18E6D13E2C4491E913D9E ] \Device\Harddisk0\DR0\Partition4
13:34:53.0968 1900 \Device\Harddisk0\DR0\Partition4 - ok
13:34:54.0000 1900 [ F25D5F29B6FCEDCAE482B03F3D66AEE0 ] \Device\Harddisk0\DR0\Partition5
13:34:54.0000 1900 \Device\Harddisk0\DR0\Partition5 - ok
13:34:54.0015 1900 ============================================================
13:34:54.0015 1900 Scan finished
13:34:54.0015 1900 ============================================================
13:34:54.0156 1884 Detected object count: 10
13:34:54.0156 1884 Actual detected object count: 10
13:35:38.0125 1884 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0125 1884 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0125 1884 ANIO ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0125 1884 ANIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0125 1884 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0125 1884 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0125 1884 aslm75 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0125 1884 aslm75 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0140 1884 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0140 1884 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0140 1884 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0140 1884 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0140 1884 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0140 1884 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0140 1884 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0140 1884 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0156 1884 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0156 1884 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:38.0156 1884 SSHDRV61 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:38.0156 1884 SSHDRV61 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:50.0109 3776 Deinitialize success
|
|
16.09.2012, 14:08
| #38 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Öffnung von Links im Outlook möglich Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.09.2012, 21:29
| #39 |
| | Keine Öffnung von Links im Outlook möglich Ich bin beim Autoscan bis zu dem Bildschirm gekommen, in dem steht, dass der Scan normalerweise ca. 10 Minuten dauert und bei stark infizierten Rechnern sich diese Zeit leicht verdoppeln kann. Dann kam eine Meldung, dass nicht genügend virtueller Speicher vorhanden ist und dieser erweitert wird. Dann hat sich nichts mehr getan und die Meldung, dass ComboFix die Einstellung der Uhrzeit geändert hat, kam nicht mehr. Nach ca. 1 Stunde hat sich der Bildschirmschoner eingeschaltet und danach hatte ich nur mein Deskophintergrundbild ohne alle Verknüpfungen. Den Computer habe ich dann am Ein/Ausschaltknopf ausgeschaltet und ohne Probleme wieder hochgefahren. Habe auch vorsichtshalber Avira free gelöscht, weil eine Warnmeldung kam, dass dieses System noch aktiv sei, obwohl ich den Echtzeitskanner angehalten hatte. Aber nach dem Löschen kam diese Meldung immer noch, so dass ich diese Warnmeldung 2 Mal mit OK bestätigte. Habe inzwischen Avira neu installiert. |
|
17.09.2012, 11:17
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Öffnung von Links im Outlook möglich Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 18:44
| #41 |
| | Keine Öffnung von Links im Outlook möglichCode:
ATTFilter ComboFix 12-09-16.01 - INES 17.09.2012 18:59:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.264 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\INES\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virenschutz *Disabled/Updated* {804E5358-FFA4-00DB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804E5358-FFA4-00FC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {BADB0D00-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\0295CBF7.TMP
c:\dokumente und einstellungen\INES\4.0
c:\dokumente und einstellungen\INES\WINDOWS
c:\dokumente und einstellungen\IVES\Desktop\Internet Explorer.lnk
c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
c:\programme\2006climbing1024x768.exe
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\uninst.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\system32\CTFMON(2).EXE
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\msssc.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-17 bis 2012-09-17 ))))))))))))))))))))))))))))))
.
.
2012-09-14 17:05 . 2012-09-14 17:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2012-09-14 17:04 . 2012-09-14 17:04 -------- d-----w- c:\dokumente und einstellungen\Administrator\IETldCache
2012-09-13 17:03 . 2012-09-13 17:03 -------- d-----w- C:\_OTL
2012-09-01 12:11 . 2012-09-01 12:11 -------- d-----w- c:\programme\ESET
2012-09-01 09:15 . 2012-09-01 09:15 -------- d-----w- c:\dokumente und einstellungen\INES\Anwendungsdaten\Malwarebytes
2012-09-01 09:15 . 2012-09-01 09:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-09-01 09:15 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 13:18 . 2012-08-31 13:18 -------- d--h--w- c:\programme\CanonBJ
2012-08-31 13:18 . 2012-08-31 13:18 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-08-31 13:18 . 2012-08-31 13:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2012-08-30 13:40 . 2012-08-30 13:40 -------- d-----w- c:\programme\Gemeinsame Dateien\CANON
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 18:26 . 2011-10-14 12:21 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-27 13:40 . 2012-04-09 08:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 13:40 . 2011-07-01 11:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-02-11 12:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-04 10:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-04 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2009-03-30 14:39 . 2009-03-30 14:39 1723032 ----a-w- c:\programme\PDF Umwandler.exe
2009-03-22 12:17 . 2009-03-22 12:17 3006976 ----a-w- c:\programme\TvantsSetup.exe
2008-11-23 13:33 . 2008-11-23 13:32 2353945 ----a-w- c:\programme\GlobFXSpaceTravel.exe
2008-11-23 13:23 . 2008-11-23 13:22 1357166 ----a-w- c:\programme\Jonny.exe
2008-11-23 12:57 . 2008-11-23 12:57 1745744 ----a-w- c:\programme\cities3d_setup.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp"="c:\programme\PC Beschleunigen\PCSpeedUp.lnk" [2011-10-23 1921]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 339968]
"ANIWZCS2Service"="c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [2012-5-12 1748992]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G510]
2008-10-21 01:22 1556480 ----a-w- c:\programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-01 12:28 119608 ----a-w- c:\programme\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Programme\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQ7.4\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11.02.2005 15:44 77312]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.10.2011 14:21 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.10.2011 14:21 86224]
R2 MBAMScheduler;MBAMScheduler;e:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [11.09.2012 18:27 399432]
R2 MBAMService;MBAMService;e:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [01.09.2012 11:15 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01.09.2012 11:15 22856]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [17.06.2010 13:11 136176]
S3 adiusbae;AT-AR215 USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09.04.2012 10:27 250056]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [17.06.2010 13:11 136176]
S3 HRService;Haufe iDesk-Service in c:\programme\Haufe\iDesk\iDeskService\Zope;c:\programme\Haufe\iDesk\iDeskService\ideskservice.exe [20.08.2008 06:08 70336]
S4 a2free;a-squared Free Service;"c:\programme\a-squared Free\a2service.exe" --> c:\programme\a-squared Free\a2service.exe [?]
S4 Rasmogutdm;Rasmogutdm; [x]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:40]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-17 11:11]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-17 11:11]
.
2012-09-17 c:\windows\Tasks\User_Feed_Synchronization-{19843669-D59F-4391-9B90-D328EFFA1DE2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Suche
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 80.69.100.182 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-RegisterDropHandler - c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
MSConfigStartUp-kgawm - c:\dokumente und einstellungen\ines\lokale einstellungen\anwendungsdaten\kgawm.exe
MSConfigStartUp-lycosInside - c:\programme\lycos\Lyc_SysTray.exe
MSConfigStartUp-Miro - c:\programme\Participatory Culture Foundation\Miro\Miro.exe
MSConfigStartUp-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-HaufeReader - c:\windows\IsUn0407.exe
AddRemove-map&guide 7 - c:\windows\IsUn0407.exe
AddRemove-Extra - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-17 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1592454029-725345543-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-09-17 19:15:24
ComboFix-quarantined-files.txt 2012-09-17 17:15
.
Vor Suchlauf: 4.662.897.664 Bytes frei
Nach Suchlauf: 4.972.675.584 Bytes frei
.
- - End Of File - - E0580605A241DA704892C03E4B7116B4
|
|
18.09.2012, 13:52
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Öffnung von Links im Outlook möglich Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\dokumente und einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
Driver::
Rasmogutdm
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2012, 18:26
| #43 |
| | Keine Öffnung von Links im Outlook möglichCode:
ATTFilter ComboFix 12-09-18.06 - INES 18.09.2012 18:51:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.232 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\INES\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\INES\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virenschutz *Disabled/Updated* {804E5358-FFA4-00DB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804E5358-FFA4-00FC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {BADB0D00-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\INES\4.0
c:\dokumente und einstellungen\INES\WINDOWS
c:\dokumente und einstellungen\IVES\Desktop\Internet Explorer.lnk
c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
c:\programme\2006climbing1024x768.exe
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\uninst.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\windows\IsUn0407.exe
c:\windows\system32\CTFMON(2).EXE
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\msssc.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Rasmogutdm
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-18 bis 2012-09-18 ))))))))))))))))))))))))))))))
.
.
2012-09-17 18:55 . 2012-09-17 19:58 -------- d-----w- c:\windows\system32\NtmsData
2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\dokumente und einstellungen\STEVE\Anwendungsdaten\Avira
2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\dokumente und einstellungen\IVES\Anwendungsdaten\Avira
2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\dokumente und einstellungen\INES\Anwendungsdaten\Avira
2012-09-17 17:57 . 2012-09-17 17:57 -------- d-----w- c:\programme\Avira
2012-09-17 17:52 . 2012-09-17 17:55 -------- d-----w- C:\RECYCLER(2)
2012-09-14 17:04 . 2012-09-14 17:04 -------- d-----w- c:\dokumente und einstellungen\Administrator\IETldCache
2012-09-13 17:03 . 2012-09-13 17:03 -------- d-----w- C:\_OTL
2012-09-01 12:11 . 2012-09-01 12:11 -------- d-----w- c:\programme\ESET
2012-09-01 09:15 . 2012-09-01 09:15 -------- d-----w- c:\dokumente und einstellungen\INES\Anwendungsdaten\Malwarebytes
2012-09-01 09:15 . 2012-09-01 09:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-09-01 09:15 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 13:18 . 2012-08-31 13:18 -------- d--h--w- c:\programme\CanonBJ
2012-08-31 13:18 . 2012-08-31 13:18 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-08-31 13:18 . 2012-08-31 13:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2012-08-30 13:40 . 2012-08-30 13:40 -------- d-----w- c:\programme\Gemeinsame Dateien\CANON
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 18:26 . 2011-10-14 12:21 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-27 13:40 . 2012-04-09 08:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 13:40 . 2011-07-01 11:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-02-11 12:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-04 10:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-04 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2009-03-30 14:39 . 2009-03-30 14:39 1723032 ----a-w- c:\programme\PDF Umwandler.exe
2009-03-22 12:17 . 2009-03-22 12:17 3006976 ----a-w- c:\programme\TvantsSetup.exe
2008-11-23 13:33 . 2008-11-23 13:32 2353945 ----a-w- c:\programme\GlobFXSpaceTravel.exe
2008-11-23 13:23 . 2008-11-23 13:22 1357166 ----a-w- c:\programme\Jonny.exe
2008-11-23 12:57 . 2008-11-23 12:57 1745744 ----a-w- c:\programme\cities3d_setup.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp"="c:\programme\PC Beschleunigen\PCSpeedUp.lnk" [2011-10-23 1921]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 339968]
"ANIWZCS2Service"="c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [2012-5-12 1748992]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G510]
2008-10-21 01:22 1556480 ----a-w- c:\programme\D-Link\AirPlus G DWL-G510\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-01 12:28 119608 ----a-w- c:\programme\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Programme\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQ7.4\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11.02.2005 15:44 77312]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.10.2011 14:21 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.10.2011 14:21 86224]
R2 MBAMScheduler;MBAMScheduler;e:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [11.09.2012 18:27 399432]
R2 MBAMService;MBAMService;e:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [01.09.2012 11:15 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01.09.2012 11:15 22856]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [17.06.2010 13:11 136176]
S3 adiusbae;AT-AR215 USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09.04.2012 10:27 250056]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [17.06.2010 13:11 136176]
S3 HRService;Haufe iDesk-Service in c:\programme\Haufe\iDesk\iDeskService\Zope;c:\programme\Haufe\iDesk\iDeskService\ideskservice.exe [20.08.2008 06:08 70336]
S4 a2free;a-squared Free Service;"c:\programme\a-squared Free\a2service.exe" --> c:\programme\a-squared Free\a2service.exe [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:40]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-17 11:11]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-17 11:11]
.
2012-09-18 c:\windows\Tasks\User_Feed_Synchronization-{19843669-D59F-4391-9B90-D328EFFA1DE2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Suche
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 80.69.100.182 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-RegisterDropHandler - c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
MSConfigStartUp-kgawm - c:\dokumente und einstellungen\ines\lokale einstellungen\anwendungsdaten\kgawm.exe
MSConfigStartUp-lycosInside - c:\programme\lycos\Lyc_SysTray.exe
MSConfigStartUp-Miro - c:\programme\Participatory Culture Foundation\Miro\Miro.exe
MSConfigStartUp-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-HaufeReader - c:\windows\IsUn0407.exe
AddRemove-map&guide 7 - c:\windows\IsUn0407.exe
AddRemove-Extra - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-18 19:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-1592454029-725345543-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2140)
c:\progra~1\TEXTBR~1.0\Bin\TBMHOOK.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Analog Devices\SoundMAX\SMAgent.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
e:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-18 19:16:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-18 17:16
ComboFix2.txt 2012-09-17 17:15
.
Vor Suchlauf: 4.427.474.944 Bytes frei
Nach Suchlauf: 4.316.580.352 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9CD8FFEE28AF07F1803C33358E9310D8
|
|
19.09.2012, 14:35
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Öffnung von Links im Outlook möglich Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 20:24
| #45 |
| | Keine Öffnung von Links im Outlook möglichCode:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:15:22 on 19.09.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX3CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ANIO Service" (ANIO) - "Alpha Networks Inc." - C:\WINDOWS\system32\ANIO.SYS "aslm75" (aslm75) - ? - C:\WINDOWS\system32\drivers\aslm75.sys (File found, but it contains no detailed information) "AT-AR215 USB ADSL LAN Adapter" (adiusbae) - ? - C:\WINDOWS\System32\DRIVERS\adiusbae.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "General Purpose USB Driver (adildr.sys)" (ADILOADER) - ? - C:\WINDOWS\System32\Drivers\adildr.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - ? - C:\WINDOWS\system32\drivers\PQNTDrv.sys (File found, but it contains no detailed information) "SSHDRV61" (SSHDRV61) - ? - C:\WINDOWS\system32\drivers\SSHDRV61.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - E:\Programme\7-Zip\7-zip.dll {A155339D-CCCD-4714-85EB-3754B804C9DF} "a-squared Free Shell Extension" - "Emsi Software GmbH" - C:\Programme\a-squared Free\a2freecontmenu.dll {04055D60-93D3-11D1-B8CC-00409524F097} "Bildordner" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {92085AD4-F48A-450D-BD93-B28CC7DF67CE} "eBay Toolbar" - ? - (File not found | COM-object registry key not found) {EBDF1F20-C829-11D1-8233-0020AF3E97A9} "IPS Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\Office\1031\UNBIND.DLL {7FC7C9B0-FED7-11D1-8F70-00409524F097} "PackedImageFolder" - ? - (File not found | COM-object registry key not found) {F93F5F63-423F-11D2-8D61-00605206619F} "Search Result" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Yahoo! Toolbar" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll "ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll {5018CFD2-804D-4C99-9F81-25EAEA2769DE} "Softonic Toolbar" - "Softonic.com" - C:\Programme\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll {92085AD4-F48A-450D-BD93-B28CC7DF67CE} "{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {E87806B5-E908-45FD-AF5E-957D83E58E68} "Softonic Helper Object" - "Softonic.com" - C:\Programme\Softonic\Softonic\1.6.7.4\bh\Softonic.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "ScanPanel.lnk" - ? - C:\ScanPanel\ScnPanel.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\INES\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "ANIWZCS2Service" - "Wireless Service" - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe "ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon "InstantAccess" - ? - C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h (File found, but it contains no detailed information) "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor PIXMA iP1500" - "CANON INC." - C:\WINDOWS\system32\CNMLM5y.DLL "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Adobe LM Service" (Adobe LM Service) - ? - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "ANIWZCSd Service" (ANIWZCSdService) - "Wireless Service" - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope" (HRService) - ? - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe (File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "PIXMA Extended Survey Program" (IJPLMSVC) - ? - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE "SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Sierra Online" - C:\WINDOWS\SCREEN~1.SCR -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-19 21:28:10
-----------------------------
21:28:10.546 OS Version: Windows 5.1.2600 Service Pack 3
21:28:10.546 Number of processors: 1 586 0xA00
21:28:10.546 ComputerName: INES-COMPI UserName: INES
21:28:20.109 Initialize success
21:45:12.656 AVAST engine defs: 12091900
21:45:47.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:45:47.875 Disk 0 Vendor: SAMSUNG_SP1203N TL100-30 Size: 114498MB BusType: 3
21:45:47.937 Disk 0 MBR read successfully
21:45:47.937 Disk 0 MBR scan
21:45:48.718 Disk 0 Windows XP default MBR code
21:45:48.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
21:45:48.953 Disk 0 Partition - 00 0F Extended LBA 94491 MB offset 40965750
21:45:48.968 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 25007 MB offset 40965813
21:45:49.078 Disk 0 Partition - 00 05 Extended 30004 MB offset 92180970
21:45:49.187 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30004 MB offset 92181033
21:45:49.250 Disk 0 Partition - 00 05 Extended 20002 MB offset 204844815
21:45:49.265 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 20002 MB offset 153629658
21:45:49.312 Disk 0 Partition - 00 05 Extended 19477 MB offset 307259190
21:45:49.359 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 19477 MB offset 194595408
21:45:49.453 Disk 0 scanning sectors +234484740
21:45:49.781 Disk 0 scanning C:\WINDOWS\system32\drivers
21:47:05.031 Service scanning
21:47:52.421 Modules scanning
21:48:28.187 Disk 0 trace - called modules:
21:48:28.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys
21:48:28.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82376030]
21:48:28.203 3 CLASSPNP.SYS[f8577fd7] -> nt!IofCallDriver -> \Device\0000006b[0x823cfeb0]
21:48:28.203 5 ACPI.sys[f84ed620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82377940]
21:48:30.437 AVAST engine scan C:\WINDOWS
21:49:11.296 AVAST engine scan C:\WINDOWS\system32
22:03:49.953 AVAST engine scan C:\WINDOWS\system32\drivers
22:04:43.984 AVAST engine scan C:\Dokumente und Einstellungen\INES
22:11:57.781 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:14:37.875 Scan finished successfully
22:15:21.328 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\INES\Desktop\MBR.dat"
22:15:21.328 The log file has been saved successfully to "C:\Dokumente und Einstellungen\INES\Desktop\aswMBR.txt"
|
|
| Themen zu Keine Öffnung von Links im Outlook möglich |
| adware/installcore.gen, anti, anti vir, blau, compu, computer, entfern, entfernt, funktionieren, gestern, keine linköffnung im outlook, links, outlook, quarantäne, suchlauf, ursache, virus |
Linear-Darstellung
