| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche HilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2012, 22:15
| #31 |
 |  Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Wenn du mal auf den Scan schaust, wirst du sehen, dass ich die Datei kurz nach Mitternacht heruntergeladen habe und den Scan direkt ausgeführt habe. Zu dieser Zeit war die Version 3.2.61.4 noch nicht verfügbar. aber ich habe dir mit der aktuellsten Version einen weiteren Scan gemacht. Hier ist der Text-File: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.09.2012 22:55:28 - Run 6 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,75% Memory free 3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,23% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 143,96 Gb Total Space | 34,57 Gb Free Space | 24,02% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 332,41 Gb Free Space | 71,37% Space Free | Partition Type: NTFS Computer Name: MOBIL | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Dell Network Assistant\hnm_svc.exe (SingleClick Systems) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Programme\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\VistaCodecPack\filters\mmfinfo.dll () MOD - C:\Programme\VistaCodecPack\filters\mkunicode.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nosGetPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (JMP License Service) -- C:\Programme\Gemeinsame Dateien\SAS Institute Inc Shared\Service\JMPLicSvc.exe (SAS Institute Inc.) SRV - (hnmsvc) -- C:\Programme\Dell Network Assistant\hnm_svc.exe (SingleClick Systems) SRV - (WLANKEEPER) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\C.tmp File not found DRV - (M9207) -- system32\DRIVERS\M9207BDA.sys File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (DSproct) -- C:\Programme\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.) DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=hxxp://www.t-online.de IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\InprocServer32 File not found IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes\{0F499E64-266C-418B-B708-5BF31283445D}: "URL" = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms} IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes\{27930E33-87C4-4826-A572-DEF3A9C155A1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes\{E82F62B3-6D06-4156-8261-C2F04C2CDAEC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: nl-NL@dictionaries.addons.mozilla.org:3.1.0 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:3.0.1 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.90: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.07 11:48:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.07 11:48:34 | 000,000,000 | ---D | M] [2008.12.18 01:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2012.09.13 10:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions [2010.07.02 20:30:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.17 22:38:35 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.02.17 22:38:36 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\en-GB@dictionaries.addons.mozilla.org [2012.06.12 10:35:47 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.04.17 12:42:33 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\nl-NL@dictionaries.addons.mozilla.org [2011.05.16 09:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\nostmp [2012.07.26 13:20:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.13 10:47:56 | 000,698,867 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\searchplugins\conduit.xml [2012.09.07 11:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 11:48:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found O3 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\Qigong\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://snoop999.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342088690281 (MUWebControl Class) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} hxxp://snoop999.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell - "" = AutoRun O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell - "" = AutoRun O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {BC44F053-C22D-4BEF-B9FB-3CD538460A65} - T-Online Toolbar ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C5470D23-7E94-569F-DFBE-45E90974A061} - Java (Sun) ActiveX: {C66DAF08-9AF8-69EB-EB49-019792EBF424} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {F0BC534C-4D92-18BD-D40B-EBC670FE2127} - Browseranpassungen ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation) Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll () Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\iyvu9_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.15 22:53:47 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2012.09.13 10:45:14 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2012.09.13 10:45:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2012.09.13 10:45:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.09.12 17:40:45 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\OTL.exe [2012.09.11 15:18:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2012.09.07 11:48:30 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.09.05 10:15:34 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.05 10:00:25 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\xxx\Desktop\esetsmartinstaller_enu.exe [2012.09.02 16:47:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\SystemRequirementsLab [2012.09.01 00:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Sun [2012.08.29 19:14:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.08.29 19:14:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.08.29 19:14:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.29 19:14:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.29 19:14:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.29 17:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2012.08.29 17:57:31 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2012.08.26 14:33:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\Facebook-Tierfotos [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.15 22:53:47 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2012.09.15 22:46:01 | 000,060,026 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.09.15 22:46:00 | 000,099,653 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2012.09.15 22:45:30 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.15 22:45:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.15 22:45:12 | 000,099,653 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012.09.15 22:44:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.15 22:44:49 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys [2012.09.14 12:19:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.14 11:34:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.12 17:40:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\OTL.exe [2012.09.12 17:13:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.09.12 00:05:47 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.11 15:17:10 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.05 10:00:25 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\xxx\Desktop\esetsmartinstaller_enu.exe [2012.09.04 13:55:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties [2012.09.04 13:52:32 | 000,460,762 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.04 13:52:32 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.04 13:52:32 | 000,085,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.04 13:52:32 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.08.30 13:31:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable [2012.08.29 17:57:38 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Spybot - Search & Destroy.lnk [2012.08.29 13:26:01 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.08.24 11:51:05 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2012.08.24 11:50:42 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\524A1BAB7B.sys [2012.08.22 22:32:59 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 13:31:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable [2012.08.29 19:14:03 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 17:57:38 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Spybot - Search & Destroy.lnk [2012.06.26 21:49:55 | 000,002,828 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2012.06.26 21:49:51 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.02.17 00:53:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.02.04 20:31:09 | 000,025,507 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\.recently-used.xbel [2008.11.20 01:52:36 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2007.05.17 11:18:27 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.03.29 23:53:39 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\wklnhst.dat [2007.03.29 12:37:45 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.26 13:22:52 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2007.05.31 22:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2008.02.05 09:15:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.06.21 19:57:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2008.11.20 01:51:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder [2008.03.15 20:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2008.07.17 00:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2008.09.23 19:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MythPeople [2008.09.19 20:15:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SAS Institute Inc [2007.03.30 00:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SingleClick Systems [2012.08.24 11:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2008.02.05 09:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard [2008.07.15 21:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.01.25 12:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2008.09.23 19:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2012.01.11 21:19:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.12.20 18:18:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\CheckPoint [2012.01.25 12:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software [2011.10.31 09:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Qigong\Anwendungsdaten\CheckPoint [2012.02.09 11:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Qigong\Anwendungsdaten\LibreOffice [2011.11.03 13:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Qigong\Anwendungsdaten\OpenOffice.org [2011.07.23 17:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Azureus [2012.08.24 11:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon [2012.09.05 10:22:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CheckPoint [2008.11.20 01:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DonationCoder [2009.02.04 20:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0 [2007.03.30 01:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQLite [2008.09.30 01:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\iWin [2007.04.07 21:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech [2011.11.13 17:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LibreOffice [2009.02.22 12:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LimeWire [2011.02.09 16:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2007.08.21 13:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SAS [2008.02.05 09:13:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft [2007.03.29 23:53:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Template [2012.01.11 21:20:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software [2008.09.30 01:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Zylom ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.31 09:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe [2012.07.20 13:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Avira [2011.07.23 17:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Azureus [2012.08.24 11:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon [2012.09.05 10:22:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CheckPoint [2012.08.24 11:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Corel [2007.03.30 01:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CyberLink [2008.11.20 01:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DonationCoder [2009.06.02 20:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Google [2007.03.19 23:51:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Gtek [2009.02.04 20:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0 [2007.10.23 20:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Help [2007.03.30 01:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQLite [2008.09.30 01:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Identities [2007.03.19 23:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Intel [2008.09.30 01:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\iWin [2008.04.04 14:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Lavasoft [2007.04.07 21:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech [2011.11.13 17:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LibreOffice [2009.02.22 12:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LimeWire [2007.03.29 22:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Macromedia [2012.08.29 19:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2007.03.26 13:23:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\McAfee.com Personal Firewall [2012.09.02 17:20:00 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft [2008.12.18 01:22:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla [2011.02.09 16:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2011.02.09 13:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org2 [2007.05.26 14:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Real [2007.08.21 13:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SAS [2008.02.05 09:13:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft [2012.09.13 10:59:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Skype [2007.04.07 21:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sonic [2007.05.17 10:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sun [2007.03.29 23:53:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Template [2012.01.11 21:20:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software [2009.05.24 10:18:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3 [2008.09.30 01:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Zylom < %APPDATA%\*.exe /s > [2008.02.11 01:49:52 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe [2010.08.13 09:13:32 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\i386\eventlog.dll [2004.08.04 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\i386\netlogon.dll [2004.08.04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 16:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\i386\scecli.dll [2004.08.04 16:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 16:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\i386\user32.dll [2004.08.04 16:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 16:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\i386\userinit.exe [2004.08.04 16:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 16:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\i386\winlogon.exe [2004.08.04 16:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\i386\ws2ifsl.sys [2004.08.04 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2004.08.13 14:46:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004.08.13 14:46:20 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004.08.13 14:46:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BEB71B81 @Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9F683177 < End of report > |
|
16.09.2012, 18:20
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Da ich nicht genau weiß wann die Version rauskam, ich hatte irgendwas mit dem Abend zuvor vermutet hab ich nochmal nachgefragt
__________________Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\C.tmp File not found
DRV - (M9207) -- system32\DRIVERS\M9207BDA.sys File not found
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
[2010.07.02 20:30:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\searchplugins\conduit.xml
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found
O3 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\Qigong\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell - "" = AutoRun
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell - "" = AutoRun
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun\command - "" = E:\pushinst.exe
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BEB71B81
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9F683177
:Files
E:\Downloads\SoftonicDownloader_fuer_pdf24-creator.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
17.09.2012, 07:42
| #33 |
| | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Das Programm läuft seit gestern Abend und die Systemzeit des Rechners ist bei 20:00 Uhr "eingefroren". Ist das normal?
__________________ |
|
17.09.2012, 08:38
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.09.2012, 22:55
| #35 |
| | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Im abgesicherten Modus hat es funktioniert. Code:
ATTFilter All processes killed
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\WINDOWS\system32\C.tmp File not found not found.
Service M9207 stopped successfully!
Service M9207 deleted successfully!
File system32\DRIVERS\M9207BDA.sys File not found not found.
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
File C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\searchplugins\conduit.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Registry value HKEY_USERS\S-1-5-21-3129759340-1621867061-3447965378-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3129759340-1621867061-3447965378-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
C:\Dokumente und Einstellungen\Qigong\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMSAppLogo5ChannelNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
File E:\pushinst.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BEB71B81 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9F683177 deleted successfully.
========== FILES ==========
E:\Downloads\SoftonicDownloader_fuer_pdf24-creator.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\xxx\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\xxx\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: contact
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
User: Gast
->Temp folder emptied: 1120738 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6861458 bytes
->Flash cache emptied: 41 bytes
User: LocalService
->Temp folder emptied: 2189464 bytes
->Temporary Internet Files folder emptied: 284801 bytes
->FireFox cache emptied: 12212965 bytes
User: NetworkService
->Temp folder emptied: 2130376 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Qigong
->Temp folder emptied: 1554930 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 5644730 bytes
->Flash cache emptied: 41 bytes
User: xxx
->Temp folder emptied: 7684223 bytes
->Temporary Internet Files folder emptied: 98995 bytes
->Java cache emptied: 16626156 bytes
->FireFox cache emptied: 86871219 bytes
->Flash cache emptied: 741 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3771271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1064611 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 141,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.5 log created on 09172012_234554
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
19.09.2012, 11:06
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe |
|
19.09.2012, 11:42
| #37 |
| | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche HilfeCode:
ATTFilter 12:34:52.0984 2936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:34:52.0984 2936 ============================================================
12:34:52.0984 2936 Current date / time: 2012/09/19 12:34:52.0984
12:34:52.0984 2936 SystemInfo:
12:34:53.0000 2936
12:34:53.0000 2936 OS Version: 5.1.2600 ServicePack: 3.0
12:34:53.0000 2936 Product type: Workstation
12:34:53.0000 2936 ComputerName: MOBIL
12:34:53.0000 2936 UserName: xxx
12:34:53.0000 2936 Windows directory: C:\WINDOWS
12:34:53.0000 2936 System windows directory: C:\WINDOWS
12:34:53.0000 2936 Processor architecture: Intel x86
12:34:53.0000 2936 Number of processors: 2
12:34:53.0000 2936 Page size: 0x1000
12:34:53.0000 2936 Boot type: Normal boot
12:34:53.0000 2936 ============================================================
12:34:54.0906 2936 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:34:54.0906 2936 Drive \Device\Harddisk1\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:34:54.0906 2936 ============================================================
12:34:54.0906 2936 \Device\Harddisk0\DR0:
12:34:54.0906 2936 MBR partitions:
12:34:54.0906 2936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x11FEC629
12:34:54.0937 2936 \Device\Harddisk1\DR5:
12:34:54.0937 2936 MBR partitions:
12:34:54.0937 2936 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:34:54.0937 2936 ============================================================
12:34:54.0984 2936 C: <-> \Device\Harddisk0\DR0\Partition1
12:34:55.0093 2936 E: <-> \Device\Harddisk1\DR5\Partition1
12:34:55.0156 2936 ============================================================
12:34:55.0156 2936 Initialize success
12:34:55.0156 2936 ============================================================
12:35:57.0703 3640 ============================================================
12:35:57.0703 3640 Scan started
12:35:57.0703 3640 Mode: Manual; SigCheck; TDLFS;
12:35:57.0703 3640 ============================================================
12:35:58.0625 3640 ================ Scan system memory ========================
12:36:02.0343 3640 System memory - ok
12:36:02.0343 3640 ================ Scan services =============================
12:36:02.0453 3640 Abiosdsk - ok
12:36:02.0500 3640 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:36:04.0546 3640 abp480n5 - ok
12:36:04.0609 3640 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:36:04.0843 3640 ACPI - ok
12:36:04.0906 3640 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:36:05.0031 3640 ACPIEC - ok
12:36:05.0125 3640 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:36:05.0156 3640 AdobeFlashPlayerUpdateSvc - ok
12:36:05.0203 3640 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:36:05.0328 3640 adpu160m - ok
12:36:05.0359 3640 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:36:05.0468 3640 aec - ok
12:36:05.0531 3640 [ 375EB0B97E3950ADEF3633C27A82438B ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:36:05.0546 3640 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:36:05.0546 3640 AegisP - detected UnsignedFile.Multi.Generic (1)
12:36:05.0593 3640 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:36:05.0625 3640 AFD - ok
12:36:05.0687 3640 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:36:05.0859 3640 agp440 - ok
12:36:05.0890 3640 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:36:06.0078 3640 agpCPQ - ok
12:36:06.0125 3640 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:36:06.0203 3640 Aha154x - ok
12:36:06.0234 3640 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:36:06.0390 3640 aic78u2 - ok
12:36:06.0468 3640 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:36:06.0593 3640 aic78xx - ok
12:36:06.0640 3640 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:36:06.0765 3640 Alerter - ok
12:36:06.0781 3640 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
12:36:06.0890 3640 ALG - ok
12:36:06.0921 3640 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:36:07.0093 3640 AliIde - ok
12:36:07.0187 3640 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:36:07.0328 3640 alim1541 - ok
12:36:07.0359 3640 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:36:07.0484 3640 amdagp - ok
12:36:07.0578 3640 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:36:07.0671 3640 amsint - ok
12:36:07.0781 3640 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
12:36:07.0828 3640 AntiVirSchedulerService - ok
12:36:07.0875 3640 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:36:07.0906 3640 AntiVirService - ok
12:36:07.0968 3640 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:36:08.0000 3640 AntiVirWebService - ok
12:36:08.0046 3640 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:36:08.0062 3640 APPDRV ( UnsignedFile.Multi.Generic ) - warning
12:36:08.0062 3640 APPDRV - detected UnsignedFile.Multi.Generic (1)
12:36:08.0109 3640 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:36:08.0312 3640 AppMgmt - ok
12:36:08.0375 3640 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:36:08.0578 3640 Arp1394 - ok
12:36:08.0609 3640 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:36:08.0765 3640 asc - ok
12:36:08.0781 3640 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:36:08.0859 3640 asc3350p - ok
12:36:08.0890 3640 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:36:09.0031 3640 asc3550 - ok
12:36:09.0187 3640 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:36:09.0234 3640 aspnet_state - ok
12:36:09.0250 3640 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:36:09.0406 3640 AsyncMac - ok
12:36:09.0468 3640 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:36:09.0625 3640 atapi - ok
12:36:09.0640 3640 Atdisk - ok
12:36:09.0687 3640 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:36:09.0906 3640 Atmarpc - ok
12:36:09.0984 3640 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:36:10.0109 3640 AudioSrv - ok
12:36:10.0140 3640 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:36:10.0265 3640 audstub - ok
12:36:10.0281 3640 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:36:10.0312 3640 avgntflt - ok
12:36:10.0343 3640 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:36:10.0359 3640 avipbb - ok
12:36:10.0375 3640 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:36:10.0390 3640 avkmgr - ok
12:36:10.0421 3640 [ 6489310D11971F6BA6C7F49BE0BAF6E0 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
12:36:10.0484 3640 bcm4sbxp - ok
12:36:10.0546 3640 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:36:10.0687 3640 Beep - ok
12:36:10.0796 3640 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
12:36:10.0937 3640 BITS - ok
12:36:10.0984 3640 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
12:36:11.0062 3640 Browser - ok
12:36:11.0109 3640 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:36:11.0296 3640 cbidf - ok
12:36:11.0296 3640 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:36:11.0453 3640 cbidf2k - ok
12:36:11.0500 3640 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:36:11.0671 3640 CCDECODE - ok
12:36:11.0703 3640 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:36:11.0812 3640 cd20xrnt - ok
12:36:11.0828 3640 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:36:11.0984 3640 Cdaudio - ok
12:36:12.0062 3640 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:36:12.0187 3640 Cdfs - ok
12:36:12.0265 3640 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:36:12.0390 3640 Cdrom - ok
12:36:12.0390 3640 Changer - ok
12:36:12.0437 3640 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:36:12.0609 3640 CiSvc - ok
12:36:12.0656 3640 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:36:12.0875 3640 ClipSrv - ok
12:36:13.0031 3640 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:13.0125 3640 clr_optimization_v2.0.50727_32 - ok
12:36:13.0171 3640 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:36:13.0296 3640 CmBatt - ok
12:36:13.0343 3640 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:36:13.0515 3640 CmdIde - ok
12:36:13.0562 3640 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:36:14.0062 3640 Compbatt - ok
12:36:14.0062 3640 COMSysApp - ok
12:36:14.0093 3640 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:36:14.0234 3640 Cpqarray - ok
12:36:14.0281 3640 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:36:14.0453 3640 CryptSvc - ok
12:36:14.0500 3640 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:36:14.0640 3640 dac2w2k - ok
12:36:14.0656 3640 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:36:14.0796 3640 dac960nt - ok
12:36:14.0859 3640 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:36:14.0937 3640 DcomLaunch - ok
12:36:14.0984 3640 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:36:15.0140 3640 Dhcp - ok
12:36:15.0156 3640 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:36:15.0281 3640 Disk - ok
12:36:15.0281 3640 dmadmin - ok
12:36:15.0375 3640 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:36:15.0546 3640 dmboot - ok
12:36:15.0546 3640 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:36:15.0703 3640 dmio - ok
12:36:15.0734 3640 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:36:15.0859 3640 dmload - ok
12:36:15.0906 3640 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:36:16.0078 3640 dmserver - ok
12:36:16.0171 3640 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:36:16.0343 3640 DMusic - ok
12:36:16.0375 3640 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:36:16.0484 3640 Dnscache - ok
12:36:16.0546 3640 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:36:16.0765 3640 Dot3svc - ok
12:36:16.0781 3640 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:36:16.0937 3640 dpti2o - ok
12:36:16.0953 3640 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:36:17.0062 3640 drmkaud - ok
12:36:17.0187 3640 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
12:36:17.0187 3640 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0187 3640 drvmcdb - detected UnsignedFile.Multi.Generic (1)
12:36:17.0203 3640 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
12:36:17.0218 3640 drvnddm ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0218 3640 drvnddm - detected UnsignedFile.Multi.Generic (1)
12:36:17.0296 3640 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Programme\Dell Support\GTAction\triggers\DSproct.sys
12:36:17.0328 3640 DSproct ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0328 3640 DSproct - detected UnsignedFile.Multi.Generic (1)
12:36:17.0359 3640 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:36:17.0515 3640 E100B - ok
12:36:17.0593 3640 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:36:17.0812 3640 EapHost - ok
12:36:17.0875 3640 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:36:17.0984 3640 ERSvc - ok
12:36:18.0031 3640 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
12:36:18.0078 3640 Eventlog - ok
12:36:18.0156 3640 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
12:36:18.0218 3640 EventSystem - ok
12:36:18.0281 3640 [ 788C72B145C75A7EE5F5D6A32542D912 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
12:36:18.0312 3640 EvtEng ( UnsignedFile.Multi.Generic ) - warning
12:36:18.0312 3640 EvtEng - detected UnsignedFile.Multi.Generic (1)
12:36:18.0359 3640 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:36:18.0578 3640 Fastfat - ok
12:36:18.0625 3640 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:36:18.0703 3640 FastUserSwitchingCompatibility - ok
12:36:18.0718 3640 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:36:18.0828 3640 Fdc - ok
12:36:18.0859 3640 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:36:18.0984 3640 Fips - ok
12:36:19.0015 3640 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:36:19.0156 3640 Flpydisk - ok
12:36:19.0187 3640 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:36:19.0296 3640 FltMgr - ok
12:36:19.0375 3640 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:36:19.0390 3640 FontCache3.0.0.0 - ok
12:36:19.0421 3640 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:36:19.0546 3640 Fs_Rec - ok
12:36:19.0593 3640 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:36:19.0718 3640 Ftdisk - ok
12:36:19.0765 3640 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:36:19.0890 3640 Gpc - ok
12:36:19.0984 3640 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9e3af68a3f28e C:\Programme\Google\Update\GoogleUpdate.exe
12:36:20.0000 3640 gupdate1c9e3af68a3f28e - ok
12:36:20.0015 3640 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
12:36:20.0031 3640 gupdatem - ok
12:36:20.0078 3640 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:36:20.0265 3640 HDAudBus - ok
12:36:20.0421 3640 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:36:20.0609 3640 helpsvc - ok
12:36:20.0640 3640 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
12:36:20.0750 3640 HidServ - ok
12:36:20.0765 3640 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:36:20.0890 3640 HidUsb - ok
12:36:20.0937 3640 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:36:21.0046 3640 hkmsvc - ok
12:36:21.0125 3640 [ 4BDA4856BD308C90CD5A98B6BF294A73 ] hnmsvc C:\Programme\Dell Network Assistant\hnm_svc.exe
12:36:21.0140 3640 hnmsvc - ok
12:36:21.0171 3640 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:36:21.0281 3640 hpn - ok
12:36:21.0343 3640 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:36:21.0390 3640 HSFHWAZL - ok
12:36:21.0437 3640 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:36:21.0515 3640 HSF_DPV - ok
12:36:21.0593 3640 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:21.0656 3640 HTTP - ok
12:36:21.0703 3640 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:36:21.0890 3640 HTTPFilter - ok
12:36:21.0890 3640 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:36:22.0140 3640 i2omgmt - ok
12:36:22.0187 3640 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:36:22.0328 3640 i2omp - ok
12:36:22.0343 3640 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:22.0453 3640 i8042prt - ok
12:36:22.0625 3640 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:36:22.0671 3640 idsvc - ok
12:36:22.0718 3640 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:36:22.0843 3640 Imapi - ok
12:36:22.0906 3640 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
12:36:23.0093 3640 ImapiService - ok
12:36:23.0140 3640 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:36:23.0375 3640 ini910u - ok
12:36:23.0453 3640 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:36:23.0578 3640 IntelIde - ok
12:36:23.0609 3640 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:36:23.0750 3640 intelppm - ok
12:36:23.0765 3640 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:36:23.0890 3640 Ip6Fw - ok
12:36:23.0921 3640 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:36:24.0062 3640 IpFilterDriver - ok
12:36:24.0156 3640 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:36:24.0265 3640 IpInIp - ok
12:36:24.0312 3640 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:36:24.0421 3640 IpNat - ok
12:36:24.0437 3640 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:36:24.0562 3640 IPSec - ok
12:36:24.0578 3640 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:36:24.0765 3640 IRENUM - ok
12:36:24.0843 3640 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:36:25.0015 3640 isapnp - ok
12:36:25.0125 3640 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
12:36:25.0140 3640 JavaQuickStarterService - ok
12:36:25.0203 3640 [ 6960D14BAC216317B45F95155280B0F4 ] JMP License Service C:\Programme\Gemeinsame Dateien\SAS Institute Inc Shared\Service\JMPLicSvc.exe
12:36:25.0250 3640 JMP License Service ( UnsignedFile.Multi.Generic ) - warning
12:36:25.0250 3640 JMP License Service - detected UnsignedFile.Multi.Generic (1)
12:36:25.0296 3640 [ C4D1E49A7D853A6FDFE8EC2906AE5AAA ] Jukebox3 C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
12:36:25.0343 3640 Jukebox3 - ok
12:36:25.0375 3640 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:36:25.0546 3640 Kbdclass - ok
12:36:25.0593 3640 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:36:25.0781 3640 kmixer - ok
12:36:25.0859 3640 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:36:25.0953 3640 KSecDD - ok
12:36:25.0984 3640 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:36:26.0031 3640 lanmanserver - ok
12:36:26.0078 3640 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:36:26.0125 3640 lanmanworkstation - ok
12:36:26.0125 3640 lbrtfdc - ok
12:36:26.0187 3640 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:36:26.0296 3640 LmHosts - ok
12:36:26.0343 3640 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:36:26.0375 3640 MBAMProtector - ok
12:36:26.0484 3640 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:36:26.0531 3640 MBAMScheduler - ok
12:36:26.0593 3640 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
12:36:26.0656 3640 MBAMService - ok
12:36:26.0718 3640 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:36:26.0750 3640 mdmxsdk - ok
12:36:26.0812 3640 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:36:27.0031 3640 Messenger - ok
12:36:27.0062 3640 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:36:27.0187 3640 mnmdd - ok
12:36:27.0234 3640 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:36:27.0375 3640 mnmsrvc - ok
12:36:27.0390 3640 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:36:27.0515 3640 Modem - ok
12:36:27.0562 3640 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:36:27.0687 3640 Mouclass - ok
12:36:27.0734 3640 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:36:27.0875 3640 mouhid - ok
12:36:27.0953 3640 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:36:28.0093 3640 MountMgr - ok
12:36:28.0156 3640 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:36:28.0187 3640 MozillaMaintenance - ok
12:36:28.0218 3640 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
12:36:28.0343 3640 MPE - ok
12:36:28.0390 3640 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:36:28.0578 3640 mraid35x - ok
12:36:28.0609 3640 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:36:29.0078 3640 MRxDAV - ok
12:36:29.0125 3640 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:36:29.0171 3640 MRxSmb - ok
12:36:29.0234 3640 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:36:29.0359 3640 MSDTC - ok
12:36:29.0375 3640 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:36:29.0500 3640 Msfs - ok
12:36:29.0500 3640 MSIServer - ok
12:36:29.0562 3640 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:36:29.0687 3640 MSKSSRV - ok
12:36:29.0703 3640 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:36:29.0812 3640 MSPCLOCK - ok
12:36:29.0843 3640 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:36:29.0984 3640 MSPQM - ok
12:36:29.0984 3640 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:36:30.0093 3640 mssmbios - ok
12:36:30.0125 3640 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:36:30.0265 3640 MSTEE - ok
12:36:30.0296 3640 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:36:30.0328 3640 Mup - ok
12:36:30.0359 3640 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:36:30.0484 3640 NABTSFEC - ok
12:36:30.0531 3640 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
12:36:30.0671 3640 napagent - ok
12:36:30.0718 3640 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:36:30.0859 3640 NDIS - ok
12:36:30.0921 3640 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:36:31.0109 3640 NdisIP - ok
12:36:31.0140 3640 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:36:31.0187 3640 NdisTapi - ok
12:36:31.0203 3640 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:36:31.0390 3640 Ndisuio - ok
12:36:31.0390 3640 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:36:31.0593 3640 NdisWan - ok
12:36:31.0625 3640 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:36:31.0656 3640 NDProxy - ok
12:36:31.0656 3640 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:36:31.0781 3640 NetBIOS - ok
12:36:31.0812 3640 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:36:31.0921 3640 NetBT - ok
12:36:31.0968 3640 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
12:36:32.0109 3640 NetDDE - ok
12:36:32.0109 3640 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:36:32.0234 3640 NetDDEdsdm - ok
12:36:32.0265 3640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:36:32.0390 3640 Netlogon - ok
12:36:32.0421 3640 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
12:36:32.0546 3640 Netman - ok
12:36:32.0578 3640 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:32.0593 3640 NetTcpPortSharing - ok
12:36:32.0703 3640 [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
12:36:32.0796 3640 NETw3x32 - ok
12:36:32.0843 3640 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:36:32.0968 3640 NIC1394 - ok
12:36:33.0031 3640 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
12:36:33.0062 3640 Nla - ok
12:36:33.0140 3640 [ EF7A048FE8E3F102C78C9BD7C448BB6C ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
12:36:33.0171 3640 nosGetPlusHelper - ok
12:36:33.0218 3640 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:36:33.0406 3640 Npfs - ok
12:36:33.0453 3640 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:36:33.0593 3640 Ntfs - ok
12:36:33.0625 3640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:36:33.0734 3640 NtLmSsp - ok
12:36:33.0796 3640 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:36:33.0921 3640 NtmsSvc - ok
12:36:33.0953 3640 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:36:34.0078 3640 Null - ok
12:36:34.0234 3640 [ F238620BC9D2FDF8734948C0A4441707 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:36:34.0578 3640 nv - ok
12:36:34.0640 3640 [ D54292149E9ED49AD149879B67EC24D1 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:36:34.0687 3640 NVSvc - ok
12:36:34.0703 3640 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:36:34.0921 3640 NwlnkFlt - ok
12:36:34.0984 3640 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:36:35.0093 3640 NwlnkFwd - ok
12:36:35.0140 3640 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:36:35.0265 3640 ohci1394 - ok
12:36:35.0312 3640 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
12:36:35.0312 3640 omci ( UnsignedFile.Multi.Generic ) - warning
12:36:35.0312 3640 omci - detected UnsignedFile.Multi.Generic (1)
12:36:35.0375 3640 [ 8F856DAE19383BD69DB444004D5D4F50 ] Packet C:\WINDOWS\system32\DRIVERS\packet.sys
12:36:35.0390 3640 Packet ( UnsignedFile.Multi.Generic ) - warning
12:36:35.0390 3640 Packet - detected UnsignedFile.Multi.Generic (1)
12:36:35.0406 3640 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:36:35.0546 3640 Parport - ok
12:36:35.0546 3640 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:36:35.0703 3640 PartMgr - ok
12:36:35.0734 3640 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:36:35.0890 3640 ParVdm - ok
12:36:35.0906 3640 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:36:36.0031 3640 PCI - ok
12:36:36.0046 3640 PCIDump - ok
12:36:36.0125 3640 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:36:36.0281 3640 PCIIde - ok
12:36:36.0296 3640 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:36:36.0437 3640 Pcmcia - ok
12:36:36.0437 3640 PDCOMP - ok
12:36:36.0437 3640 PDFRAME - ok
12:36:36.0453 3640 PDRELI - ok
12:36:36.0453 3640 PDRFRAME - ok
12:36:36.0531 3640 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:36:36.0671 3640 perc2 - ok
12:36:36.0687 3640 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:36:36.0843 3640 perc2hib - ok
12:36:36.0921 3640 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
12:36:36.0984 3640 PlugPlay - ok
12:36:36.0984 3640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:36:37.0093 3640 PolicyAgent - ok
12:36:37.0140 3640 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:36:37.0265 3640 PptpMiniport - ok
12:36:37.0281 3640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:36:37.0390 3640 ProtectedStorage - ok
12:36:37.0390 3640 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:36:37.0500 3640 PSched - ok
12:36:37.0515 3640 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:36:37.0625 3640 Ptilink - ok
12:36:37.0671 3640 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:36:37.0687 3640 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:36:37.0687 3640 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:36:37.0734 3640 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:36:37.0859 3640 ql1080 - ok
12:36:37.0859 3640 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:36:37.0984 3640 Ql10wnt - ok
12:36:37.0984 3640 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:36:38.0109 3640 ql12160 - ok
12:36:38.0125 3640 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:36:38.0234 3640 ql1240 - ok
12:36:38.0234 3640 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:36:38.0359 3640 ql1280 - ok
12:36:38.0375 3640 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:36:38.0500 3640 RasAcd - ok
12:36:38.0546 3640 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:36:38.0687 3640 RasAuto - ok
12:36:38.0765 3640 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:36:39.0156 3640 Rasl2tp - ok
12:36:39.0218 3640 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:36:39.0375 3640 RasMan - ok
12:36:39.0406 3640 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:36:39.0593 3640 RasPppoe - ok
12:36:39.0593 3640 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:36:39.0718 3640 Raspti - ok
12:36:39.0750 3640 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:36:39.0875 3640 Rdbss - ok
12:36:39.0890 3640 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:36:40.0015 3640 RDPCDD - ok
12:36:40.0031 3640 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:36:40.0156 3640 rdpdr - ok
12:36:40.0218 3640 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:36:40.0250 3640 RDPWD - ok
12:36:40.0281 3640 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:36:40.0437 3640 RDSessMgr - ok
12:36:40.0515 3640 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:36:40.0656 3640 redbook - ok
12:36:40.0703 3640 [ D8894ACEFE1A607DE7D0E628285BFFF4 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
12:36:40.0734 3640 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0734 3640 RegSrvc - detected UnsignedFile.Multi.Generic (1)
12:36:40.0781 3640 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:36:40.0968 3640 RemoteAccess - ok
12:36:41.0031 3640 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:36:41.0187 3640 RemoteRegistry - ok
12:36:41.0218 3640 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:36:41.0265 3640 rimmptsk - ok
12:36:41.0265 3640 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:36:41.0312 3640 rimsptsk - ok
12:36:41.0359 3640 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:36:41.0406 3640 rismxdp - ok
12:36:41.0437 3640 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:36:41.0578 3640 RpcLocator - ok
12:36:41.0625 3640 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:36:41.0687 3640 RpcSs - ok
12:36:41.0734 3640 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:36:41.0921 3640 RSVP - ok
12:36:42.0000 3640 [ C17C3A529CE14012F9731A6E264C1911 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
12:36:42.0031 3640 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
12:36:42.0031 3640 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
12:36:42.0046 3640 [ DAEF68FC328342D219DE928C8EE610B2 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:36:42.0078 3640 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:36:42.0078 3640 s24trans - detected UnsignedFile.Multi.Generic (1)
12:36:42.0078 3640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
12:36:42.0187 3640 SamSs - ok
12:36:42.0234 3640 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:36:42.0375 3640 SCardSvr - ok
12:36:42.0421 3640 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:36:42.0531 3640 Schedule - ok
12:36:42.0578 3640 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:36:42.0703 3640 sdbus - ok
12:36:42.0734 3640 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:36:42.0843 3640 Secdrv - ok
12:36:42.0875 3640 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
12:36:42.0984 3640 seclogon - ok
12:36:43.0000 3640 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
12:36:43.0125 3640 SENS - ok
12:36:43.0156 3640 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:36:43.0265 3640 serenum - ok
12:36:43.0296 3640 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:36:43.0406 3640 Serial - ok
12:36:43.0421 3640 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:36:43.0546 3640 Sfloppy - ok
12:36:43.0625 3640 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:36:43.0765 3640 SharedAccess - ok
12:36:43.0781 3640 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:36:43.0812 3640 ShellHWDetection - ok
12:36:43.0812 3640 Simbad - ok
12:36:43.0859 3640 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:36:43.0968 3640 sisagp - ok
12:36:44.0015 3640 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
12:36:44.0046 3640 SkypeUpdate - ok
12:36:44.0062 3640 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:36:44.0218 3640 SLIP - ok
12:36:44.0265 3640 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:36:44.0406 3640 SONYPVU1 - ok
12:36:44.0421 3640 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:36:44.0515 3640 Sparrow - ok
12:36:44.0546 3640 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:36:44.0687 3640 splitter - ok
12:36:44.0734 3640 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:36:44.0781 3640 Spooler - ok
12:36:44.0796 3640 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:36:44.0921 3640 sr - ok
12:36:45.0031 3640 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
12:36:45.0140 3640 srservice - ok
12:36:45.0171 3640 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:36:45.0234 3640 Srv - ok
12:36:45.0265 3640 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
12:36:45.0281 3640 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
12:36:45.0281 3640 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
12:36:45.0328 3640 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:36:45.0437 3640 SSDPSRV - ok
12:36:45.0484 3640 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:36:45.0515 3640 ssmdrv - ok
12:36:45.0515 3640 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
12:36:45.0546 3640 ssrtln ( UnsignedFile.Multi.Generic ) - warning
12:36:45.0546 3640 ssrtln - detected UnsignedFile.Multi.Generic (1)
12:36:45.0656 3640 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
12:36:45.0750 3640 STHDA - ok
12:36:45.0843 3640 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:36:46.0093 3640 stisvc - ok
12:36:46.0140 3640 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:36:46.0281 3640 streamip - ok
12:36:46.0296 3640 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:36:46.0406 3640 swenum - ok
12:36:46.0437 3640 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:36:46.0546 3640 swmidi - ok
12:36:46.0546 3640 SwPrv - ok
12:36:46.0609 3640 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:36:46.0765 3640 symc810 - ok
12:36:46.0781 3640 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:36:46.0921 3640 symc8xx - ok
12:36:46.0937 3640 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:36:47.0046 3640 sym_hi - ok
12:36:47.0078 3640 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:36:47.0187 3640 sym_u3 - ok
12:36:47.0234 3640 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:36:47.0281 3640 SynTP - ok
12:36:47.0296 3640 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:36:47.0421 3640 sysaudio - ok
12:36:47.0515 3640 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:36:47.0625 3640 SysmonLog - ok
12:36:47.0687 3640 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:36:47.0843 3640 TapiSrv - ok
12:36:47.0921 3640 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:36:47.0953 3640 Tcpip - ok
12:36:48.0046 3640 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:36:48.0156 3640 TDPIPE - ok
12:36:48.0171 3640 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:36:48.0296 3640 TDTCP - ok
12:36:48.0312 3640 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:36:48.0437 3640 TermDD - ok
12:36:48.0484 3640 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
12:36:48.0625 3640 TermService - ok
12:36:48.0734 3640 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
12:36:48.0937 3640 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
12:36:48.0937 3640 tfsnboio - detected UnsignedFile.Multi.Generic (1)
12:36:49.0031 3640 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
12:36:49.0109 3640 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0109 3640 tfsncofs - detected UnsignedFile.Multi.Generic (1)
12:36:49.0171 3640 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
12:36:49.0265 3640 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0265 3640 tfsndrct - detected UnsignedFile.Multi.Generic (1)
12:36:49.0343 3640 [ D4400188782AA797598958969C9657D4 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
12:36:49.0359 3640 tfsndres ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0359 3640 tfsndres - detected UnsignedFile.Multi.Generic (1)
12:36:49.0359 3640 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
12:36:49.0375 3640 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0375 3640 tfsnifs - detected UnsignedFile.Multi.Generic (1)
12:36:49.0390 3640 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
12:36:49.0390 3640 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0390 3640 tfsnopio - detected UnsignedFile.Multi.Generic (1)
12:36:49.0406 3640 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
12:36:49.0406 3640 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0406 3640 tfsnpool - detected UnsignedFile.Multi.Generic (1)
12:36:49.0421 3640 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
12:36:49.0437 3640 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0437 3640 tfsnudf - detected UnsignedFile.Multi.Generic (1)
12:36:49.0437 3640 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
12:36:49.0453 3640 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0453 3640 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
12:36:49.0468 3640 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:36:49.0484 3640 Themes - ok
12:36:49.0515 3640 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:36:49.0656 3640 TlntSvr - ok
12:36:49.0671 3640 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:36:49.0796 3640 TosIde - ok
12:36:49.0828 3640 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:36:49.0953 3640 TrkWks - ok
12:36:49.0984 3640 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:36:50.0109 3640 Udfs - ok
12:36:50.0109 3640 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:36:50.0171 3640 ultra - ok
12:36:50.0218 3640 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:36:50.0343 3640 Update - ok
12:36:50.0390 3640 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:36:50.0531 3640 upnphost - ok
12:36:50.0562 3640 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
12:36:50.0671 3640 UPS - ok
12:36:50.0703 3640 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:36:50.0843 3640 usbaudio - ok
12:36:50.0859 3640 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:36:50.0968 3640 usbccgp - ok
12:36:51.0015 3640 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:36:51.0140 3640 usbehci - ok
12:36:51.0156 3640 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:36:51.0281 3640 usbhub - ok
12:36:51.0312 3640 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:36:51.0421 3640 usbprint - ok
12:36:51.0453 3640 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:36:51.0578 3640 usbscan - ok
12:36:51.0593 3640 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:36:51.0718 3640 USBSTOR - ok
12:36:51.0796 3640 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:36:51.0921 3640 usbuhci - ok
12:36:51.0921 3640 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:36:52.0031 3640 VgaSave - ok
12:36:52.0062 3640 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:36:52.0203 3640 viaagp - ok
12:36:52.0234 3640 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:36:52.0343 3640 ViaIde - ok
12:36:52.0375 3640 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:36:52.0500 3640 VolSnap - ok
12:36:52.0546 3640 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
12:36:52.0687 3640 VSS - ok
12:36:52.0718 3640 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
12:36:52.0843 3640 w32time - ok
12:36:52.0859 3640 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:36:52.0984 3640 Wanarp - ok
12:36:52.0984 3640 WDICA - ok
12:36:53.0031 3640 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:36:53.0171 3640 wdmaud - ok
12:36:53.0203 3640 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:36:53.0359 3640 WebClient - ok
12:36:53.0406 3640 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:36:53.0453 3640 winachsf - ok
12:36:53.0578 3640 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:36:53.0750 3640 winmgmt - ok
12:36:53.0843 3640 [ 22516ED8E0D89323D4E0D9CCC2848819 ] WLANKEEPER C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
12:36:53.0859 3640 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
12:36:53.0859 3640 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
12:36:53.0890 3640 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:36:54.0015 3640 WmdmPmSN - ok
12:36:54.0078 3640 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:36:54.0140 3640 Wmi - ok
12:36:54.0171 3640 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:36:54.0281 3640 WmiAcpi - ok
12:36:54.0328 3640 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:36:54.0453 3640 WmiApSrv - ok
12:36:54.0562 3640 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
12:36:54.0625 3640 WMPNetworkSvc - ok
12:36:54.0671 3640 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:36:54.0812 3640 WS2IFSL - ok
12:36:54.0859 3640 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:36:54.0968 3640 wscsvc - ok
12:36:55.0000 3640 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:36:55.0140 3640 WSTCODEC - ok
12:36:55.0156 3640 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:36:55.0265 3640 wuauserv - ok
12:36:55.0312 3640 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:36:55.0375 3640 WudfPf - ok
12:36:55.0406 3640 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:36:55.0421 3640 WudfRd - ok
12:36:55.0437 3640 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:36:55.0484 3640 WudfSvc - ok
12:36:55.0546 3640 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:36:55.0671 3640 WZCSVC - ok
12:36:55.0718 3640 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:36:55.0843 3640 xmlprov - ok
12:36:55.0859 3640 ================ Scan global ===============================
12:36:55.0890 3640 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
12:36:55.0953 3640 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:36:55.0953 3640 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:36:55.0968 3640 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
12:36:55.0968 3640 [Global] - ok
12:36:55.0984 3640 ================ Scan MBR ==================================
12:36:56.0000 3640 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
12:36:56.0312 3640 \Device\Harddisk0\DR0 - ok
12:36:56.0312 3640 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR5
12:36:56.0437 3640 \Device\Harddisk1\DR5 - ok
12:36:56.0437 3640 ================ Scan VBR ==================================
12:36:56.0437 3640 [ A2FD57E384E3BDAB42CA942C0127AAF7 ] \Device\Harddisk0\DR0\Partition1
12:36:56.0437 3640 \Device\Harddisk0\DR0\Partition1 - ok
12:36:56.0453 3640 [ 100451F8A5D73907789C377AB0450022 ] \Device\Harddisk1\DR5\Partition1
12:36:56.0453 3640 \Device\Harddisk1\DR5\Partition1 - ok
12:36:56.0453 3640 ============================================================
12:36:56.0453 3640 Scan finished
12:36:56.0453 3640 ============================================================
12:36:56.0562 1284 Detected object count: 25
12:36:56.0562 1284 Actual detected object count: 25
12:37:44.0671 1284 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284 JMP License Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284 JMP License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284 omci ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284 Packet ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284 Packet ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von cosinus (19.09.2012 um 16:04 Uhr) Grund: CODE-Tags korrigiert |
|
19.09.2012, 16:04
| #38 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 21:04
| #39 |
| | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Combofix Logfile: Code:
ATTFilter ComboFix 12-09-18.07 - xxx 19.09.2012 21:53:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1471 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\xxx\4.0
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-19 bis 2012-09-19 ))))))))))))))))))))))))))))))
.
.
2012-09-16 17:39 . 2012-09-16 17:39 -------- d-----w- C:\_OTL
2012-09-13 08:45 . 2012-09-13 08:45 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2012-09-13 08:45 . 2012-09-13 08:45 -------- d-----r- c:\programme\Skype
2012-09-05 08:15 . 2012-09-05 08:15 -------- d-----w- c:\programme\ESET
2012-09-02 14:47 . 2012-09-02 14:47 -------- d-----w- c:\dokumente und einstellungen\xxx\SystemRequirementsLab
2012-08-31 22:05 . 2012-08-31 22:05 -------- d-----w- c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Sun
2012-08-31 08:06 . 2012-08-31 08:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 08:05 . 2012-08-31 08:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-29 17:14 . 2012-08-29 17:14 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-08-29 17:14 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-09-12 08:16 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-08-29 17:14 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 15:57 . 2012-08-29 16:00 -------- d-----w- c:\programme\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 08:05 . 2010-05-13 17:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 08:05 . 2007-05-17 08:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-22 18:52 . 2012-06-23 13:00 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 18:52 . 2011-05-16 07:22 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-13 12:40 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-13 12:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-13 12:40 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-13 12:40 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-13 12:40 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-13 12:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-13 12:40 385024 ------w- c:\windows\system32\html.iec
2012-09-07 09:48 . 2012-09-07 09:48 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Corel Photo Downloader"=c:\programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
"PCMService"="c:\programme\Dell\MediaDirect\PCMService.exe"
"CTSVolFE.exe"="c:\programme\Creative\Mixer\CTSVolFE.exe" /r
"dla"=c:\windows\system32\dla\tfswctrl.exe
"nwiz"=nwiz.exe /installquiet
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SigmatelSysTrayApp"=stsystra.exe
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\VistaCodecPack\\filters\\ac3config.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programme\\Mirc\\mirc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [20.07.2012 13:14 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.07.2012 13:14 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [20.07.2012 13:14 465360]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.09.2012 00:05 399432]
S2 gupdate1c9e3af68a3f28e;Google Update Service (gupdate1c9e3af68a3f28e);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [29.08.2012 19:14 676936]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.06.2012 15:00 250568]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.08.2012 19:14 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [18.07.2012 00:55 114144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [13.08.2004 14:40 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 18:52]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN01893581694779-1079&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=1405ac500000000000000019d27abaa5&q=
FF - user.js: extensions.zonealarm.id - 1405ac500000000000000019d27abaa5
FF - user.js: extensions.zonealarm.instlDay - 15512
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.420:05
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN01893581694779-1079
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-19 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(1760)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-09-19 22:01:03
ComboFix-quarantined-files.txt 2012-09-19 20:01
.
Vor Suchlauf: 15 Verzeichnis(se), 36.994.969.600 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 37.169.143.808 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8CD76E972F682706D156AF0F67628DAA
|
|
20.09.2012, 11:37
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - http://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN01893581694779-1079&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=1405ac500000000000000019d27abaa5&q=
FF - user.js: extensions.zonealarm.id - 1405ac500000000000000019d27abaa5
FF - user.js: extensions.zonealarm.instlDay - 15512
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.420:05
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN01893581694779-1079
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2012, 12:51
| #41 |
| | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Combofix Logfile: Code:
ATTFilter ComboFix 12-09-18.07 - xxx 20.09.2012 13:40:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1502 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\xxx\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-20 bis 2012-09-20 ))))))))))))))))))))))))))))))
.
.
2012-09-16 17:39 . 2012-09-16 17:39 -------- d-----w- C:\_OTL
2012-09-13 08:45 . 2012-09-13 08:45 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2012-09-13 08:45 . 2012-09-13 08:45 -------- d-----r- c:\programme\Skype
2012-09-05 08:15 . 2012-09-05 08:15 -------- d-----w- c:\programme\ESET
2012-09-02 14:47 . 2012-09-02 14:47 -------- d-----w- c:\dokumente und einstellungen\xxx\SystemRequirementsLab
2012-08-31 22:05 . 2012-08-31 22:05 -------- d-----w- c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Sun
2012-08-31 08:06 . 2012-08-31 08:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 08:05 . 2012-08-31 08:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-29 17:14 . 2012-08-29 17:14 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-08-29 17:14 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-09-12 08:16 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-08-29 17:14 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 15:57 . 2012-08-29 16:00 -------- d-----w- c:\programme\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 08:05 . 2010-05-13 17:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 08:05 . 2007-05-17 08:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-22 18:52 . 2012-06-23 13:00 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 18:52 . 2011-05-16 07:22 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-13 12:40 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-13 12:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-13 12:40 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-13 12:40 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-13 12:40 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-13 12:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-13 12:40 385024 ------w- c:\windows\system32\html.iec
2012-09-07 09:48 . 2012-09-07 09:48 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-19_19.58.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-09-19 19:11 . 2012-09-19 19:11 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2012-09-20 06:03 . 2012-09-20 06:03 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2007-03-19 21:21 . 2012-09-20 08:54 99653 c:\windows\system32\nvModes.dat
- 2007-03-19 21:21 . 2012-09-19 12:01 99653 c:\windows\system32\nvModes.dat
+ 2012-09-20 06:39 . 2012-09-20 06:39 22016 c:\windows\Installer\20f362.msi
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Corel Photo Downloader"=c:\programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
"PCMService"="c:\programme\Dell\MediaDirect\PCMService.exe"
"CTSVolFE.exe"="c:\programme\Creative\Mixer\CTSVolFE.exe" /r
"dla"=c:\windows\system32\dla\tfswctrl.exe
"nwiz"=nwiz.exe /installquiet
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SigmatelSysTrayApp"=stsystra.exe
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\VistaCodecPack\\filters\\ac3config.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programme\\Mirc\\mirc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [20.07.2012 13:14 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.07.2012 13:14 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [20.07.2012 13:14 465360]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.09.2012 00:05 399432]
S2 gupdate1c9e3af68a3f28e;Google Update Service (gupdate1c9e3af68a3f28e);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [29.08.2012 19:14 676936]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.06.2012 15:00 250568]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.08.2012 19:14 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [18.07.2012 00:55 114144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [13.08.2004 14:40 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 18:52]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-20 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(2020)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3268)
c:\programme\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\JBNSHK.dll
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\CTIntrfc.dll
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-09-20 13:49:03
ComboFix-quarantined-files.txt 2012-09-20 11:49
ComboFix2.txt 2012-09-19 20:01
.
Vor Suchlauf: 16 Verzeichnis(se), 37.116.276.736 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 37.087.072.256 Bytes frei
.
- - End Of File - - 990AC9C114BB82BBA53671988ACE72C5
|
|
20.09.2012, 19:28
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2012, 23:27
| #43 |
| | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-21 00:24:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC74P
Running: 3uxn2hrl.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\pxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT BA6B7F84 ZwClose
SSDT BA6B7F3E ZwCreateKey
SSDT BA6B7F8E ZwCreateSection
SSDT BA6B7F34 ZwCreateThread
SSDT BA6B7F43 ZwDeleteKey
SSDT BA6B7F4D ZwDeleteValueKey
SSDT BA6B7F7F ZwDuplicateObject
SSDT BA6B7F52 ZwLoadKey
SSDT BA6B7F20 ZwOpenProcess
SSDT BA6B7F25 ZwOpenThread
SSDT BA6B7FA7 ZwQueryValueKey
SSDT BA6B7F5C ZwReplaceKey
SSDT BA6B7F98 ZwRequestWaitReplyPort
SSDT BA6B7F57 ZwRestoreKey
SSDT BA6B7F93 ZwSetContextThread
SSDT BA6B7F9D ZwSetSecurityObject
SSDT BA6B7F48 ZwSetValueKey
SSDT BA6B7FA2 ZwSystemDebugControl
SSDT BA6B7F2F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95DA380, 0x21FC8D, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:37:18 on 21.09.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "Auto Internet Protocol" (Packet) - "SingleClick Systems" - C:\WINDOWS\System32\DRIVERS\packet.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys "drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys "DSproct" (DSproct) - "GTek Technologies Ltd." - C:\Programme\Dell Support\GTAction\triggers\DSproct.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "OMCI WDM Device Driver" (omci) - "Dell Inc" - C:\WINDOWS\System32\DRIVERS\omci.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "pxtdypog" (pxtdypog) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\pxtdypog.sys (Hidden registry entry, rootkit activity | File not found) "sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys "tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys "tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys "tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys "tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys "tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys "tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys "tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys "tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys "tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll (File found, but it contains no detailed information) {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {A68865DD-EE3C-4442-9BE9-1BAB2576E3FA} "NOMAD Explorer" - "Creative Technology Ltd" - C:\Programme\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS\Downloaded Program Files\gp.ocx / hxxp://www.adobe.com/products/acrobat/nos/gp.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://snoop999.spaces.live.com//PhotoUpload/MsnPUpld.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342088690281 {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204 {7FC1B346-83E6-4774-8D20-1A6B09B0E737} "Windows Live Photo Upload Control" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll / hxxp://snoop999.spaces.live.com/PhotoUpload/MsnPUpld.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Programme\BAE\BAE.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start "OpwareSE2" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "pdfcmon" - "pdfforge GbR" - C:\WINDOWS\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Advanced Networking Service" (hnmsvc) - "SingleClick Systems" - C:\Programme\Dell Network Assistant\hnm_svc.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll "Google Update Service (gupdate1c9e3af68a3f28e)" (gupdate1c9e3af68a3f28e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) - "Intel(R) Corporation" - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe "Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jqs.exe "JMP License Service" (JMP License Service) - "SAS Institute Inc." - C:\Programme\Gemeinsame Dateien\SAS Institute Inc Shared\Service\JMPLicSvc.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Ich hatte beim Booten eine Meldung, die ich noch nicht kannte: noch vor dem Öffnen des Benutzerkontos mit Passwort fand ich den Hinweis, dass es in diesem Benutzerkonto eine ungelesene Mail gibt (was auch stimmte). Hat das mit den Aktionen zu tun, die ich bereits gemacht habe? Und der IE ist wieder als Standardbrowser eingestellt, was bei den aktuellen Meldungen nicht meine erste Wahl ist. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 00:43:02
-----------------------------
00:43:02.718 OS Version: Windows 5.1.2600 Service Pack 3
00:43:02.718 Number of processors: 2 586 0xF06
00:43:02.718 ComputerName: MOBIL UserName:
00:43:03.500 Initialize success
01:02:18.136 AVAST engine defs: 12092001
01:03:15.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:03:15.202 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
01:03:15.295 Disk 0 MBR read successfully
01:03:15.295 Disk 0 MBR scan
01:03:15.342 Disk 0 unknown MBR code
01:03:15.389 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
01:03:15.405 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147416 MB offset 160650
01:03:15.420 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 302086260
01:03:15.483 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306279225
01:03:15.561 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 302086323
01:03:15.608 Disk 0 scanning sectors +312576705
01:03:15.889 Disk 0 scanning C:\WINDOWS\system32\drivers
01:04:25.466 Service scanning
01:04:52.325 Modules scanning
01:05:50.591 Disk 0 trace - called modules:
01:05:50.622 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:05:50.622 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a755ab8]
01:05:50.622 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a7c5510]
01:05:50.622 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7c4940]
01:05:51.263 AVAST engine scan C:\WINDOWS
01:06:09.528 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat"
01:06:09.528 The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 11:11:28
-----------------------------
11:11:28.953 OS Version: Windows 5.1.2600 Service Pack 3
11:11:28.953 Number of processors: 2 586 0xF06
11:11:28.953 ComputerName: MOBIL UserName:
11:11:29.781 Initialize success
11:11:48.968 AVAST engine defs: 12092001
11:11:59.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:11:59.218 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
11:11:59.265 Disk 0 MBR read successfully
11:11:59.265 Disk 0 MBR scan
11:11:59.375 Disk 0 unknown MBR code
11:11:59.375 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
11:11:59.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147416 MB offset 160650
11:11:59.453 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 302086260
11:11:59.468 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306279225
11:11:59.562 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 302086323
11:11:59.703 Disk 0 scanning sectors +312576705
11:11:59.921 Disk 0 scanning C:\WINDOWS\system32\drivers
11:12:44.796 Service scanning
11:13:14.609 Modules scanning
11:13:43.187 Disk 0 trace - called modules:
11:13:43.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:13:43.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7beab8]
11:13:43.234 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a792f18]
11:13:43.234 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7b2d98]
11:13:43.953 AVAST engine scan C:\WINDOWS
11:14:00.187 AVAST engine scan C:\WINDOWS\system32
11:18:31.640 AVAST engine scan C:\WINDOWS\system32\drivers
11:18:57.921 AVAST engine scan C:\Dokumente und Einstellungen\xxx
11:24:15.593 File: C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads\incredimail_install.exe **INFECTED** Win32:Adware-gen [Adw]
11:37:14.078 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:38:52.781 Scan finished successfully
11:39:14.078 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat"
11:39:14.125 The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.txt"
|
|
21.09.2012, 14:57
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2012, 18:31
| #45 |
| | Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe Nach der Datensicherung??? ah ok, das habe ich schon erledigt, ich mache FixMBR. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 19:39:17
-----------------------------
19:39:17.296 OS Version: Windows 5.1.2600 Service Pack 3
19:39:17.296 Number of processors: 2 586 0xF06
19:39:17.296 ComputerName: MOBIL UserName:
19:39:18.125 Initialize success
19:39:34.656 AVAST engine defs: 12092001
19:39:38.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:39:38.140 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
19:39:38.156 Disk 0 MBR read successfully
19:39:38.156 Disk 0 MBR scan
19:39:38.187 Disk 0 Windows XP default MBR code
19:39:38.187 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
19:39:38.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147416 MB offset 160650
19:39:38.218 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 302086260
19:39:38.250 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306279225
19:39:38.281 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 302086323
19:39:38.281 Disk 0 scanning sectors +312576705
19:39:38.421 Disk 0 scanning C:\WINDOWS\system32\drivers
19:39:55.078 Service scanning
19:40:23.843 Modules scanning
19:40:31.890 Disk 0 trace - called modules:
19:40:31.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:40:31.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7c4ab8]
19:40:31.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a7a2510]
19:40:31.921 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7c7940]
19:40:32.859 AVAST engine scan C:\WINDOWS
19:40:45.343 AVAST engine scan C:\WINDOWS\system32
19:44:06.640 AVAST engine scan C:\WINDOWS\system32\drivers
19:44:30.671 AVAST engine scan C:\Dokumente und Einstellungen\xxx
19:48:03.578 File: C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads\incredimail_install.exe **INFECTED** Win32:Adware-gen [Adw]
19:59:16.718 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:00:52.718 Scan finished successfully
20:04:23.343 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat"
20:04:23.343 The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.txt"
|
|
| Themen zu Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe |
| brauche, brauche hilfe, datei, erstell, gemeldet, geschickt, infektion, infiziert, pum.disabled.securitycenter, quarantäne, rechner, system, säubern, textdatei |
Linear-Darstellung
