| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.09.2012, 10:14
| #1 |
 |  Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Hallo, am Mittwoch 29.8. habe ich beim kopieren einer alten Powerpoint-Datei (von einer externen Festplatte auf die andere) die Mitteilung bekommen, die Datei wäre mit Constructor.A infiziert. Ich habe sie in die Avira-Quarantäne verschoben und mir nichts weiter gedacht. Einen Tag später wurden mir beim Surfen im Internet die Trojaner Atraps.Gen und Atraps.Gen2 von Avira angezeigt. Ich habe sie sofort in Quarantäne gesteckt, aber sie tauchten immer wieder auf, auch nach einem Neustart! Inszwischen habe ich sie ca. 4x in Quarantäne gesteckt! Ich wollte dann einen Avira Suchlauf über C: durchführen: Beim ersten Mal erschien der Windows Installationsassistent zur Installation neuer Hardware. Das kam mir komisch vor (weil ich ja keine neue Hardware angeschlossen hatte) und ich habe ihn ignoriert, was dazu führte dass der Suchlauf nicht weiterlief. Beim zweiten Mal brachte Avira die Meldung, Explorer.exe und svchost.exe seien infiziert. Das kam mir ebenfalls komisch vor und ich habe diese Dateien nicht wie vorgeschlagen in Quarantäne gesteckt. Daraufhin wurde der Suchlauf abgebrochen mit dem Ergebnis "Keine Funde". Im Avira-Board wurde mir aufgrund dieser Beschreibung gesagt mein Rechner sei kompromittiert und da helfe nur neuaufsetzen...  Muss das wirklich sein?P.S. Die beiden externen Festplatten habe ich von einem sauberen Rechner aus mit Malwarebytes gescannt, ohne Befund. Die infizierte ppt ist auch nicht mehr drauf zu finden (ich nehme an das liegt daran, dass ich sie in Quarantäne gesteckt habe?). Als mir einen Tag später die Trojaner Atraps.Gen und Atraps.Gen2 angezeigt wurden, waren die externen Festplatten nicht angeschlossen. P.P.S. Ich bin Freiberuflerin, aber meine "Firma" besteht nur aus mir. Könnt ihr mir helfen? Hallo, ich habe wie in der Anleitung gefordert defogger laufen lassen und dann einen Scan mit OTL gemacht. Ich hoffe mit diesen Angaben nimmt sich jemand meines Problems an? OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.09.2012 14:26:09 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dokumente und Einstellungen\Annika\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,92% Memory free 2,60 Gb Paging File | 2,12 Gb Available in Paging File | 81,55% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 7,47 Gb Free Space | 19,13% Space Free | Partition Type: NTFS Drive F: | 16,81 Gb Total Space | 5,88 Gb Free Space | 34,98% Space Free | Partition Type: NTFS Computer Name: LOSANGELES | User Name: Annika | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.02 14:00:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Annika\Desktop\OTL.exe PRC - [2012.08.30 14:28:37 | 000,145,408 | -H-- | M] (Hauppauge Computer Works) -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\WMPRWISE.EXE PRC - [2012.08.29 07:47:27 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.08 15:03:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.11 21:00:46 | 000,919,008 | R--- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.05.09 12:08:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 12:08:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 12:08:41 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.01.23 19:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe PRC - [2011.01.23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecmon.exe PRC - [2010.04.14 22:08:12 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeccoms.exe PRC - [2010.01.26 15:22:38 | 001,897,952 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\NasNavi.exe PRC - [2009.09.18 19:48:34 | 002,412,032 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.18 19:48:28 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe PRC - [2009.05.15 21:36:50 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\NASNAVI\nassche.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.02.13 23:38:04 | 000,479,232 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe PRC - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe PRC - [2003.08.14 14:19:14 | 000,049,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SensKbd.exe PRC - [2003.01.03 04:12:32 | 000,126,976 | R--- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.02 14:23:04 | 000,055,808 | -H-- | M] () -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\ntuser.dat MOD - [2012.09.02 14:23:03 | 000,009,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\desktop.ini MOD - [2012.06.16 12:10:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012.06.16 12:08:03 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.16 12:07:46 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.16 00:41:48 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.06.16 00:41:30 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.06.16 00:41:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.14 10:31:38 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll MOD - [2012.05.14 10:31:26 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll MOD - [2012.05.14 10:29:49 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll MOD - [2012.05.14 10:29:43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.13 21:54:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.13 21:51:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll MOD - [2012.05.13 21:32:11 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.13 21:31:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.09 12:08:45 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.01.23 19:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe MOD - [2011.01.23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecmon.exe MOD - [2010.04.05 12:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizard.dll MOD - [2010.04.05 12:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\customui.dll MOD - [2010.04.05 12:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epfunct.dll MOD - [2010.04.05 12:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\eputil.dll MOD - [2010.04.05 12:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\imagutil.dll MOD - [2010.04.01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecdrs.dll MOD - [2010.04.01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecscw.dll MOD - [2009.11.26 08:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXECPMON.DLL MOD - [2009.11.05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2009.11.04 15:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxecdrpp.dll MOD - [2009.06.23 13:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epoemdll.dll MOD - [2009.06.23 13:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epstring.dll MOD - [2009.06.23 13:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizres.dll MOD - [2009.05.27 14:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdatr.dll MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\LXECsmr.dll MOD - [2009.04.07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\iptk.dll MOD - [2009.03.10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxeccaps.dll MOD - [2009.03.02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXECsm.dll MOD - [2009.01.13 15:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXECoem.dll MOD - [2007.04.02 19:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2001.10.23 19:59:00 | 000,045,056 | ---- | M] () -- C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\KbdHook.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.08.29 07:47:27 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.07.27 19:33:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.05.09 12:08:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 12:08:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.14 22:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device) SRV - [2010.04.14 22:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService) SRV - [2009.09.18 19:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\DOKUME~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM) DRV - File not found [Kernel | System | Stopped] -- C:\DOKUME~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\aexpamdrv.sys -- (AEXPAM) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Annika\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM) DRV - [2012.05.09 12:08:46 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 12:08:46 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.11 14:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2009.08.18 13:06:56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.08.18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.08.18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.08.18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.08.18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.06.30 18:46:24 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004.09.29 12:10:18 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd) DRV - [2004.07.22 15:50:16 | 001,268,234 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.03.16 06:40:00 | 001,657,344 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) DRV - [2003.08.25 07:42:18 | 000,111,808 | ---- | M] (Applied Drivers Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cwawdm.sys -- (cs429x) DRV - [2003.05.15 11:09:00 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2002.11.20 07:52:14 | 000,033,664 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {00274FB1-2CEA-4713-B85E-13D6026CF14F} IE - HKCU\..\SearchScopes\{00274FB1-2CEA-4713-B85E-13D6026CF14F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.12 17:35:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.15 13:37:43 | 000,000,000 | ---D | M] [2010.01.21 23:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Mozilla\Extensions [2012.05.02 21:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Mozilla\Firefox\Profiles\5tdizccg.default\extensions [2011.04.24 21:39:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Mozilla\Firefox\Profiles\5tdizccg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.07 10:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Mozilla\Firefox\Profiles\5tdizccg.default\extensions\nostmp [2012.03.27 08:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.27 19:33:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.19 22:48:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.03.27 08:10:42 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.27 08:10:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.27 08:10:42 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.27 08:10:42 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.27 08:10:42 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.27 08:10:42 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Keyword Project Manager = C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\emjneogdbgaldgefibeojpbbckmgflkl\1.1.9_0\ O1 HOSTS File: ([2011.04.22 22:52:22 | 000,432,836 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14895 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe () O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [Lexmark Pro800-Pro900 Series Fax Server] C:\Programme\Lexmark Pro800-Pro900 Series\fm3032.exe () O4 - HKLM..\Run: [lxecmon.exe] C:\Programme\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SENS Keyboard V4 Launcher] C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE (SAMSUNG Electronics Co., Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\WMPRWISE.EXE (Hauppauge Computer Works) O4 - Startup: C:\Dokumente und Einstellungen\Annika\Startmenü\Programme\Autostart\BUFFALO NAS Navigator2.lnk = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) O4 - Startup: C:\Dokumente und Einstellungen\Annika\Startmenü\Programme\Autostart\NAS Scheduler.lnk = C:\Programme\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: vitalsana.eu ([www3] http in Vertrauenswürdige Sites) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264113472451 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93985F03-39EE-4D7B-BD07-1E032AA4A4EF}: DhcpNameServer = 10.3.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F252F4-431B-4720-9F4E-B2AFDD660F1E}: NameServer = 139.7.30.125,139.7.30.126 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.21 18:35:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{61a54190-06ad-11df-b8a5-e6523032e9ba}\Shell - "" = AutoRun O33 - MountPoints2\{61a54190-06ad-11df-b8a5-e6523032e9ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{61a54190-06ad-11df-b8a5-e6523032e9ba}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.02 14:15:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Annika\Desktop\OTL.exe [2012.08.30 14:28:38 | 000,145,408 | -H-- | C] (Hauppauge Computer Works) -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\WMPRWISE.EXE [2012.08.29 07:51:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Sun [2012.08.29 07:48:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.08.27 10:20:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Annika\Startmenü\Programme\Google Chrome [2012.08.17 11:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Nvu [2012.08.17 11:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nvu [2012.08.17 11:16:46 | 000,000,000 | ---D | C] -- C:\Programme\Nvu [2012.08.17 11:08:50 | 000,000,000 | ---D | C] -- C:\Programme\phase5 [2012.08.17 10:55:10 | 000,000,000 | ---D | C] -- C:\Programme\MozBackup [2012.08.12 17:50:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.08.12 17:48:35 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.08.12 17:48:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.08.12 17:43:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [2012.08.12 17:42:53 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2012.08.12 17:35:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2012.08.12 17:34:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.02 14:28:13 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-2102356035-1004UA.job [2012.09.02 14:24:32 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\defogger_reenable [2012.09.02 14:22:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.02 14:22:25 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys [2012.09.02 14:16:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.02 14:07:10 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\Desktop\7z920.exe [2012.09.02 14:01:28 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\Desktop\g39ykoco.exe [2012.09.02 14:00:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Annika\Desktop\OTL.exe [2012.09.02 13:39:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\Desktop\Defogger.exe [2012.08.30 14:28:37 | 000,145,408 | -H-- | M] (Hauppauge Computer Works) -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\WMPRWISE.EXE [2012.08.30 10:28:01 | 000,001,162 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-2102356035-1004Core.job [2012.08.28 14:25:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.08.27 10:20:21 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\Desktop\Google Chrome.lnk [2012.08.22 19:00:39 | 000,007,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.17 10:56:11 | 001,354,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\Eigene Dateien\Firefox 14.0.1 (de) - 2012-08-17.pcv [2012.08.15 13:37:43 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2012.08.12 17:50:18 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.08.12 17:35:16 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.08.12 13:15:40 | 000,019,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Annika\.recently-used.xbel [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.02 14:24:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\defogger_reenable [2012.09.02 14:20:05 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\Desktop\7z920.exe [2012.09.02 14:19:58 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\Desktop\g39ykoco.exe [2012.09.02 14:14:25 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\Desktop\Defogger.exe [2012.08.27 10:20:21 | 000,002,365 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\Desktop\Google Chrome.lnk [2012.08.27 10:17:05 | 000,001,214 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-2102356035-1004UA.job [2012.08.27 10:17:04 | 000,001,162 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-2102356035-1004Core.job [2012.08.17 10:56:09 | 001,354,161 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\Eigene Dateien\Firefox 14.0.1 (de) - 2012-08-17.pcv [2012.08.12 17:50:18 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.08.12 17:35:16 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.08.12 17:25:22 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.08.12 13:15:40 | 000,019,496 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\.recently-used.xbel [2012.02.16 15:54:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.05.28 16:30:07 | 000,081,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.04.24 18:29:19 | 000,707,639 | ---- | C] () -- C:\WINDOWS\Premium Wallpapers [from www.metacafe.com] #1.jpg [2011.04.01 13:27:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.11.29 00:26:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxecvs.dll [2010.11.29 00:26:35 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoin.dll [2010.11.29 00:26:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxecgcfg.dll [2010.11.29 00:26:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeccui.dll [2010.11.29 00:26:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeccuir.dll [2010.11.29 00:10:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXECPMON.DLL [2010.11.29 00:10:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXECFXPU.DLL [2010.11.29 00:10:00 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXECoem.dll [2010.11.29 00:06:39 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxecrwrd.ini [2010.11.29 00:06:05 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll [2010.11.29 00:06:04 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEChcp.dll [2010.11.29 00:06:03 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecinpa.dll [2010.11.29 00:06:03 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeciesc.dll [2010.11.29 00:06:02 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecserv.dll [2010.11.29 00:06:02 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecusb1.dll [2010.11.29 00:05:56 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecpmui.dll [2010.11.29 00:05:55 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeclmpm.dll [2010.11.29 00:05:54 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxecinsb.dll [2010.11.29 00:05:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lxecinsr.dll [2010.11.29 00:05:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxecjswr.dll [2010.11.29 00:05:53 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecih.exe [2010.11.29 00:05:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxecins.dll [2010.11.29 00:05:52 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxechbn3.dll [2010.11.29 00:05:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxecgrd.dll [2010.11.29 00:05:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeccub.dll [2010.11.29 00:05:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeccur.dll [2010.11.29 00:05:51 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoms.exe [2010.11.29 00:05:51 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeccu.dll [2010.11.29 00:05:50 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomc.dll [2010.11.29 00:05:50 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll [2010.11.29 00:05:49 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccfg.exe [2010.11.15 19:22:05 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll [2010.11.15 19:22:04 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll [2010.11.11 20:46:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe [2010.11.11 20:06:07 | 000,000,443 | ---- | C] () -- C:\WINDOWS\hpw0460k.ini [2010.11.11 20:04:12 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpdj460.ini [2010.10.25 21:18:23 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2010.01.21 21:33:10 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.15 20:17:10 | 000,130,520 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 ========== LOP Check ========== [2012.05.11 11:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CREALOGIX [2010.01.27 19:42:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverScanner [2010.01.24 21:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions [2011.03.06 00:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2010.12.30 14:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexmark Pro800-Pro900 Series [2011.03.06 01:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.11.15 19:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pro800-Pro900 Series [2010.05.13 19:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.11.16 22:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.05.26 21:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.01.22 01:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2012.08.12 13:15:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\gtk-2.0 [2011.04.25 20:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\NASNaviator2 [2011.03.06 01:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Nokia [2012.08.17 11:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Nvu [2011.03.06 01:02:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\PC Suite [2010.12.06 19:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Pro800-Pro900 Series [2010.10.17 17:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Vodafone [2011.04.24 18:19:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Windows Desktop Search [2011.05.28 16:07:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Annika\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.09.2012 14:26:09 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dokumente und Einstellungen\Annika\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,92% Memory free
2,60 Gb Paging File | 2,12 Gb Available in Paging File | 81,55% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 7,47 Gb Free Space | 19,13% Space Free | Partition Type: NTFS
Drive F: | 16,81 Gb Total Space | 5,88 Gb Free Space | 34,98% Space Free | Partition Type: NTFS
Computer Name: LOSANGELES | User Name: Annika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.BNFLE5NIMZKPZXGGM4RLHY6ZZI] -- C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{27263813-8BDE-4CD2-84D3-02536743428A}_is1" = Attribute Changer 6.20
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B557D1FB-631F-4D1A-9E86-5DC10CEBC03B}" = HP Color LaserJet 4700
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E575CAA7-3ABC-417E-9352-30EF31611E13}" = SENS Keyboard V4 Launcher
"{EB44102C-759C-46B4-9B15-3C649A4A5D20}" = Documents Manager 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FinePrint" = FinePrint
"FLIQLO" = FLIQLO Screen Saver
"HP Color LaserJet 4700" = HP Color LaserJet 4700
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"Nvu_is1" = Nvu 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"UN060501" = BUFFALO NAS Navigator2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.08.2012 04:40:17 | Computer Name = LOSANGELES | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 21.0.1180.83, fehlgeschlagenes
Modul chrome.dll, Version 21.0.1180.83, Fehleradresse 0x0008a2e7.
Error - 29.08.2012 04:36:50 | Computer Name = LOSANGELES | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 30.08.2012 04:23:45 | Computer Name = LOSANGELES | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 30.08.2012 08:28:42 | Computer Name = LOSANGELES | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmprwise.exe, Version 8.1.0.12387, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 30.08.2012 08:29:33 | Computer Name = LOSANGELES | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich -1160947511.
Error - 30.08.2012 09:05:06 | Computer Name = LOSANGELES | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung POWERPNT.EXE, Version 12.0.6600.1000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30.08.2012 09:08:43 | Computer Name = LOSANGELES | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 30.08.2012 09:11:39 | Computer Name = LOSANGELES | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmprwise.exe, Version 8.1.0.12387, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 02.09.2012 08:12:34 | Computer Name = LOSANGELES | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 02.09.2012 08:22:33 | Computer Name = LOSANGELES | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ OSession Events ]
Error - 10.11.2011 03:44:45 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 89
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.11.2011 04:49:53 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.01.2012 13:28:16 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.01.2012 06:09:26 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 120
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.02.2012 04:53:06 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 86
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.04.2012 04:48:47 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.04.2012 05:43:41 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 101
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.04.2012 05:43:10 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 95
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.05.2012 05:26:49 | Computer Name = LOSANGELES | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.09.2012 08:13:46 | Computer Name = LOSANGELES | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 02.09.2012 08:13:46 | Computer Name = LOSANGELES | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
Error - 02.09.2012 08:15:16 | Computer Name = LOSANGELES | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek LEXAR GEYSER JUMPDRIVE USB Device nicht laden.
Error - 02.09.2012 08:15:20 | Computer Name = LOSANGELES | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek LEXAR GEYSER JUMPDRIVE USB Device nicht laden.
Error - 02.09.2012 08:16:55 | Computer Name = LOSANGELES | Source = VolSnap | ID = 393228
Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend
Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde.
Error - 02.09.2012 08:20:47 | Computer Name = LOSANGELES | Source = VolSnap | ID = 393241
Description = Die Schattenkopie von Volume "C:" wurde abgebrochen, weil die Bereichsvergleichsdatei
nicht rechtzeitig vergrößert wurde. Verringern Sie die E/A-Last auf diesem System,
um dieses Problem zukünftig zu verhindern.
Error - 02.09.2012 08:23:45 | Computer Name = LOSANGELES | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxecCATSCustConnectService.
Error - 02.09.2012 08:23:45 | Computer Name = LOSANGELES | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 02.09.2012 08:23:45 | Computer Name = LOSANGELES | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 02.09.2012 08:23:45 | Computer Name = LOSANGELES | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
< End of report >
Hier noch der Gmer-Scan. Am Ende kam ein Hinweis: "Warnung! GMER has found system modification causes by rootkit activity". Das habe ich mit ok bestätigt. Dann mit save das Logfile gespeichert. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-02 15:50:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2060AT rev.0022
Running: g39ykoco.exe; Driver: C:\DOKUME~1\Annika\LOKALE~1\Temp\awlyqfow.sys
---- System - GMER 1.0.15 ----
SSDT F7AA470C ZwClose
SSDT F7AA46C6 ZwCreateKey
SSDT F7AA4716 ZwCreateSection
SSDT F7AA46BC ZwCreateThread
SSDT F7AA46CB ZwDeleteKey
SSDT F7AA46D5 ZwDeleteValueKey
SSDT F7AA4707 ZwDuplicateObject
SSDT F7AA46DA ZwLoadKey
SSDT F7AA46A8 ZwOpenProcess
SSDT F7AA46AD ZwOpenThread
SSDT F7AA472F ZwQueryValueKey
SSDT F7AA46E4 ZwReplaceKey
SSDT F7AA4720 ZwRequestWaitReplyPort
SSDT F7AA46DF ZwRestoreKey
SSDT F7AA471B ZwSetContextThread
SSDT F7AA4725 ZwSetSecurityObject
SSDT F7AA46D0 ZwSetValueKey
SSDT F7AA472A ZwSystemDebugControl
SSDT F7AA46B7 ZwTerminateProcess
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2040] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\z (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [556] 0x45670000
Library c:\windows\system32\z (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1148] 0x45670000
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Temp\ArmUI.ini 170356 bytes
---- EOF - GMER 1.0.15 ----
|
|
03.09.2012, 12:51
| #2 |
| /// Selecta Jahrusso   | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.09.2012, 14:35
| #3 |
| | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Hallo Daniel! Danke, dass Du mir hilfst - Ich hätte gar nicht erwartet, so schnell eine Antwort zu bekommen!
__________________Hier die Logdatei von TDSS (Ich habe Avira momentan auf dem Laptop ausgeschaltet, weil mich die ständigen Pop-ups nerven, hoffe das ist ok? Ich gehe damit aber nicht ins Netz). 15:29:02.0905 0704 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 15:29:02.0925 0704 ============================================================ 15:29:02.0925 0704 Current date / time: 2012/09/03 15:29:02.0925 15:29:02.0925 0704 SystemInfo: 15:29:02.0925 0704 15:29:02.0925 0704 OS Version: 5.1.2600 ServicePack: 3.0 15:29:02.0925 0704 Product type: Workstation 15:29:02.0925 0704 ComputerName: LOSANGELES 15:29:02.0925 0704 UserName: Annika 15:29:02.0925 0704 Windows directory: C:\WINDOWS 15:29:02.0925 0704 System windows directory: C:\WINDOWS 15:29:02.0925 0704 Processor architecture: Intel x86 15:29:02.0925 0704 Number of processors: 1 15:29:02.0925 0704 Page size: 0x1000 15:29:02.0925 0704 Boot type: Normal boot 15:29:02.0925 0704 ============================================================ 15:29:05.0028 0704 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:29:05.0028 0704 ============================================================ 15:29:05.0028 0704 \Device\Harddisk0\DR0: 15:29:05.0028 0704 MBR partitions: 15:29:05.0028 0704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7D82, BlocksNum 0x4E1EE2B 15:29:05.0048 0704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E26BEC, BlocksNum 0x219D1D3 15:29:05.0048 0704 ============================================================ 15:29:05.0098 0704 C: <-> \Device\Harddisk0\DR0\Partition1 15:29:05.0138 0704 F: <-> \Device\Harddisk0\DR0\Partition2 15:29:05.0138 0704 ============================================================ 15:29:05.0138 0704 Initialize success 15:29:05.0138 0704 ============================================================ 15:29:14.0642 2184 ============================================================ 15:29:14.0642 2184 Scan started 15:29:14.0642 2184 Mode: Manual; 15:29:14.0642 2184 ============================================================ 15:29:15.0063 2184 ================ Scan system memory ======================== 15:29:15.0063 2184 System memory - ok 15:29:15.0073 2184 ================ Scan services ============================= 15:29:15.0193 2184 Abiosdsk - ok 15:29:15.0213 2184 abp480n5 - ok 15:29:15.0253 2184 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:29:15.0253 2184 ACPI - ok 15:29:15.0303 2184 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 15:29:15.0303 2184 ACPIEC - ok 15:29:15.0373 2184 ADDMEM - ok 15:29:15.0393 2184 adpu160m - ok 15:29:15.0423 2184 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 15:29:15.0433 2184 aec - ok 15:29:15.0443 2184 AEXPAM - ok 15:29:15.0503 2184 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 15:29:15.0513 2184 AFD - ok 15:29:15.0633 2184 [ B894A08F2A01E27C1989C31C96FDDE83 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys 15:29:15.0713 2184 AgereSoftModem - ok 15:29:15.0774 2184 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys 15:29:15.0774 2184 agp440 - ok 15:29:15.0794 2184 Aha154x - ok 15:29:15.0804 2184 aic78u2 - ok 15:29:15.0814 2184 aic78xx - ok 15:29:15.0854 2184 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 15:29:15.0854 2184 Alerter - ok 15:29:15.0884 2184 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 15:29:15.0894 2184 ALG - ok 15:29:15.0904 2184 AliIde - ok 15:29:15.0914 2184 amsint - ok 15:29:16.0034 2184 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 15:29:16.0044 2184 AntiVirSchedulerService - ok 15:29:16.0094 2184 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 15:29:16.0094 2184 AntiVirService - ok 15:29:16.0164 2184 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:29:16.0164 2184 Apple Mobile Device - ok 15:29:16.0174 2184 AppMgmt - ok 15:29:16.0204 2184 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 15:29:16.0204 2184 Arp1394 - ok 15:29:16.0214 2184 asc - ok 15:29:16.0234 2184 asc3350p - ok 15:29:16.0244 2184 asc3550 - ok 15:29:16.0344 2184 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:29:16.0374 2184 aspnet_state - ok 15:29:16.0425 2184 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:29:16.0425 2184 AsyncMac - ok 15:29:16.0485 2184 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 15:29:16.0495 2184 atapi - ok 15:29:16.0505 2184 Atdisk - ok 15:29:16.0545 2184 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:29:16.0545 2184 Atmarpc - ok 15:29:16.0595 2184 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 15:29:16.0595 2184 AudioSrv - ok 15:29:16.0645 2184 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 15:29:16.0645 2184 audstub - ok 15:29:16.0675 2184 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:29:16.0685 2184 avgntflt - ok 15:29:16.0755 2184 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:29:16.0755 2184 avipbb - ok 15:29:16.0815 2184 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 15:29:16.0815 2184 avkmgr - ok 15:29:16.0885 2184 [ 068523D2CD260069B19AD68ADEA0D739 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 15:29:16.0885 2184 bcm4sbxp - ok 15:29:16.0945 2184 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 15:29:16.0945 2184 Beep - ok 15:29:17.0015 2184 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\System32\qmgr.dll 15:29:17.0075 2184 BITS - ok 15:29:17.0186 2184 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 15:29:17.0196 2184 Bonjour Service - ok 15:29:17.0226 2184 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll 15:29:17.0226 2184 Browser - ok 15:29:17.0286 2184 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 15:29:17.0286 2184 cbidf2k - ok 15:29:17.0296 2184 cd20xrnt - ok 15:29:17.0336 2184 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 15:29:17.0336 2184 Cdaudio - ok 15:29:17.0396 2184 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 15:29:17.0396 2184 Cdfs - ok 15:29:17.0446 2184 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:29:17.0456 2184 Cdrom - ok 15:29:17.0466 2184 Changer - ok 15:29:17.0506 2184 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 15:29:17.0506 2184 CiSvc - ok 15:29:17.0556 2184 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 15:29:17.0556 2184 ClipSrv - ok 15:29:17.0596 2184 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:29:17.0676 2184 clr_optimization_v2.0.50727_32 - ok 15:29:17.0706 2184 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:29:17.0706 2184 CmBatt - ok 15:29:17.0716 2184 CmdIde - ok 15:29:17.0746 2184 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:29:17.0746 2184 Compbatt - ok 15:29:17.0756 2184 COMSysApp - ok 15:29:17.0786 2184 Cpqarray - ok 15:29:17.0817 2184 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 15:29:17.0817 2184 CryptSvc - ok 15:29:17.0877 2184 [ ABBF6ED49648D9378270107065C332C6 ] cs429x C:\WINDOWS\system32\drivers\cwawdm.sys 15:29:17.0877 2184 cs429x - ok 15:29:17.0887 2184 dac2w2k - ok 15:29:17.0897 2184 dac960nt - ok 15:29:17.0977 2184 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 15:29:17.0987 2184 DcomLaunch - ok 15:29:18.0057 2184 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 15:29:18.0057 2184 Dhcp - ok 15:29:18.0107 2184 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 15:29:18.0107 2184 Disk - ok 15:29:18.0127 2184 dmadmin - ok 15:29:18.0217 2184 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 15:29:18.0277 2184 dmboot - ok 15:29:18.0317 2184 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 15:29:18.0317 2184 dmio - ok 15:29:18.0367 2184 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 15:29:18.0367 2184 dmload - ok 15:29:18.0417 2184 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 15:29:18.0427 2184 dmserver - ok 15:29:18.0457 2184 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 15:29:18.0457 2184 DMusic - ok 15:29:18.0518 2184 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 15:29:18.0518 2184 Dnscache - ok 15:29:18.0588 2184 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 15:29:18.0588 2184 Dot3svc - ok 15:29:18.0658 2184 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys 15:29:18.0658 2184 Dot4 - ok 15:29:18.0688 2184 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 15:29:18.0688 2184 Dot4Print - ok 15:29:18.0728 2184 [ 8013C4109D7C3DB4AC74AC93DA7D37A7 ] dot4ufd C:\WINDOWS\system32\DRIVERS\hppaufd0.sys 15:29:18.0728 2184 dot4ufd - ok 15:29:18.0738 2184 dpti2o - ok 15:29:18.0768 2184 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 15:29:18.0768 2184 drmkaud - ok 15:29:18.0808 2184 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 15:29:18.0808 2184 EapHost - ok 15:29:18.0828 2184 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 15:29:18.0828 2184 ERSvc - ok 15:29:18.0888 2184 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 15:29:18.0898 2184 Eventlog - ok 15:29:18.0968 2184 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll 15:29:18.0978 2184 EventSystem - ok 15:29:19.0018 2184 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 15:29:19.0028 2184 Fastfat - ok 15:29:19.0078 2184 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 15:29:19.0088 2184 FastUserSwitchingCompatibility - ok 15:29:19.0128 2184 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 15:29:19.0128 2184 Fdc - ok 15:29:19.0178 2184 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 15:29:19.0178 2184 Fips - ok 15:29:19.0198 2184 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 15:29:19.0198 2184 Flpydisk - ok 15:29:19.0269 2184 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 15:29:19.0269 2184 FltMgr - ok 15:29:19.0379 2184 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:29:19.0379 2184 FontCache3.0.0.0 - ok 15:29:19.0409 2184 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:29:19.0409 2184 Fs_Rec - ok 15:29:19.0429 2184 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:29:19.0439 2184 Ftdisk - ok 15:29:19.0489 2184 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:29:19.0489 2184 GEARAspiWDM - ok 15:29:19.0529 2184 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:29:19.0529 2184 Gpc - ok 15:29:19.0569 2184 [ F0A0041644A2E026044C6EEEC42B7241 ] gv3 C:\WINDOWS\system32\DRIVERS\gv3.sys 15:29:19.0569 2184 gv3 - ok 15:29:19.0659 2184 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:29:19.0659 2184 helpsvc - ok 15:29:19.0679 2184 HidServ - ok 15:29:19.0729 2184 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:29:19.0729 2184 hidusb - ok 15:29:19.0789 2184 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 15:29:19.0799 2184 hkmsvc - ok 15:29:19.0809 2184 hpn - ok 15:29:19.0869 2184 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 15:29:19.0879 2184 HTTP - ok 15:29:19.0930 2184 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 15:29:19.0940 2184 HTTPFilter - ok 15:29:19.0970 2184 i2omgmt - ok 15:29:19.0980 2184 i2omp - ok 15:29:20.0040 2184 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:29:20.0050 2184 i8042prt - ok 15:29:20.0150 2184 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:29:20.0200 2184 idsvc - ok 15:29:20.0240 2184 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 15:29:20.0250 2184 Imapi - ok 15:29:20.0310 2184 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe 15:29:20.0320 2184 ImapiService - ok 15:29:20.0340 2184 ini910u - ok 15:29:20.0370 2184 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 15:29:20.0370 2184 IntelIde - ok 15:29:20.0420 2184 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:29:20.0420 2184 intelppm - ok 15:29:20.0460 2184 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys 15:29:20.0460 2184 ip6fw - ok 15:29:20.0510 2184 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:29:20.0510 2184 IpFilterDriver - ok 15:29:20.0540 2184 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:29:20.0540 2184 IpInIp - ok 15:29:20.0580 2184 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:29:20.0580 2184 IpNat - ok 15:29:20.0681 2184 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Programme\iPod\bin\iPodService.exe 15:29:20.0711 2184 iPod Service - ok 15:29:20.0751 2184 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:29:20.0761 2184 IPSec - ok 15:29:20.0791 2184 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 15:29:20.0801 2184 IRENUM - ok 15:29:20.0851 2184 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:29:20.0851 2184 isapnp - ok 15:29:21.0051 2184 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 15:29:21.0051 2184 JavaQuickStarterService - ok 15:29:21.0101 2184 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:29:21.0111 2184 Kbdclass - ok 15:29:21.0141 2184 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 15:29:21.0151 2184 kmixer - ok 15:29:21.0181 2184 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 15:29:21.0181 2184 KMWDFILTER - ok 15:29:21.0241 2184 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 15:29:21.0251 2184 KSecDD - ok 15:29:21.0312 2184 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 15:29:21.0312 2184 lanmanserver - ok 15:29:21.0382 2184 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 15:29:21.0392 2184 lanmanworkstation - ok 15:29:21.0402 2184 lbrtfdc - ok 15:29:21.0472 2184 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 15:29:21.0472 2184 LmHosts - ok 15:29:21.0562 2184 [ 6311F8863D898CE60C048779F9D86E74 ] lxecCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe 15:29:21.0612 2184 lxecCATSCustConnectService - ok 15:29:21.0642 2184 lxec_device - ok 15:29:21.0682 2184 [ 112DB6314BB175BA5F27A66E11C01D77 ] massfilter C:\WINDOWS\system32\DRIVERS\massfilter.sys 15:29:21.0692 2184 massfilter - ok 15:29:21.0712 2184 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 15:29:21.0722 2184 Messenger - ok 15:29:21.0772 2184 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 15:29:21.0772 2184 mnmdd - ok 15:29:21.0822 2184 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe 15:29:21.0822 2184 mnmsrvc - ok 15:29:21.0872 2184 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 15:29:21.0872 2184 Modem - ok 15:29:21.0922 2184 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:29:21.0922 2184 Mouclass - ok 15:29:21.0952 2184 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:29:21.0962 2184 mouhid - ok 15:29:22.0003 2184 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 15:29:22.0003 2184 MountMgr - ok 15:29:22.0093 2184 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 15:29:22.0103 2184 MozillaMaintenance - ok 15:29:22.0123 2184 mraid35x - ok 15:29:22.0163 2184 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:29:22.0173 2184 MRxDAV - ok 15:29:22.0263 2184 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:29:22.0303 2184 MRxSmb - ok 15:29:22.0343 2184 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe 15:29:22.0343 2184 MSDTC - ok 15:29:22.0393 2184 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 15:29:22.0393 2184 Msfs - ok 15:29:22.0403 2184 MSIServer - ok 15:29:22.0443 2184 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:29:22.0443 2184 MSKSSRV - ok 15:29:22.0453 2184 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:29:22.0453 2184 MSPCLOCK - ok 15:29:22.0473 2184 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 15:29:22.0473 2184 MSPQM - ok 15:29:22.0523 2184 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:29:22.0523 2184 mssmbios - ok 15:29:22.0543 2184 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 15:29:22.0553 2184 Mup - ok 15:29:22.0623 2184 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 15:29:22.0653 2184 napagent - ok 15:29:22.0673 2184 NasPmService - ok 15:29:22.0704 2184 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 15:29:22.0714 2184 NDIS - ok 15:29:22.0754 2184 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:29:22.0754 2184 NdisTapi - ok 15:29:22.0784 2184 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:29:22.0784 2184 Ndisuio - ok 15:29:22.0814 2184 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:29:22.0814 2184 NdisWan - ok 15:29:22.0844 2184 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 15:29:22.0844 2184 NDProxy - ok 15:29:22.0874 2184 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 15:29:22.0884 2184 NetBIOS - ok 15:29:22.0914 2184 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 15:29:22.0914 2184 NetBT - ok 15:29:22.0974 2184 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 15:29:22.0974 2184 NetDDE - ok 15:29:22.0994 2184 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 15:29:23.0004 2184 NetDDEdsdm - ok 15:29:23.0044 2184 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe 15:29:23.0044 2184 Netlogon - ok 15:29:23.0084 2184 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 15:29:23.0094 2184 Netman - ok 15:29:23.0144 2184 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:29:23.0154 2184 NetTcpPortSharing - ok 15:29:23.0194 2184 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 15:29:23.0194 2184 NIC1394 - ok 15:29:23.0274 2184 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 15:29:23.0284 2184 Nla - ok 15:29:23.0294 2184 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 15:29:23.0294 2184 Npfs - ok 15:29:23.0354 2184 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 15:29:23.0405 2184 Ntfs - ok 15:29:23.0415 2184 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 15:29:23.0425 2184 NtLmSsp - ok 15:29:23.0485 2184 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 15:29:23.0525 2184 NtmsSvc - ok 15:29:23.0555 2184 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 15:29:23.0555 2184 Null - ok 15:29:23.0715 2184 [ D471993BE5C31209376A18C3978E32D7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 15:29:23.0745 2184 nv - ok 15:29:23.0815 2184 [ 6022ADF1289ABEB9E3211FCC99FA905A ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 15:29:23.0825 2184 NVSvc - ok 15:29:23.0875 2184 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:29:23.0875 2184 NwlnkFlt - ok 15:29:23.0895 2184 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:29:23.0895 2184 NwlnkFwd - ok 15:29:23.0995 2184 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 15:29:24.0025 2184 odserv - ok 15:29:24.0065 2184 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 15:29:24.0065 2184 ohci1394 - ok 15:29:24.0126 2184 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 15:29:24.0136 2184 ose - ok 15:29:24.0186 2184 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 15:29:24.0186 2184 Parport - ok 15:29:24.0216 2184 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 15:29:24.0216 2184 PartMgr - ok 15:29:24.0266 2184 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 15:29:24.0266 2184 ParVdm - ok 15:29:24.0336 2184 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 15:29:24.0336 2184 pccsmcfd - ok 15:29:24.0376 2184 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 15:29:24.0376 2184 PCI - ok 15:29:24.0396 2184 PCIDump - ok 15:29:24.0426 2184 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 15:29:24.0426 2184 PCIIde - ok 15:29:24.0446 2184 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 15:29:24.0456 2184 Pcmcia - ok 15:29:24.0466 2184 PDCOMP - ok 15:29:24.0486 2184 PDFRAME - ok 15:29:24.0496 2184 PDRELI - ok 15:29:24.0506 2184 PDRFRAME - ok 15:29:24.0526 2184 perc2 - ok 15:29:24.0546 2184 perc2hib - ok 15:29:24.0606 2184 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 15:29:24.0616 2184 PlugPlay - ok 15:29:24.0656 2184 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe 15:29:24.0656 2184 Pml Driver HPZ12 - ok 15:29:24.0666 2184 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe 15:29:24.0676 2184 PolicyAgent - ok 15:29:24.0726 2184 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:29:24.0726 2184 PptpMiniport - ok 15:29:24.0746 2184 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 15:29:24.0746 2184 Processor - ok 15:29:24.0756 2184 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 15:29:24.0766 2184 ProtectedStorage - ok 15:29:24.0777 2184 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 15:29:24.0777 2184 PSched - ok 15:29:24.0797 2184 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:29:24.0807 2184 Ptilink - ok 15:29:24.0807 2184 ql1080 - ok 15:29:24.0817 2184 Ql10wnt - ok 15:29:24.0827 2184 ql12160 - ok 15:29:24.0837 2184 ql1240 - ok 15:29:24.0847 2184 ql1280 - ok 15:29:24.0857 2184 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:29:24.0857 2184 RasAcd - ok 15:29:24.0897 2184 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 15:29:24.0907 2184 RasAuto - ok 15:29:24.0927 2184 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:29:24.0937 2184 Rasl2tp - ok 15:29:24.0987 2184 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 15:29:24.0997 2184 RasMan - ok 15:29:25.0027 2184 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:29:25.0027 2184 RasPppoe - ok 15:29:25.0037 2184 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 15:29:25.0037 2184 Raspti - ok 15:29:25.0077 2184 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:29:25.0077 2184 Rdbss - ok 15:29:25.0097 2184 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:29:25.0097 2184 RDPCDD - ok 15:29:25.0147 2184 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 15:29:25.0157 2184 RDPWD - ok 15:29:25.0187 2184 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 15:29:25.0187 2184 RDSessMgr - ok 15:29:25.0247 2184 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 15:29:25.0247 2184 redbook - ok 15:29:25.0297 2184 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 15:29:25.0307 2184 RemoteAccess - ok 15:29:25.0327 2184 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe 15:29:25.0337 2184 RpcLocator - ok 15:29:25.0387 2184 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 15:29:25.0397 2184 RpcSs - ok 15:29:25.0437 2184 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe 15:29:25.0447 2184 RSVP - ok 15:29:25.0457 2184 s24trans - ok 15:29:25.0488 2184 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 15:29:25.0488 2184 SamSs - ok 15:29:25.0498 2184 SASDIFSV - ok 15:29:25.0508 2184 SASENUM - ok 15:29:25.0518 2184 SASKUTIL - ok 15:29:25.0578 2184 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 15:29:25.0578 2184 SCardSvr - ok 15:29:25.0638 2184 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 15:29:25.0648 2184 Schedule - ok 15:29:25.0678 2184 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:29:25.0678 2184 Secdrv - ok 15:29:25.0708 2184 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 15:29:25.0708 2184 seclogon - ok 15:29:25.0768 2184 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 15:29:25.0768 2184 SENS - ok 15:29:25.0788 2184 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 15:29:25.0798 2184 Serial - ok 15:29:25.0908 2184 [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe 15:29:25.0958 2184 ServiceLayer - ok 15:29:26.0008 2184 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 15:29:26.0008 2184 Sfloppy - ok 15:29:26.0058 2184 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 15:29:26.0068 2184 ShellHWDetection - ok 15:29:26.0088 2184 Simbad - ok 15:29:26.0108 2184 Sparrow - ok 15:29:26.0158 2184 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 15:29:26.0158 2184 splitter - ok 15:29:26.0219 2184 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 15:29:26.0219 2184 Spooler - ok 15:29:26.0249 2184 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 15:29:26.0259 2184 sr - ok 15:29:26.0299 2184 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll 15:29:26.0309 2184 srservice - ok 15:29:26.0369 2184 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 15:29:26.0399 2184 Srv - ok 15:29:26.0449 2184 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 15:29:26.0449 2184 SSDPSRV - ok 15:29:26.0499 2184 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:29:26.0499 2184 ssmdrv - ok 15:29:26.0579 2184 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 15:29:26.0609 2184 stisvc - ok 15:29:26.0649 2184 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 15:29:26.0649 2184 swenum - ok 15:29:26.0679 2184 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 15:29:26.0679 2184 swmidi - ok 15:29:26.0699 2184 SwPrv - ok 15:29:26.0719 2184 symc810 - ok 15:29:26.0739 2184 symc8xx - ok 15:29:26.0749 2184 sym_hi - ok 15:29:26.0769 2184 sym_u3 - ok 15:29:26.0839 2184 [ A98E55430E2EA8768CBCC878C7CD4074 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 15:29:26.0870 2184 SynTP - ok 15:29:26.0890 2184 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 15:29:26.0890 2184 sysaudio - ok 15:29:26.0920 2184 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 15:29:26.0930 2184 SysmonLog - ok 15:29:26.0980 2184 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 15:29:26.0990 2184 TapiSrv - ok 15:29:27.0060 2184 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:29:27.0090 2184 Tcpip - ok 15:29:27.0140 2184 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 15:29:27.0140 2184 TDPIPE - ok 15:29:27.0170 2184 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 15:29:27.0170 2184 TDTCP - ok 15:29:27.0230 2184 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 15:29:27.0230 2184 TermDD - ok 15:29:27.0280 2184 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 15:29:27.0310 2184 TermService - ok 15:29:27.0350 2184 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 15:29:27.0350 2184 Themes - ok 15:29:27.0370 2184 TosIde - ok 15:29:27.0430 2184 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 15:29:27.0440 2184 TrkWks - ok 15:29:27.0500 2184 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 15:29:27.0500 2184 Udfs - ok 15:29:27.0530 2184 ultra - ok 15:29:27.0601 2184 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 15:29:27.0621 2184 Update - ok 15:29:27.0671 2184 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 15:29:27.0701 2184 upnphost - ok 15:29:27.0731 2184 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 15:29:27.0731 2184 UPS - ok 15:29:27.0781 2184 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 15:29:27.0781 2184 USBAAPL - ok 15:29:27.0841 2184 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:29:27.0841 2184 usbccgp - ok 15:29:27.0891 2184 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:29:27.0901 2184 usbehci - ok 15:29:27.0951 2184 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:29:27.0951 2184 usbhub - ok 15:29:28.0021 2184 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:29:28.0021 2184 usbprint - ok 15:29:28.0061 2184 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:29:28.0061 2184 usbscan - ok 15:29:28.0111 2184 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:29:28.0121 2184 usbstor - ok 15:29:28.0161 2184 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:29:28.0161 2184 usbuhci - ok 15:29:28.0201 2184 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 15:29:28.0211 2184 VgaSave - ok 15:29:28.0221 2184 ViaIde - ok 15:29:28.0342 2184 [ 60C4B117ED03861379B2EE54EBFC8581 ] VMCService C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 15:29:28.0342 2184 VMCService - ok 15:29:28.0402 2184 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 15:29:28.0402 2184 VolSnap - ok 15:29:28.0472 2184 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 15:29:28.0502 2184 VSS - ok 15:29:28.0652 2184 [ B6CB2CCE557CE57C72C3D31E701E6E39 ] w22n51 C:\WINDOWS\system32\DRIVERS\w22n51.sys 15:29:28.0772 2184 w22n51 - ok 15:29:28.0993 2184 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys 15:29:29.0153 2184 w29n51 - ok 15:29:29.0223 2184 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll 15:29:29.0223 2184 W32Time - ok 15:29:29.0283 2184 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:29:29.0283 2184 Wanarp - ok 15:29:29.0303 2184 WDICA - ok 15:29:29.0353 2184 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 15:29:29.0353 2184 wdmaud - ok 15:29:29.0403 2184 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 15:29:29.0413 2184 WebClient - ok 15:29:29.0513 2184 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 15:29:29.0523 2184 winmgmt - ok 15:29:29.0583 2184 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 15:29:29.0583 2184 WmdmPmSN - ok 15:29:29.0633 2184 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 15:29:29.0644 2184 WmiApSrv - ok 15:29:29.0754 2184 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 15:29:29.0814 2184 WMPNetworkSvc - ok 15:29:29.0824 2184 WSearch - ok 15:29:29.0884 2184 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 15:29:29.0914 2184 wuauserv - ok 15:29:29.0954 2184 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:29:29.0954 2184 WudfPf - ok 15:29:30.0004 2184 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:29:30.0004 2184 WudfRd - ok 15:29:30.0064 2184 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 15:29:30.0074 2184 WudfSvc - ok 15:29:30.0144 2184 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 15:29:30.0184 2184 WZCSVC - ok 15:29:30.0234 2184 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 15:29:30.0244 2184 xmlprov - ok 15:29:30.0294 2184 [ D169ECBDE1291B7D720441550D15D104 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys 15:29:30.0304 2184 ZTEusbmdm6k - ok 15:29:30.0345 2184 [ D788E7D89CC491644D7A45B227F9B25E ] ZTEusbnet C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys 15:29:30.0345 2184 ZTEusbnet - ok 15:29:30.0385 2184 [ D169ECBDE1291B7D720441550D15D104 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys 15:29:30.0395 2184 ZTEusbnmea - ok 15:29:30.0425 2184 [ D169ECBDE1291B7D720441550D15D104 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys 15:29:30.0435 2184 ZTEusbser6k - ok 15:29:30.0465 2184 [ D169ECBDE1291B7D720441550D15D104 ] ZTEusbvoice C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys 15:29:30.0465 2184 ZTEusbvoice - ok 15:29:30.0505 2184 ================ Scan global =============================== 15:29:30.0555 2184 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 15:29:30.0615 2184 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 15:29:30.0675 2184 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 15:29:30.0705 2184 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 15:29:30.0715 2184 [Global] - ok 15:29:30.0715 2184 ================ Scan MBR ================================== 15:29:30.0745 2184 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 15:29:31.0005 2184 \Device\Harddisk0\DR0 - ok 15:29:31.0015 2184 ================ Scan VBR ================================== 15:29:31.0015 2184 [ 82AFF8AD915B3C3EA253A2F357EF0F8D ] \Device\Harddisk0\DR0\Partition1 15:29:31.0025 2184 \Device\Harddisk0\DR0\Partition1 - ok 15:29:31.0066 2184 [ A36C1A72C96A00D30B0F7D1893545329 ] \Device\Harddisk0\DR0\Partition2 15:29:31.0076 2184 \Device\Harddisk0\DR0\Partition2 - ok 15:29:31.0076 2184 ============================================================ 15:29:31.0076 2184 Scan finished 15:29:31.0076 2184 ============================================================ 15:29:31.0096 2140 Detected object count: 0 15:29:31.0096 2140 Actual detected object count: 0 Viele Grüße Annika |
|
03.09.2012, 15:28
| #4 |
| /// Selecta Jahrusso | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? [code] Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.09.2012, 15:49
| #5 |
| | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Combofix sagt: Combofix hat festgestellt, dass folgende REal-Time Scanner aktiv sind: antivirus: Avira Desktop (...) Bitte deaktiviere diese Scanner, bevor Du auf "ok" klickst. Ich habe jedoch den Echtzeit-Scanner auf "inaktiv" gesetzt und das Symbol unten rechts zeigt einen geschlossenen Regenschirm. Muss ich Avira noch irgendwo anders ausschalten? Im Windows Task Manager werden unter den Prozessen avgnt.exe, avguard.exe und avshadow.exe angezeigt. Soll ich diese vielleicht beenden? |
|
03.09.2012, 16:15
| #6 |
| /// Selecta Jahrusso | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Die wirst du im Taskmanager nicht beenden können. Klicke einfach OK.
__________________ --> Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? |
|
03.09.2012, 16:40
| #7 |
| | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Es ist keine Wiederherstellungskonsole drauf. Allerdings bekomme ich keine Internetverbindung mehr, weder per WLAN noch per Kabel (habe 2 verschiedene LAN-Kabel ausprobiert, aber er sagt minutenlang nur "Netzwerkadresse beziehen".) Der Laptop war nicht mehr am Internet, seit mir die Atraps.Gen., Atraps.Gen2 gemeldet wurden. Er versucht zwar immer, beim hochfahren das WLAN zu aktivieren, aber ich habe immer sofort den Knopf gedrückt um es auszuschalten. Die Fehlermeldung vom WLAN hänge ich unten dran. Ich schau mal in die Microsoft Knowledge Base wie in der Fehlermeldung geschrieben... Der PC, mit dem ich hier schreibe hängt allerdings am selben WLAN und hat keine Probleme... |
|
03.09.2012, 16:43
| #8 |
| /// Selecta Jahrusso | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Um die Verbindung müssen wir uns später kümmern. Das ist die Infektion, die alle möglichen Dienste versaut. Gehe auf die Mircosoft Seite => http://support.microsoft.com/?scid=kb%3Bde%3B310994&x=21&y=12 Wähle den Download, der für dein Betriebssystem bestimmt ist: Hinweis: Für WinXP Sp3 wähle die Sp2 Version.  Lade die Datei herunter und speichere diese mit dem original Namen, neben ComboFix.exe ab.  Nun schließe alle offenen Programme und Fenster, inklusive der Antiviren und Antimalware Programme. Dies ist notwendig, damit kein Program den Suchlauf von ComboFix behindert.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.09.2012, 17:06
| #9 |
| | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Geschafft! Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-03.06 - Annika 03.09.2012 17:55:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1533 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Annika\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Annika\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\SPL1D9.tmp
c:\dokumente und einstellungen\All Users\SPLC5.tmp
c:\dokumente und einstellungen\Annika\Anwendungsdaten\desktop.ini
c:\dokumente und einstellungen\Annika\Anwendungsdaten\ntuser.dat
c:\dokumente und einstellungen\Annika\Anwendungsdaten\WMPRWISE.EXE
c:\recycler\S-1-5-18\$ad2b480b6f586adc3e37d56f447dc2ef\@
c:\recycler\S-1-5-18\$ad2b480b6f586adc3e37d56f447dc2ef\n
c:\recycler\S-1-5-21-789336058-839522115-2102356035-1004\$ad2b480b6f586adc3e37d56f447dc2ef\n
C:\Thumbs.db
c:\windows\system32\CNCUPM2K.tmp
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\hpz3l3y2.dll.1
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-03 bis 2012-09-03 ))))))))))))))))))))))))))))))
.
.
2012-08-29 05:51 . 2012-08-29 05:51 -------- d-----w- c:\dokumente und einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Sun
2012-08-29 05:48 . 2012-08-29 05:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2012-08-29 05:48 . 2012-08-29 05:47 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-29 05:47 . 2012-08-29 05:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-17 09:16 . 2012-08-17 09:16 -------- d-----w- c:\dokumente und einstellungen\Annika\Anwendungsdaten\Nvu
2012-08-17 09:16 . 2012-08-17 09:16 -------- d-----w- c:\programme\Nvu
2012-08-17 09:08 . 2012-08-17 09:16 -------- d-----w- c:\programme\phase5
2012-08-17 08:55 . 2012-08-17 09:07 -------- d-----w- c:\programme\MozBackup
2012-08-12 15:48 . 2012-08-12 15:48 -------- d-----w- c:\programme\iPod
2012-08-12 15:48 . 2012-08-12 15:50 -------- d-----w- c:\programme\iTunes
2012-08-12 15:43 . 2012-08-12 15:43 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Apple Computer
2012-08-12 15:42 . 2012-08-12 15:42 -------- d-----w- c:\programme\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 05:47 . 2012-02-19 20:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-29 05:47 . 2010-05-25 08:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 07:18 . 2012-04-11 17:55 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 07:18 . 2011-06-23 11:42 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2003-04-02 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-27 17:33 . 2011-10-25 06:07 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2003-04-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2003-04-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
.
[-] 2008-04-14 06:52 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 06:52 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
.
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
.
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-04-14 06:52 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
.
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2003-04-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2003-04-02 . 1B2C477D8847E4123DD8761D2E9008F7 . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\ksuser.dll
[-] 2002-12-11 23:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2003-04-02 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\AGP440.SYS
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
.
[-] 2008-04-14 06:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 06:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2002-12-11 23:14 . CA6CC3A47D8813208CEE02EB40DACA21 . 355328 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2002-12-11 23:14 . 61CC64C43BEC193100E3722F6CF4B1E1 . 284160 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[-] 2008-04-14 06:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 06:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
.
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-01-05 3043328]
"nwiz"="nwiz.exe" [2004-01-05 753664]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2003-01-03 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2003-01-03 577536]
"SENS Keyboard V4 Launcher"="c:\programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE" [2003-08-14 49152]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2005-02-13 479232]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"lxecmon.exe"="c:\programme\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
"EzPrint"="c:\programme\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 148280]
"Lexmark Pro800-Pro900 Series Fax Server"="c:\programme\Lexmark Pro800-Pro900 Series\fm3032.exe" [2011-01-23 316072]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Annika\Startmenü\Programme\Autostart\
BUFFALO NAS Navigator2.lnk - c:\programme\BUFFALO\NASNAVI\NasNavi.exe [2011-4-25 1897952]
NAS Scheduler.lnk - c:\programme\BUFFALO\NASNAVI\nassche.exe [2011-4-25 206128]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [08.02.2012 14:08 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.02.2012 14:08 86224]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R2 NasPmService;NAS PM Service;c:\programme\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\programme\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18.09.2009 19:48 9216]
S1 SASDIFSV;SASDIFSV;\??\c:\dokume~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\dokume~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\dokume~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\dokume~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [29.11.2010 00:26 193192]
S3 ADDMEM;ADDMEM;\??\c:\dokume~1\Annika\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS --> c:\dokume~1\Annika\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS [?]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys --> c:\windows\system32\Drivers\aexpamdrv.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.10.2010 17:54 9728]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 15:18 113120]
S3 SASENUM;SASENUM;\??\c:\dokume~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\dokume~1\Annika\LOKALE~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17.10.2010 17:58 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [17.10.2010 17:58 105088]
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 11:34]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-2102356035-1004Core.job
- c:\dokumente und einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-08-27 08:17]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-2102356035-1004UA.job
- c:\dokumente und einstellungen\Annika\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-08-27 08:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: vitalsana.eu\www3
TCP: Interfaces\{C2F252F4-431B-4720-9F4E-B2AFDD660F1E}: NameServer = 139.7.30.125,139.7.30.126
FF - ProfilePath - c:\dokumente und einstellungen\Annika\Anwendungsdaten\Mozilla\Firefox\Profiles\5tdizccg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Microsoft Firewall 2.9 - c:\dokumente und einstellungen\Annika\Anwendungsdaten\WMPRWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-03 18:00
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-03 18:04:01
ComboFix-quarantined-files.txt 2012-09-03 16:03
.
Vor Suchlauf: 7.878.225.920 Bytes frei
Nach Suchlauf: 8.316.686.336 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B710AB7048976911DEB39E0B3F3C36C4
|
|
03.09.2012, 17:32
| #10 |
| /// Selecta Jahrusso | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Downloade dir bitte ServiceRepair.exe auf deinem Desktop. Doppelklick auf die Datei und bestätige die ersten Nachricht mit Yes. Das Tool wird einen Neustart verlangen, dies bitte zulassen. Downloade dir bitte Farbar's Service Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.09.2012, 17:46
| #11 |
| | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Hier der FSS-Scan: Farbar Service Scanner Version: 06-08-2012 Ran by Annika (administrator) on 03-09-2012 at 18:43:47 Running from "C:\Dokumente und Einstellungen\Annika\Desktop" Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error: Yahoo IP is unreachable Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2003-04-02 14:00] - [2008-04-14 08:52] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll [2003-04-02 14:00] - [2009-04-20 19:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07 C:\WINDOWS\system32\ipnathlp.dll [2010-01-21 19:22] - [2008-04-14 08:52] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF C:\WINDOWS\system32\netman.dll [2003-04-02 14:00] - [2008-04-14 08:52] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C C:\WINDOWS\system32\wbem\WMIsvc.dll [2010-01-21 18:30] - [2008-04-14 08:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\srsvc.dll [2010-01-21 18:32] - [2008-04-14 08:52] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182 C:\WINDOWS\system32\Drivers\sr.sys [2010-01-21 18:32] - [2008-04-14 08:32] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F C:\WINDOWS\system32\wscsvc.dll [2010-01-21 21:02] - [2008-04-14 08:52] - 0080896 ____N (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D C:\WINDOWS\system32\wbem\WMIsvc.dll [2010-01-21 18:30] - [2008-04-14 08:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 C:\WINDOWS\system32\wuauserv.dll [2010-01-21 18:30] - [2008-04-14 08:52] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085 C:\WINDOWS\system32\qmgr.dll [2010-01-21 18:32] - [2008-04-14 08:52] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1 C:\WINDOWS\system32\es.dll [2010-01-21 19:22] - [2008-07-07 22:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74 C:\WINDOWS\system32\cryptsvc.dll [2010-01-21 19:13] - [2008-04-14 08:52] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D C:\WINDOWS\system32\svchost.exe [2003-04-02 14:00] - [2008-04-14 08:53] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366 C:\WINDOWS\system32\rpcss.dll [2010-01-21 19:22] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B C:\WINDOWS\system32\services.exe [2003-04-02 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(9) Tcpip(4) 0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000 IpSec Tag value is correct. **** End of log **** |
|
03.09.2012, 18:01
| #12 |
| /// Selecta Jahrusso | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter if exist "%temp%\look.txt" del /a/f/q "%temp%\look.txt"
>"%temp%\look.txt" (
for %%g in (
browser
dhcp
dnscache
netman
nlasvc
nla
rpcss
lanmanserver
lmhosts
lanmanworkstation
wzcsvc
afd
netbt
tcpip
ipsec
tdx
) do (
sc qc %%g
)
)
notepad "%temp%\look.txt"
del %0
Es wird sich ein Textdokument öffnen, poste den Inhalt bitte hier.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.09.2012, 18:10
| #13 |
| | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Hier ist das Ergebnis: C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc browser ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: browser TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Computerbrowser DEPENDENCIES : LanmanWorkstation : LanmanServer SERVICE_START_NAME : LocalSystem C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc dhcp ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: dhcp TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP-Client DEPENDENCIES : Tcpip : Afd : NetBT SERVICE_START_NAME : LocalSystem C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc dnscache ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: dnscache TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS-Client DEPENDENCIES : Tcpip SERVICE_START_NAME : NT AUTHORITY\NetworkService C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc netman ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: netman TYPE : 120 WIN32_SHARE_PROCESS (interactive) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Netzwerkverbindungen DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc nlasvc ) [SC] OpenService FAILED 1060: Der angegebene Dienst ist kein installierter Dienst. C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc nla ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: nla TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : NLA (Network Location Awareness) DEPENDENCIES : Tcpip : Afd SERVICE_START_NAME : LocalSystem C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc rpcss ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: rpcss TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remoteprozeduraufruf (RPC) DEPENDENCIES : SERVICE_START_NAME : NT Authority\NetworkService C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc lanmanserver ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: lanmanserver TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Server DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc lmhosts ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: lmhosts TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : TCP/IP-NetBIOS-Hilfsprogramm DEPENDENCIES : NetBT : Afd SERVICE_START_NAME : NT AUTHORITY\LocalService C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc lanmanworkstation ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: lanmanworkstation TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : NetworkProvider TAG : 0 DISPLAY_NAME : Arbeitsstationsdienst DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc wzcsvc ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: wzcsvc TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : Konfigurationsfreie drahtlose Verbindung DEPENDENCIES : RpcSs : Ndisuio SERVICE_START_NAME : LocalSystem C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc afd ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: afd TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : Umgebung für die AFD-Netzwerkunterstützung DEPENDENCIES : SERVICE_START_NAME : C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc netbt ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: netbt TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : System32\DRIVERS\netbt.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 6 DISPLAY_NAME : NetBios über TCP/IP DEPENDENCIES : Tcpip SERVICE_START_NAME : C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc tcpip ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: tcpip TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : System32\DRIVERS\tcpip.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 4 DISPLAY_NAME : TCP/IP-Protokolltreiber DEPENDENCIES : IPSec SERVICE_START_NAME : C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc ipsec ) [SC] GetServiceConfig SUCCESS SERVICE_NAME: ipsec TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 5 DISPLAY_NAME : IPSEC-Treiber DEPENDENCIES : SERVICE_START_NAME : C:\Dokumente und Einstellungen\Annika\Desktop>(sc qc tdx ) [SC] OpenService FAILED 1060: Der angegebene Dienst ist kein installierter Dienst. |
|
03.09.2012, 18:56
| #14 |
| /// Selecta Jahrusso | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Geht das Internet wieder ? ( Ich bezweifle es zwar, aber fragen muss ich )
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.09.2012, 19:26
| #15 |
| | Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? Jaa!!  Sowohl per WLAN als auch mit LAN-Kabel 1 und 2. VG, Annika |
|
| Themen zu Atraps.Gen., Atraps.Gen2, Constructor.A - sind diese entfernbar? |
| abgebrochen, atraps.gen, atraps.gen., atraps.gen2, constructor.a, dateien, ebenfalls, ergebnis, explorer.exe, festplatte, festplatten, geschlossen, infiziert., infizierte, internet, kopieren, malwarebytes, meldung, neuer, neustart, nicht mehr, nichts, office 2007, platte, plug-in, rechner, surfen, svchost.exe, trojaner, vodafone, wallpapers, windows, windows internet, wirklich |
Linear-Darstellung
