|
Log-Analyse und Auswertung: BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.09.2012, 18:45 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Ja war richtig, aber wir müssen erstmal dein Dateisystem optimieren, also Laufwerk D und E danach brauch ich wieder ein neues OTL-Log Partitionen nach NTFS konvertieren 1) Start, Ausführen, cmd eintippen und okDanach kommt C: dran 6) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
__________________ Logfiles bitte immer in CODE-Tags posten |
23.09.2012, 21:12 | #17 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Hi,
__________________war heute den ganzen Tag unterwegs, aber Du bist ja sicher auch nicht böse, wenn man Dich sonntags nicht nervt... ; ) Habe das mit dem Konvertieren gemacht, OTL neu geladen und wieder so laufen lassen wie vorher (alle Benutzer, Quick Scan) und nehme an, das war richtig. Avira hat sich dieses Mal plötzlich gemeldet und rumgenölt, der Herausgeber wäre nicht erkennbar und das Programm vielelicht böse, das hab' ich ignoriert. Nachher hat sich Avira dann nochmal gemeldet und gesagt, daß es irgendwelche "hosts" geschützt und den Zugriff verweigert hat. Muß ich Avira deaktivieren und noch ein Log erstellen oder ist das okay so? Bisher hatte ich das Problem nicht. Hier das neue Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.09.2012 21:36:13 - Run 3 OTL by OldTimer - Version 3.2.66.0 Folder = C:\Dokumente und Einstellungen\Sport\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1007,30 Mb Total Physical Memory | 361,92 Mb Available Physical Memory | 35,93% Memory free 2,37 Gb Paging File | 1,80 Gb Available in Paging File | 75,83% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 54,84 Gb Total Space | 16,96 Gb Free Space | 30,93% Space Free | Partition Type: NTFS Drive D: | 36,46 Gb Total Space | 36,37 Gb Free Space | 99,77% Space Free | Partition Type: NTFS Drive E: | 7,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: AWS-SPORT | User Name: Sport | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.23 21:34:01 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sport\Desktop\OTL.exe PRC - [2012.09.21 16:39:22 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.07.18 18:04:44 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.07.18 18:04:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:24 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.18 18:04:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.09.03 01:14:18 | 001,140,008 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe PRC - [2009.06.11 10:17:38 | 003,618,104 | ---- | M] (brother) -- C:\Programme\Brownie\BrStsWnd.exe PRC - [2008.10.20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brownie\BRNIPMON.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2005.09.20 22:24:02 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe PRC - [2005.08.28 23:30:02 | 000,102,400 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2005.08.23 13:45:26 | 000,987,136 | ---- | M] () -- C:\Programme\ASUS\Wireless Console 2\wcourier.exe PRC - [2005.08.22 08:50:08 | 001,986,560 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2005.07.22 22:51:48 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EOUWiz.exe PRC - [2005.07.22 22:51:08 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe PRC - [2005.07.22 22:47:12 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.07.22 22:46:52 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005.07.22 22:41:58 | 000,245,760 | ---- | M] (Intel) -- C:\Programme\Intel\Wireless\Bin\1XConfig.exe PRC - [2005.06.16 15:48:00 | 000,086,016 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\Power4 Gear\BatteryLife.exe PRC - [2005.03.28 16:04:50 | 000,655,360 | ---- | M] (Streamzap, Inc.) -- C:\Programme\Streamzap\Remote\zremote.exe PRC - [2004.11.02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe PRC - [2004.07.20 14:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2003.09.19 12:54:44 | 000,172,032 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe PRC - [2003.09.12 20:25:30 | 000,032,768 | ---- | M] (asus) -- C:\Programme\ASUS\Asus ChkMail\ChkMail.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.09.21 16:39:20 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.09.21 08:55:28 | 009,813,424 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll MOD - [2012.07.18 18:04:36 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.09.03 11:08:48 | 000,987,136 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wfvie09.dll MOD - [2009.09.03 11:07:20 | 000,021,504 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rswinapi4.dll MOD - [2009.09.03 01:14:18 | 001,140,008 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe MOD - [2009.09.03 01:02:50 | 001,294,336 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wstyle09.dll MOD - [2009.09.03 01:02:34 | 027,734,016 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wstyle109.dll MOD - [2009.09.03 01:01:54 | 000,868,352 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wform09.dll MOD - [2009.09.03 00:57:04 | 004,108,288 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wauff09.dll MOD - [2009.09.03 00:41:12 | 000,090,112 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wsons09.dll MOD - [2009.09.03 00:40:28 | 001,392,640 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wwerb09.dll MOD - [2009.09.03 00:31:48 | 001,806,336 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\whau209.dll MOD - [2009.09.03 00:14:18 | 000,581,632 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\whau109.dll MOD - [2009.09.03 00:08:50 | 001,097,728 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae409.dll MOD - [2009.09.03 00:04:58 | 001,744,896 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae309.dll MOD - [2009.09.02 23:55:52 | 000,671,744 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae209.dll MOD - [2009.09.02 23:50:52 | 003,756,032 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae109.dll MOD - [2009.09.02 23:33:30 | 001,372,160 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wimp09.dll MOD - [2009.09.02 23:05:02 | 001,024,000 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wfabu09.dll MOD - [2009.09.02 22:49:52 | 000,946,176 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wreli09.dll MOD - [2009.09.02 22:45:46 | 008,126,464 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\winc09.dll MOD - [2009.09.02 21:42:06 | 000,221,184 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wincb09.dll MOD - [2009.09.02 21:38:30 | 000,077,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wglob09.dll MOD - [2009.09.02 21:38:16 | 000,876,544 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wsteu09.dll MOD - [2009.09.02 21:35:26 | 000,208,896 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rszeus4.dll MOD - [2009.09.02 21:34:54 | 000,090,112 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rsdebug4.dll MOD - [2009.08.20 12:05:44 | 007,606,272 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtgui4.dll MOD - [2009.08.16 17:06:04 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.05.04 16:27:54 | 000,151,552 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rsodbc4.dll MOD - [2009.05.04 15:39:32 | 000,029,184 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rsdcom4.dll MOD - [2009.01.22 14:41:04 | 000,364,544 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtxml4.dll MOD - [2009.01.22 14:41:00 | 005,828,608 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtwebkit4.dll MOD - [2009.01.22 14:41:00 | 000,065,536 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qttest4.dll MOD - [2009.01.22 14:40:58 | 000,622,592 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtscript4.dll MOD - [2009.01.22 14:40:58 | 000,589,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtsql4.dll MOD - [2009.01.22 14:40:56 | 000,790,528 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtnetwork4.dll MOD - [2009.01.22 14:40:48 | 002,031,616 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtcore4.dll MOD - [2009.01.22 14:40:46 | 002,416,640 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qt3support4.dll MOD - [2009.01.22 14:40:44 | 000,241,664 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\phonon4.dll MOD - [2005.08.28 23:30:02 | 000,102,400 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe MOD - [2005.08.23 13:45:26 | 000,987,136 | ---- | M] () -- C:\Programme\ASUS\Wireless Console 2\wcourier.exe MOD - [2005.08.22 08:50:08 | 001,986,560 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe MOD - [2005.07.22 22:42:04 | 000,073,728 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL MOD - [2005.01.25 11:49:54 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\libeay32.dll MOD - [2004.05.27 22:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll MOD - [2003.09.19 12:54:44 | 000,172,032 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.09.21 16:39:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.21 08:55:30 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 18:04:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.07.22 22:51:08 | 000,098,304 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe -- (OwnershipProtocol) SRV - [2004.07.20 14:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.18 18:04:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.07.18 18:04:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.07.18 18:04:44 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.13 20:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE) DRV - [2008.04.13 20:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM) DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2005.11.10 03:44:12 | 004,064,256 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2005.07.22 23:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.07.19 21:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.04.18 10:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk) DRV - [2005.03.02 07:10:00 | 000,090,168 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2005.03.02 07:10:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2005.02.17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005.02.16 10:20:00 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005.02.16 10:20:00 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.02.16 10:20:00 | 000,163,328 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.02.16 10:19:00 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.12.06 02:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2004.08.12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA) DRV - [2004.07.20 14:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2004.07.06 19:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D) DRV - [2004.03.01 14:57:02 | 000,010,368 | ---- | M] (Streamzap, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zremote.sys -- (zremote) DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2000.03.29 14:17:42 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.23 09:37:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.12 18:15:52 | 000,000,000 | ---D | M] [2009.10.18 19:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Extensions [2009.10.18 19:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions [2012.04.27 11:11:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.18 19:32:10 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2012.05.23 09:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.21 16:39:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.06.19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Programme\mozilla firefox\plugins\MyCamera.dll [2008.06.19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Programme\mozilla firefox\plugins\NPCIG.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.21 16:39:16 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StreamZap Remote] C:\Programme\Streamzap\Remote\zremote.exe (Streamzap, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_Premium\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\ASUS\Wireless Console 2\wcourier.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS ChkMail.lnk = C:\Programme\ASUS\Asus ChkMail\ChkMail.exe (asus) O4 - Startup: C:\Dokumente und Einstellungen\Sport\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343657805390 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343604548816 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C467C55B-EE24-4DD2-8CB1-1E93AB2FCD1A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Programme\Intel\Wireless\Bin\LgNotify.dll) - C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sport\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sport\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.02.10 06:32:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.23 21:33:58 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sport\Desktop\OTL.exe [2012.09.23 21:29:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.09.19 15:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sport\Desktop\BKA-Virus Beseitigung [2012.09.19 13:01:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.19 06:58:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.09.17 22:15:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ggbfrszxlhhtxnf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.23 21:34:01 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sport\Desktop\OTL.exe [2012.09.23 21:30:07 | 000,000,787 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2012.09.23 21:26:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.23 20:57:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.22 18:55:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.20 09:48:40 | 000,134,260 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Erdgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.20 09:48:06 | 000,144,903 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Dachgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.19 12:51:56 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.09.19 10:09:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.09.19 10:06:22 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.19 10:06:22 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.19 10:06:22 | 000,080,306 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.19 10:06:22 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.19 08:54:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.09.18 08:43:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\defogger_reenable [2012.09.17 22:15:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lklyytxidscgyir [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.20 09:48:37 | 000,134,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Erdgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.20 09:48:04 | 000,144,903 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Dachgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.19 08:03:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.09.19 07:08:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.09.19 07:08:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.09.18 08:43:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\defogger_reenable [2012.09.17 22:15:03 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lklyytxidscgyir [2011.05.06 14:18:37 | 000,134,900 | ---- | C] () -- C:\WINDOWS\HPHins12.dat [2011.05.06 14:18:37 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat [2011.05.06 14:18:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2011.05.05 22:25:34 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2150N.DAT [2011.05.05 22:25:29 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2150N.INI [2009.04.28 13:30:38 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\RefEdit.exd [2006.04.05 16:41:45 | 000,040,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.09.15 19:42:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.09.15 19:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2006.03.26 16:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dartfish [2012.09.17 22:15:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ggbfrszxlhhtxnf [2009.10.18 19:34:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GlobalScape [2009.03.02 08:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2009.09.16 18:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Buhl Data Service [2006.03.26 16:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Dartfish [2009.10.18 19:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\GlobalSCAPE [2009.03.02 08:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\MAGIX ========== Purity Check ========== < End of report > Liebe Grüße, Chrys |
24.09.2012, 13:47 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Hm so sollte das Log nicht aussehen, war kein CustomScan!
__________________Egal, mach bitte erst einen neuen Durchgang mit dem adwCleaner, da gibt es eine neue Version Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ |
24.09.2012, 15:12 | #19 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Oh, das tut mir leid. Was genau meintest Du denn - es sollte kein Custom Scan sein, war aber einer, oder umgekehrt - es hätte ein Custom Scan werden sollen und ich hab' ihn ohne "Custom" gemacht? Wie gesagt, ich hatte wieder "Scanne alle Benutzer" angehakt und einen "Quick Scan" laufen lassen, wie in der Anweisung beim letzten Mal. Aber den Text habe ich diesmal nicht in die Box kopiert. Und dann kamen eben diese komischen Avira-Meldungen zwischendurch reingeschneit... Hier jetzt das Log vom Adw Cleaner: Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/24/2012 um 16:05:28 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Sport - AWS-SPORT # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Sport\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [3025 octets] - [19/09/2012 17:29:53] AdwCleaner[S1].txt - [3530 octets] - [20/09/2012 09:07:44] AdwCleaner[R2].txt - [704 octets] - [24/09/2012 16:05:28] ########## EOF - C:\AdwCleaner[R2].txt - [763 octets] ########## Ist der eigentlich besser/anders als CC Cleaner? Den hab' ich sonst immer mal benutzt bei meinem eigenen Laptop, wenn die Kiste zu langsam gerworden ist... Hab' ihn aber im Verdacht, daß er beim letzten Mal mein Word 2003 gefressen hat - jedenfalls ist es wie vom Erdboden verschwunden, weshalb ich mir überhaupt nur den Laptop von meinem Freund geliehen hab', von dem wir die ganze Zeit den ver maledeiten Trojaner runterkratzen... Grüße, Chrys |
24.09.2012, 19:36 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Der adwCleaner ist etwas anderes als der CCleaner! Und ein CustomScan wird es, wenn du meine Anleitung zu OTL richtig umsetzt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
25.09.2012, 06:06 | #21 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Sorry, keine Ahnung, wie ich das Customizing vorgestern übersehen konnte... Habe das jetzt nachgeholt und hier ist das Ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.09.2012 23:37:11 - Run 4 OTL by OldTimer - Version 3.2.67.0 Folder = C:\Dokumente und Einstellungen\Sport\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1007,30 Mb Total Physical Memory | 454,14 Mb Available Physical Memory | 45,09% Memory free 2,37 Gb Paging File | 1,84 Gb Available in Paging File | 77,84% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 54,84 Gb Total Space | 17,21 Gb Free Space | 31,38% Space Free | Partition Type: NTFS Drive D: | 36,46 Gb Total Space | 36,37 Gb Free Space | 99,77% Space Free | Partition Type: NTFS Drive E: | 7,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: AWS-SPORT | User Name: Sport | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.24 23:29:32 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sport\Desktop\OTL.exe PRC - [2012.07.18 18:04:44 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.07.18 18:04:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:24 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.18 18:04:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.09.03 01:14:18 | 001,140,008 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe PRC - [2009.06.11 10:17:38 | 003,618,104 | ---- | M] (brother) -- C:\Programme\Brownie\BrStsWnd.exe PRC - [2008.10.20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brownie\BRNIPMON.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2005.09.20 22:24:02 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe PRC - [2005.08.28 23:30:02 | 000,102,400 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2005.08.23 13:45:26 | 000,987,136 | ---- | M] () -- C:\Programme\ASUS\Wireless Console 2\wcourier.exe PRC - [2005.08.22 08:50:08 | 001,986,560 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2005.07.22 22:51:48 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EOUWiz.exe PRC - [2005.07.22 22:51:08 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe PRC - [2005.07.22 22:47:12 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.07.22 22:46:52 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005.07.22 22:41:58 | 000,245,760 | ---- | M] (Intel) -- C:\Programme\Intel\Wireless\Bin\1XConfig.exe PRC - [2005.06.16 15:48:00 | 000,086,016 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\Power4 Gear\BatteryLife.exe PRC - [2005.03.28 16:04:50 | 000,655,360 | ---- | M] (Streamzap, Inc.) -- C:\Programme\Streamzap\Remote\zremote.exe PRC - [2004.11.02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe PRC - [2004.08.27 17:22:34 | 000,376,832 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\LiveUpdt.exe PRC - [2004.07.20 14:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2003.09.19 12:54:44 | 000,172,032 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe PRC - [2003.09.12 20:25:30 | 000,032,768 | ---- | M] (asus) -- C:\Programme\ASUS\Asus ChkMail\ChkMail.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 18:04:36 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.09.03 11:08:48 | 000,987,136 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wfvie09.dll MOD - [2009.09.03 11:07:20 | 000,021,504 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rswinapi4.dll MOD - [2009.09.03 01:14:18 | 001,140,008 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe MOD - [2009.09.03 01:02:50 | 001,294,336 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wstyle09.dll MOD - [2009.09.03 01:02:34 | 027,734,016 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wstyle109.dll MOD - [2009.09.03 01:01:54 | 000,868,352 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wform09.dll MOD - [2009.09.03 00:57:04 | 004,108,288 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wauff09.dll MOD - [2009.09.03 00:41:12 | 000,090,112 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wsons09.dll MOD - [2009.09.03 00:40:28 | 001,392,640 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wwerb09.dll MOD - [2009.09.03 00:31:48 | 001,806,336 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\whau209.dll MOD - [2009.09.03 00:14:18 | 000,581,632 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\whau109.dll MOD - [2009.09.03 00:08:50 | 001,097,728 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae409.dll MOD - [2009.09.03 00:04:58 | 001,744,896 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae309.dll MOD - [2009.09.02 23:55:52 | 000,671,744 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae209.dll MOD - [2009.09.02 23:50:52 | 003,756,032 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wbae109.dll MOD - [2009.09.02 23:33:30 | 001,372,160 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wimp09.dll MOD - [2009.09.02 23:05:02 | 001,024,000 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wfabu09.dll MOD - [2009.09.02 22:49:52 | 000,946,176 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wreli09.dll MOD - [2009.09.02 22:45:46 | 008,126,464 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\winc09.dll MOD - [2009.09.02 21:42:06 | 000,221,184 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wincb09.dll MOD - [2009.09.02 21:38:30 | 000,077,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wglob09.dll MOD - [2009.09.02 21:38:16 | 000,876,544 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\wsteu09.dll MOD - [2009.09.02 21:35:26 | 000,208,896 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rszeus4.dll MOD - [2009.09.02 21:34:54 | 000,090,112 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rsdebug4.dll MOD - [2009.08.20 12:05:44 | 007,606,272 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtgui4.dll MOD - [2009.05.04 16:27:54 | 000,151,552 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rsodbc4.dll MOD - [2009.05.04 15:39:32 | 000,029,184 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\rsdcom4.dll MOD - [2009.01.22 14:41:04 | 000,364,544 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtxml4.dll MOD - [2009.01.22 14:41:00 | 005,828,608 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtwebkit4.dll MOD - [2009.01.22 14:41:00 | 000,065,536 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qttest4.dll MOD - [2009.01.22 14:40:58 | 000,622,592 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtscript4.dll MOD - [2009.01.22 14:40:58 | 000,589,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtsql4.dll MOD - [2009.01.22 14:40:56 | 000,790,528 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtnetwork4.dll MOD - [2009.01.22 14:40:48 | 002,031,616 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qtcore4.dll MOD - [2009.01.22 14:40:46 | 002,416,640 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\qt3support4.dll MOD - [2009.01.22 14:40:44 | 000,241,664 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2009\phonon4.dll MOD - [2005.08.28 23:30:02 | 000,102,400 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe MOD - [2005.08.23 13:45:26 | 000,987,136 | ---- | M] () -- C:\Programme\ASUS\Wireless Console 2\wcourier.exe MOD - [2005.08.22 08:50:08 | 001,986,560 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe MOD - [2005.07.22 22:42:04 | 000,073,728 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL MOD - [2005.01.25 11:49:54 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\libeay32.dll MOD - [2004.08.27 17:22:34 | 000,376,832 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\LiveUpdt.exe MOD - [2004.05.27 22:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll MOD - [2003.09.19 12:54:44 | 000,172,032 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe MOD - [2002.09.10 14:36:58 | 000,032,768 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ASUSAP.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.09.21 16:39:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.21 08:55:30 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 18:04:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.07.22 22:51:08 | 000,098,304 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe -- (OwnershipProtocol) SRV - [2004.07.20 14:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.07.18 18:04:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.07.18 18:04:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.07.18 18:04:44 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.13 20:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE) DRV - [2008.04.13 20:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM) DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2005.11.10 03:44:12 | 004,064,256 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2005.07.22 23:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.07.19 21:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.04.18 10:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk) DRV - [2005.03.02 07:10:00 | 000,090,168 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2005.03.02 07:10:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB) DRV - [2005.02.17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005.02.16 10:20:00 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005.02.16 10:20:00 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.02.16 10:20:00 | 000,163,328 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.02.16 10:19:00 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.12.06 02:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2004.08.12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA) DRV - [2004.07.20 14:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2004.07.06 19:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D) DRV - [2004.03.01 14:57:02 | 000,010,368 | ---- | M] (Streamzap, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zremote.sys -- (zremote) DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2000.03.29 14:17:42 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.23 09:37:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.12 18:15:52 | 000,000,000 | ---D | M] [2009.10.18 19:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Extensions [2009.10.18 19:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions [2012.04.27 11:11:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.18 19:32:10 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2012.05.23 09:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.21 16:39:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.06.19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Programme\mozilla firefox\plugins\MyCamera.dll [2008.06.19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Programme\mozilla firefox\plugins\NPCIG.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.21 16:39:16 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StreamZap Remote] C:\Programme\Streamzap\Remote\zremote.exe (Streamzap, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_Premium\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\ASUS\Wireless Console 2\wcourier.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS ChkMail.lnk = C:\Programme\ASUS\Asus ChkMail\ChkMail.exe (asus) O4 - Startup: C:\Dokumente und Einstellungen\Sport\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343657805390 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343604548816 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C467C55B-EE24-4DD2-8CB1-1E93AB2FCD1A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Programme\Intel\Wireless\Bin\LgNotify.dll) - C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sport\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sport\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.02.10 06:32:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.24 23:29:15 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sport\Desktop\OTL.exe [2012.09.23 21:29:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.09.19 15:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sport\Desktop\BKA-Virus Beseitigung [2012.09.19 13:01:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.19 06:58:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.09.17 22:15:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ggbfrszxlhhtxnf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.24 23:55:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.24 23:29:32 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sport\Desktop\OTL.exe [2012.09.24 22:30:01 | 000,000,787 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2012.09.24 22:27:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.24 16:04:23 | 000,513,501 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\Desktop\adwcleaner.exe [2012.09.24 08:34:54 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Microsoft Word.lnk [2012.09.23 20:57:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.20 09:48:40 | 000,134,260 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Erdgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.20 09:48:06 | 000,144,903 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Dachgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.19 12:51:56 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.09.19 10:09:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.09.19 10:06:22 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.19 10:06:22 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.19 10:06:22 | 000,080,306 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.19 10:06:22 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.19 08:54:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.09.18 08:43:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\defogger_reenable [2012.09.17 22:15:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lklyytxidscgyir [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.24 16:04:22 | 000,513,501 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\Desktop\adwcleaner.exe [2012.09.20 09:48:37 | 000,134,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Erdgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.20 09:48:04 | 000,144,903 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\Desktop\Dachgeschoß Doppelhaushälfte Kirchhain.jpg [2012.09.19 08:03:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.09.19 07:08:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.09.19 07:08:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.09.18 08:43:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\defogger_reenable [2012.09.17 22:15:03 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lklyytxidscgyir [2011.05.06 14:18:37 | 000,134,900 | ---- | C] () -- C:\WINDOWS\HPHins12.dat [2011.05.06 14:18:37 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat [2011.05.06 14:18:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2011.05.05 22:25:34 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2150N.DAT [2011.05.05 22:25:29 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2150N.INI [2009.04.28 13:30:38 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\RefEdit.exd [2006.04.05 16:41:45 | 000,040,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Sport\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.09.15 19:42:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.09.15 19:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2006.03.26 16:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dartfish [2012.09.17 22:15:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ggbfrszxlhhtxnf [2009.10.18 19:34:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GlobalScape [2009.03.02 08:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2009.09.16 18:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Buhl Data Service [2006.03.26 16:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Dartfish [2009.10.18 19:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\GlobalSCAPE [2009.03.02 08:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\MAGIX ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2006.06.07 13:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Adobe [2009.06.08 12:49:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\AdobeUM [2012.07.30 16:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Avira [2009.05.07 19:48:56 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Brother [2009.09.16 18:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Buhl Data Service [2007.02.15 19:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\CyberLink [2006.03.26 16:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Dartfish [2010.01.11 09:54:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\DivX [2009.10.18 19:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\GlobalSCAPE [2006.02.10 06:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Identities [2009.09.15 19:41:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\InstallShield [2009.09.15 19:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\InstallShield Installation Information [2006.02.10 07:03:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Intel [2006.02.10 07:01:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Macromedia [2009.03.02 08:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\MAGIX [2012.07.30 12:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Malwarebytes [2006.02.10 06:23:02 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft [2009.10.18 19:01:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla [2006.02.10 06:53:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Symantec [2012.06.01 10:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\U3 [2009.10.18 19:31:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\WinRAR [2009.05.05 08:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2008.11.07 17:00:00 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\InstallShield Installation Information\{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}\setup.exe [2011.11.03 12:14:52 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0746C6D7-3FD1-42FB-99D1-6B0B73DE2B55}\ARPPRODUCTICON.exe [2011.11.03 12:14:52 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0746C6D7-3FD1-42FB-99D1-6B0B73DE2B55}\NewShortcut1_0746C6D73FD142FB99D16B0B73DE2B55.exe [2011.11.03 12:14:52 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0746C6D7-3FD1-42FB-99D1-6B0B73DE2B55}\NewShortcut2_0746C6D73FD142FB99D16B0B73DE2B55.exe [2011.11.03 12:14:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0746C6D7-3FD1-42FB-99D1-6B0B73DE2B55}\NewShortcut4_3FCF8BB1F1834199A71017F35294F50F.EXE [2011.11.03 12:21:00 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0DCE27DF-3AD8-49FE-9A50-71838EDD5527}\ARPPRODUCTICON.exe [2011.11.03 12:21:00 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0DCE27DF-3AD8-49FE-9A50-71838EDD5527}\NewShortcut1_0DCE27DF3AD849FE9A5071838EDD5527.exe [2011.11.03 12:21:00 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0DCE27DF-3AD8-49FE-9A50-71838EDD5527}\NewShortcut2_0DCE27DF3AD849FE9A5071838EDD5527.exe [2011.11.03 12:21:00 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{0DCE27DF-3AD8-49FE-9A50-71838EDD5527}\NewShortcut3_D69D953249C44141A7BD861DD1E026A6.exe [2006.03.26 16:24:10 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{1E9421C9-9F01-41A0-A596-1DF5850F536A}\ARPPRODUCTICON.exe [2011.02.22 13:41:20 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{2ED8F5DE-D88A-48B3-B0C4-BCEC71DB4467}\ARPPRODUCTICON.exe [2011.02.22 13:41:20 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{2ED8F5DE-D88A-48B3-B0C4-BCEC71DB4467}\NewShortcut1_2ED8F5DED88A48B3B0C4BCEC71DB4467.exe [2011.02.22 13:41:20 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{2ED8F5DE-D88A-48B3-B0C4-BCEC71DB4467}\NewShortcut2_503AE2EC9861469AA54DB2187248C2E3.EXE [2011.02.22 13:41:20 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{2ED8F5DE-D88A-48B3-B0C4-BCEC71DB4467}\NewShortcut5_2ED8F5DED88A48B3B0C4BCEC71DB4467.exe [2011.11.03 12:24:58 | 000,021,630 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{314160B8-240B-40E9-9243-5C102CBC35F4}\ARPPRODUCTICON.exe [2011.11.03 12:24:58 | 000,021,630 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{314160B8-240B-40E9-9243-5C102CBC35F4}\NewShortcut1_314160B8240B40E992435C102CBC35F4.exe [2011.11.03 12:24:58 | 000,021,630 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{314160B8-240B-40E9-9243-5C102CBC35F4}\NewShortcut2_314160B8240B40E992435C102CBC35F4.exe [2011.11.03 12:24:58 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{314160B8-240B-40E9-9243-5C102CBC35F4}\NewShortcut4_3FCF8BB1F1834199A71017F35294F50F.EXE [2011.11.03 12:23:28 | 000,116,029 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{3FCF8BB1-F183-4199-A710-17F35294F50F}\ARPPRODUCTICON.exe [2011.11.03 12:23:28 | 000,116,029 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{3FCF8BB1-F183-4199-A710-17F35294F50F}\NewShortcut1_0DCE27DF3AD849FE9A5071838EDD5527_1.exe [2011.11.03 12:23:28 | 000,116,029 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{3FCF8BB1-F183-4199-A710-17F35294F50F}\NewShortcut2_0DCE27DF3AD849FE9A5071838EDD5527_1.exe [2011.11.03 12:23:28 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{3FCF8BB1-F183-4199-A710-17F35294F50F}\NewShortcut4_3FCF8BB1F1834199A71017F35294F50F.EXE [2011.11.03 12:16:16 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{D69D9532-49C4-4141-A7BD-861DD1E026A6}\ARPPRODUCTICON.exe [2011.11.03 12:16:16 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{D69D9532-49C4-4141-A7BD-861DD1E026A6}\NewShortcut1_D69D953249C44141A7BD861DD1E026A6.exe [2011.11.03 12:16:16 | 000,018,902 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{D69D9532-49C4-4141-A7BD-861DD1E026A6}\NewShortcut2_D69D953249C44141A7BD861DD1E026A6.exe [2011.11.03 12:16:16 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{D69D9532-49C4-4141-A7BD-861DD1E026A6}\NewShortcut3_D69D953249C44141A7BD861DD1E026A6.exe [2011.11.03 12:26:38 | 000,022,486 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{EFA41510-24D3-4701-9644-0F5D730FDFBE}\ARPPRODUCTICON.exe [2011.11.03 12:26:38 | 000,022,486 | R--- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{EFA41510-24D3-4701-9644-0F5D730FDFBE}\NewShortcut1_EFA4151024D3470196440F5D730FDFBE.exe [2011.11.03 12:26:38 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{EFA41510-24D3-4701-9644-0F5D730FDFBE}\NewShortcut2_503AE2EC9861469AA54DB2187248C2E3.EXE [2011.11.03 12:26:38 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Microsoft\Installer\{EFA41510-24D3-4701-9644-0F5D730FDFBE}\NewShortcut3_EFA4151024D3470196440F5D730FDFBE.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2012.07.30 15:41:12 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2012.07.30 15:41:12 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2012.07.30 15:41:12 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2012.07.30 15:41:12 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.02.10 06:22:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.02.10 06:22:22 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.02.10 06:22:22 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > [2004.09.07 16:33:54 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2006.02.10 06:34:52 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012.04.27 11:09:37 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < End of report > Außerdem hat Avira einen Fund gemeldet: Ein Trojaner namens "Wheels of nd", den versuche ich gerade in die Quarantäne verschieben zu lassen - scheint aber etwas zu dauern, er zeigt seit 'ner ganzen Weile 30% an. Ist das die miese Kröte von Erpresser-Virus oder wieder bloß Werbung? Die Berichte hierzu (Scan lief über Nacht): Um 06.12h: In der Datei 'C:\System Volume Information\_restore{02026828-8E44-492E-A2AE-EE9D7E32334F}\RP68\A0026225.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Weelsof.nd' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern U, 05.12h: In der Datei 'C:\System Volume Information\_restore{02026828-8E44-492E-A2AE-EE9D7E32334F}\RP68\A0026225.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Weelsof.nd' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Seit 01.12h einmal die Stunde die gleiche Meldung... |
25.09.2012, 12:17 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL FF - user.js - File not found [2012.04.27 11:11:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.18 19:32:10 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3744943577-2581773515-1640757275-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.02.10 06:32:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a :Files C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ggbfrszxlhhtxnf C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lklyytxidscgyir C:\System Volume Information\_restore{02026828-8E44-492E-A2AE-EE9D7E32334F}\RP68 ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.09.2012, 22:16 | #23 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Hi Cosinus, ich hab' das Fix gemacht. Fehlermeldung, daß der Papierkorb auf C:/ defekt sei, ob ich den löschen will. Ich hab' vorsichtshalber "Nein" geklickt - vielleicht war das blöd?! Zumindest hat er dann neustarten wollen, das hab' ich ihn lassen - und jetzt geht das WLAN nicht mehr... Hab' mehrfach versucht, die Verbindung zu reparieren, manuell deaktiviert und aktiviert etc. Er behauptet, es gäbe keine Drahtlosnetzwerke in Reichweite... Nun ja, ich sitze 1,50m neben dem Ding an meinem eigenen Laptop und benutze die angeblich nicht vorhandene Standardverbindung, um das hier zu posten. Und jetzt? Wollte ungern das ganze Log abtippen... : ( Hast Du 'ne Idee? Wäre ganz toll, lieben Gruß Chrys |
26.09.2012, 12:06 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Geht's im abgesicherten Modus mit Netzwerktreiber noch? Funktioniert noch die kabelbasierte Netzwerkverbindung?
__________________ Logfiles bitte immer in CODE-Tags posten |
26.09.2012, 13:53 | #25 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Das kann ich erst morgen nachgucken - bin bis morgen nicht zuhause und mein Freund kapiert das nicht, glaube ich... Mach' ich besser selbst. Windows hat mich gefragt, ob ich den Drahtlosnetzwerkadapter "eingeschaltet" hätte - kann es sein, daß der "ausgegangen" ist? Habe mal unter "Hilfe" gesucht, aber Windows hat interessanterweise kein Stichwort für den Adapter und in der Systemsteuerung kann ich ihn ach nicht finden, sonst hätte ich mal geguckt, ob man mit dem was machen kann/muß?! Melde mich morgen, sobald ich Deine Fragen beantworten kann! Danke, Chrys |
27.09.2012, 19:33 | #26 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Hi cosinus, jetzt also: im abgesicherten Modus mit Netzwerktreiber ging auch nix, ebenfalls angeblich "Keine Drahtlose Netzwerkverbindung in Reichweite", obwohl der Rechner direkt daneben es problemlos empfängt. Mit dem Kabel allerdings funktionierts, zum Glück! Sorry, daß das so lange gedauert hat, aber das geht nur aus 'ner anderen Wohnung im gleichen Haus - daher wäre es fein, wenn das mit dem WLAN wieder aktivierbar wäre... *g* Nun erstmal endlich das Log von vorgestern: Code:
ATTFilter All processes killed ========== OTL ========== C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully. C:\Dokumente und Einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. Registry value HKEY_USERS\S-1-5-21-3744943577-2581773515-1640757275-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_USERS\S-1-5-21-3744943577-2581773515-1640757275-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_USERS\S-1-5-21-3744943577-2581773515-1640757275-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-3744943577-2581773515-1640757275-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\LaunchU3.exe -a not found. ========== FILES ========== C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ggbfrszxlhhtxnf folder moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lklyytxidscgyir moved successfully. C:\System Volume Information\_restore{02026828-8E44-492E-A2AE-EE9D7E32334F}\RP68\snapshot\Repository\FS folder moved successfully. C:\System Volume Information\_restore{02026828-8E44-492E-A2AE-EE9D7E32334F}\RP68\snapshot\Repository folder moved successfully. C:\System Volume Information\_restore{02026828-8E44-492E-A2AE-EE9D7E32334F}\RP68\snapshot folder moved successfully. C:\System Volume Information\_restore{02026828-8E44-492E-A2AE-EE9D7E32334F}\RP68 folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. C:\Dokumente und Einstellungen\Sport\Desktop\cmd.bat deleted successfully. C:\Dokumente und Einstellungen\Sport\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 93844944 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 75 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Schule ->Temp folder emptied: 95304534 bytes ->Temporary Internet Files folder emptied: 301053 bytes ->FireFox cache emptied: 202837512 bytes ->Flash cache emptied: 2368 bytes User: Schüler ->Temp folder emptied: 93897966 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->FireFox cache emptied: 3241342 bytes ->Flash cache emptied: 226 bytes User: Sport ->Temp folder emptied: 368882494 bytes ->Temporary Internet Files folder emptied: 108403303 bytes ->FireFox cache emptied: 694109297 bytes ->Flash cache emptied: 7123 bytes %systemdrive% .tmp files removed: 49063 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20855230 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.604,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.67.0 log created on 09252012_221707 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Ich hoffe, das hilft weiter, liebe Grüße Chrys (sorry, daß das so kompliziert ist) |
27.09.2012, 20:52 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.09.2012, 22:16 | #28 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Hi, ich hoffe, ich habe diesmal alles richtig gemacht! ; ) Beim ersten Mal scannen (falls Du irgendworan siehst, daß ich zwei Durchläufe gemacht hab'... *paranoia*) habe ich mich an die Anleitung in dem verlinkten Thread gehalten und daher die unteren zwei Häkchen nicht gesetzt gehabt - nach Erkennen meines fehlers hab' ich die Aktion mit den richtigen Einstellungen wiederholt. Er hat auch sofort nach mir gebrüllt, habe alles geskipt, hier ist das Log: Code:
ATTFilter 23:08:03.0718 1916 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 23:08:03.0781 1916 ============================================================ 23:08:03.0781 1916 Current date / time: 2012/09/27 23:08:03.0781 23:08:03.0781 1916 SystemInfo: 23:08:03.0781 1916 23:08:03.0781 1916 OS Version: 5.1.2600 ServicePack: 3.0 23:08:03.0781 1916 Product type: Workstation 23:08:03.0781 1916 ComputerName: AWS-SPORT 23:08:03.0781 1916 UserName: Sport 23:08:03.0781 1916 Windows directory: C:\WINDOWS 23:08:03.0781 1916 System windows directory: C:\WINDOWS 23:08:03.0781 1916 Processor architecture: Intel x86 23:08:03.0781 1916 Number of processors: 1 23:08:03.0781 1916 Page size: 0x1000 23:08:03.0781 1916 Boot type: Normal boot 23:08:03.0781 1916 ============================================================ 23:08:05.0640 1916 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 23:08:05.0687 1916 ============================================================ 23:08:05.0687 1916 \Device\Harddisk0\DR0: 23:08:05.0687 1916 MBR partitions: 23:08:05.0687 1916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B9133, BlocksNum 0x6DAE737 23:08:05.0718 1916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71678A9, BlocksNum 0x48E9598 23:08:05.0718 1916 ============================================================ 23:08:05.0890 1916 C: <-> \Device\Harddisk0\DR0\Partition1 23:08:05.0937 1916 D: <-> \Device\Harddisk0\DR0\Partition2 23:08:05.0937 1916 ============================================================ 23:08:05.0937 1916 Initialize success 23:08:05.0937 1916 ============================================================ 23:08:37.0468 1888 ============================================================ 23:08:37.0468 1888 Scan started 23:08:37.0468 1888 Mode: Manual; SigCheck; TDLFS; 23:08:37.0468 1888 ============================================================ 23:08:37.0750 1888 ================ Scan system memory ======================== 23:08:37.0750 1888 System memory - ok 23:08:37.0765 1888 ================ Scan services ============================= 23:08:37.0937 1888 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys 23:08:40.0593 1888 61883 - ok 23:08:40.0609 1888 Abiosdsk - ok 23:08:40.0625 1888 abp480n5 - ok 23:08:40.0718 1888 [ 66DC3740111238C91B875D8A0021834D ] acedrv11 C:\WINDOWS\system32\drivers\acedrv11.sys 23:08:40.0828 1888 acedrv11 - ok 23:08:40.0859 1888 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:08:41.0062 1888 ACPI - ok 23:08:41.0109 1888 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 23:08:41.0343 1888 ACPIEC - ok 23:08:41.0437 1888 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 23:08:41.0453 1888 AdobeFlashPlayerUpdateSvc - ok 23:08:41.0468 1888 adpu160m - ok 23:08:41.0500 1888 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 23:08:41.0656 1888 aec - ok 23:08:41.0703 1888 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys 23:08:41.0718 1888 AegisP ( UnsignedFile.Multi.Generic ) - warning 23:08:41.0718 1888 AegisP - detected UnsignedFile.Multi.Generic (1) 23:08:41.0765 1888 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 23:08:41.0859 1888 AFD - ok 23:08:41.0859 1888 Aha154x - ok 23:08:41.0875 1888 aic78u2 - ok 23:08:41.0875 1888 aic78xx - ok 23:08:41.0937 1888 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 23:08:42.0078 1888 Alerter - ok 23:08:42.0109 1888 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 23:08:42.0281 1888 ALG - ok 23:08:42.0281 1888 AliIde - ok 23:08:42.0296 1888 amsint - ok 23:08:42.0406 1888 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 23:08:42.0437 1888 AntiVirSchedulerService - ok 23:08:42.0453 1888 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 23:08:42.0484 1888 AntiVirService - ok 23:08:42.0484 1888 AppMgmt - ok 23:08:42.0515 1888 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 23:08:42.0718 1888 Arp1394 - ok 23:08:42.0718 1888 asc - ok 23:08:42.0734 1888 asc3350p - ok 23:08:42.0734 1888 asc3550 - ok 23:08:42.0843 1888 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 23:08:42.0890 1888 aspnet_state - ok 23:08:42.0937 1888 [ DE91D0D73C3E61E6826D98FAC2FAC729 ] Asushwio C:\WINDOWS\system32\drivers\Asushwio.sys 23:08:42.0953 1888 Asushwio ( UnsignedFile.Multi.Generic ) - warning 23:08:42.0953 1888 Asushwio - detected UnsignedFile.Multi.Generic (1) 23:08:42.0968 1888 [ F984F8BBA45745E77EE0FC8A425BD417 ] asuskbnt C:\WINDOWS\system32\drivers\atkkbnt.sys 23:08:43.0000 1888 asuskbnt ( UnsignedFile.Multi.Generic ) - warning 23:08:43.0000 1888 asuskbnt - detected UnsignedFile.Multi.Generic (1) 23:08:43.0031 1888 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:08:43.0281 1888 AsyncMac - ok 23:08:43.0312 1888 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 23:08:43.0484 1888 atapi - ok 23:08:43.0484 1888 Atdisk - ok 23:08:43.0515 1888 [ C1BED871E20B9F0DD2A7DE73E94BF9CB ] ATKKeyboardService C:\WINDOWS\ATKKBService.exe 23:08:43.0546 1888 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - warning 23:08:43.0546 1888 ATKKeyboardService - detected UnsignedFile.Multi.Generic (1) 23:08:43.0562 1888 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:08:43.0718 1888 Atmarpc - ok 23:08:43.0765 1888 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 23:08:43.0937 1888 AudioSrv - ok 23:08:43.0968 1888 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 23:08:44.0140 1888 audstub - ok 23:08:44.0140 1888 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys 23:08:44.0312 1888 Avc - ok 23:08:44.0312 1888 [ E625773D7B950842D582F713656859C0 ] AVCSTRM C:\WINDOWS\system32\DRIVERS\avcstrm.sys 23:08:44.0468 1888 AVCSTRM - ok 23:08:44.0468 1888 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 23:08:44.0500 1888 avgntflt - ok 23:08:44.0546 1888 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 23:08:44.0578 1888 avipbb - ok 23:08:44.0593 1888 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 23:08:44.0609 1888 avkmgr - ok 23:08:44.0625 1888 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 23:08:44.0781 1888 Beep - ok 23:08:44.0843 1888 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 23:08:45.0046 1888 BITS - ok 23:08:45.0078 1888 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 23:08:45.0234 1888 Browser - ok 23:08:45.0281 1888 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 23:08:45.0453 1888 cbidf2k - ok 23:08:45.0515 1888 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe 23:08:45.0562 1888 CCALib8 ( UnsignedFile.Multi.Generic ) - warning 23:08:45.0562 1888 CCALib8 - detected UnsignedFile.Multi.Generic (1) 23:08:45.0625 1888 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 23:08:45.0796 1888 CCDECODE - ok 23:08:45.0796 1888 cd20xrnt - ok 23:08:45.0828 1888 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 23:08:46.0000 1888 Cdaudio - ok 23:08:46.0000 1888 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 23:08:46.0156 1888 Cdfs - ok 23:08:46.0187 1888 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:08:46.0343 1888 Cdrom - ok 23:08:46.0343 1888 Changer - ok 23:08:46.0375 1888 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 23:08:46.0515 1888 CiSvc - ok 23:08:46.0531 1888 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 23:08:46.0703 1888 ClipSrv - ok 23:08:46.0734 1888 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:08:46.0765 1888 clr_optimization_v2.0.50727_32 - ok 23:08:46.0781 1888 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 23:08:46.0921 1888 CmBatt - ok 23:08:46.0921 1888 CmdIde - ok 23:08:46.0953 1888 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 23:08:47.0078 1888 Compbatt - ok 23:08:47.0093 1888 COMSysApp - ok 23:08:47.0093 1888 Cpqarray - ok 23:08:47.0156 1888 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 23:08:47.0312 1888 CryptSvc - ok 23:08:47.0312 1888 dac2w2k - ok 23:08:47.0328 1888 dac960nt - ok 23:08:47.0390 1888 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 23:08:47.0500 1888 DcomLaunch - ok 23:08:47.0546 1888 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 23:08:47.0734 1888 Dhcp - ok 23:08:47.0734 1888 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 23:08:47.0906 1888 Disk - ok 23:08:47.0921 1888 dmadmin - ok 23:08:48.0000 1888 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 23:08:48.0187 1888 dmboot - ok 23:08:48.0250 1888 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 23:08:48.0421 1888 dmio - ok 23:08:48.0453 1888 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 23:08:48.0625 1888 dmload - ok 23:08:48.0703 1888 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 23:08:48.0859 1888 dmserver - ok 23:08:48.0890 1888 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 23:08:49.0062 1888 DMusic - ok 23:08:49.0093 1888 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 23:08:49.0218 1888 Dnscache - ok 23:08:49.0265 1888 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 23:08:49.0421 1888 Dot3svc - ok 23:08:49.0421 1888 dpti2o - ok 23:08:49.0468 1888 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 23:08:49.0828 1888 drmkaud - ok 23:08:49.0875 1888 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 23:08:50.0015 1888 EapHost - ok 23:08:50.0062 1888 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 23:08:50.0234 1888 ERSvc - ok 23:08:50.0281 1888 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 23:08:50.0328 1888 Eventlog - ok 23:08:50.0390 1888 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 23:08:50.0437 1888 EventSystem - ok 23:08:50.0500 1888 [ AA1D9C4A2F997FEA8A4FB0929212EDA2 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe 23:08:50.0500 1888 EvtEng ( UnsignedFile.Multi.Generic ) - warning 23:08:50.0500 1888 EvtEng - detected UnsignedFile.Multi.Generic (1) 23:08:50.0562 1888 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 23:08:50.0734 1888 Fastfat - ok 23:08:50.0796 1888 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 23:08:50.0859 1888 FastUserSwitchingCompatibility - ok 23:08:50.0890 1888 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 23:08:51.0046 1888 Fdc - ok 23:08:51.0093 1888 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 23:08:51.0281 1888 Fips - ok 23:08:51.0437 1888 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Programme\MAGIX\Common\Database\bin\fbserver.exe 23:08:51.0578 1888 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 23:08:51.0578 1888 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 23:08:51.0593 1888 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 23:08:51.0875 1888 Flpydisk - ok 23:08:51.0921 1888 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 23:08:52.0093 1888 FltMgr - ok 23:08:52.0203 1888 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 23:08:52.0265 1888 FontCache3.0.0.0 - ok 23:08:52.0281 1888 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:08:52.0437 1888 Fs_Rec - ok 23:08:52.0468 1888 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:08:52.0687 1888 Ftdisk - ok 23:08:52.0718 1888 [ 32A73A8952580B284A47290ADB62032A ] GearAspiWDM C:\WINDOWS\system32\drivers\gearaspiwdm.sys 23:08:52.0734 1888 GearAspiWDM - ok 23:08:52.0750 1888 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:08:52.0921 1888 Gpc - ok 23:08:52.0953 1888 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys 23:08:53.0031 1888 HdAudAddService - ok 23:08:53.0062 1888 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 23:08:53.0218 1888 HDAudBus - ok 23:08:53.0265 1888 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 23:08:53.0500 1888 helpsvc - ok 23:08:53.0546 1888 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 23:08:53.0703 1888 HidServ - ok 23:08:53.0734 1888 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:08:53.0906 1888 HidUsb - ok 23:08:53.0984 1888 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 23:08:54.0125 1888 hkmsvc - ok 23:08:54.0140 1888 hpn - ok 23:08:54.0187 1888 [ 88DA551B653FCE4FC56F9389A5C858B7 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 23:08:54.0218 1888 HSFHWAZL - ok 23:08:54.0296 1888 [ 0D90B6C780156723E0991752AD94D278 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 23:08:54.0406 1888 HSF_DP - ok 23:08:54.0437 1888 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 23:08:54.0484 1888 HTTP - ok 23:08:54.0531 1888 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 23:08:54.0703 1888 HTTPFilter - ok 23:08:54.0703 1888 i2omgmt - ok 23:08:54.0718 1888 i2omp - ok 23:08:54.0781 1888 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 23:08:55.0000 1888 i8042prt - ok 23:08:55.0093 1888 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 23:08:55.0468 1888 ialm - ok 23:08:55.0750 1888 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:08:55.0828 1888 idsvc - ok 23:08:55.0875 1888 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 23:08:56.0109 1888 Imapi - ok 23:08:56.0171 1888 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 23:08:56.0406 1888 ImapiService - ok 23:08:56.0421 1888 ini910u - ok 23:08:56.0687 1888 [ 1A5B97B5BFFDE5742F4209F734C4FAF0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 23:08:57.0250 1888 IntcAzAudAddService - ok 23:08:57.0281 1888 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 23:08:57.0609 1888 IntelIde - ok 23:08:57.0640 1888 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 23:08:57.0828 1888 intelppm - ok 23:08:57.0890 1888 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 23:08:58.0062 1888 Ip6Fw - ok 23:08:58.0140 1888 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:08:58.0312 1888 IpFilterDriver - ok 23:08:58.0343 1888 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:08:58.0484 1888 IpInIp - ok 23:08:58.0515 1888 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:08:58.0687 1888 IpNat - ok 23:08:58.0718 1888 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:08:58.0890 1888 IPSec - ok 23:08:58.0921 1888 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys 23:08:59.0078 1888 irda - ok 23:08:59.0109 1888 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 23:08:59.0250 1888 IRENUM - ok 23:08:59.0281 1888 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll 23:08:59.0453 1888 Irmon - ok 23:08:59.0484 1888 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys 23:08:59.0593 1888 irsir - ok 23:08:59.0625 1888 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:08:59.0828 1888 isapnp - ok 23:08:59.0875 1888 [ 872D090CA5C306F62D1982BCE6302376 ] IWCA C:\WINDOWS\system32\DRIVERS\iwca.sys 23:08:59.0953 1888 IWCA - ok 23:08:59.0968 1888 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:09:00.0125 1888 Kbdclass - ok 23:09:00.0187 1888 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 23:09:00.0421 1888 kbdhid - ok 23:09:00.0453 1888 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 23:09:00.0609 1888 kmixer - ok 23:09:00.0609 1888 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 23:09:00.0734 1888 KSecDD - ok 23:09:00.0765 1888 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 23:09:00.0828 1888 lanmanserver - ok 23:09:00.0890 1888 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 23:09:00.0937 1888 lanmanworkstation - ok 23:09:00.0953 1888 lbrtfdc - ok 23:09:01.0000 1888 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 23:09:01.0171 1888 LmHosts - ok 23:09:01.0265 1888 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe 23:09:01.0312 1888 MDM - ok 23:09:01.0328 1888 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 23:09:01.0359 1888 mdmxsdk - ok 23:09:01.0390 1888 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 23:09:01.0609 1888 Messenger - ok 23:09:01.0640 1888 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 23:09:01.0859 1888 mnmdd - ok 23:09:01.0890 1888 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 23:09:02.0093 1888 mnmsrvc - ok 23:09:02.0156 1888 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 23:09:02.0328 1888 Modem - ok 23:09:02.0359 1888 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:09:02.0515 1888 Mouclass - ok 23:09:02.0546 1888 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:09:02.0703 1888 mouhid - ok 23:09:02.0734 1888 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 23:09:02.0875 1888 MountMgr - ok 23:09:02.0937 1888 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 23:09:02.0953 1888 MozillaMaintenance - ok 23:09:02.0968 1888 mraid35x - ok 23:09:02.0968 1888 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:09:03.0140 1888 MRxDAV - ok 23:09:03.0203 1888 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:09:03.0296 1888 MRxSmb - ok 23:09:03.0343 1888 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 23:09:03.0531 1888 MSDTC - ok 23:09:03.0578 1888 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys 23:09:03.0718 1888 MSDV - ok 23:09:03.0734 1888 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 23:09:03.0906 1888 Msfs - ok 23:09:03.0921 1888 MSIServer - ok 23:09:03.0953 1888 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:09:04.0125 1888 MSKSSRV - ok 23:09:04.0171 1888 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:09:04.0328 1888 MSPCLOCK - ok 23:09:04.0343 1888 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 23:09:04.0531 1888 MSPQM - ok 23:09:04.0562 1888 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:09:04.0718 1888 mssmbios - ok 23:09:04.0765 1888 [ 5C3F9BDF4DB23B75306388FC26A0A8E5 ] MSTAPE C:\WINDOWS\system32\DRIVERS\mstape.sys 23:09:04.0921 1888 MSTAPE - ok 23:09:04.0937 1888 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 23:09:05.0109 1888 MSTEE - ok 23:09:05.0156 1888 [ E333010A50BF603ACC350F6019E9CE02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 23:09:05.0218 1888 MTsensor - ok 23:09:05.0250 1888 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 23:09:05.0312 1888 Mup - ok 23:09:05.0343 1888 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 23:09:05.0500 1888 NABTSFEC - ok 23:09:05.0546 1888 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 23:09:05.0703 1888 napagent - ok 23:09:05.0734 1888 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 23:09:05.0906 1888 NDIS - ok 23:09:05.0953 1888 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 23:09:06.0109 1888 NdisIP - ok 23:09:06.0140 1888 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:09:06.0218 1888 NdisTapi - ok 23:09:06.0234 1888 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:09:06.0406 1888 Ndisuio - ok 23:09:06.0421 1888 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:09:06.0562 1888 NdisWan - ok 23:09:06.0593 1888 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 23:09:06.0640 1888 NDProxy - ok 23:09:06.0703 1888 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 23:09:06.0890 1888 NetBIOS - ok 23:09:06.0968 1888 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 23:09:07.0109 1888 NetBT - ok 23:09:07.0171 1888 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 23:09:07.0343 1888 NetDDE - ok 23:09:07.0359 1888 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 23:09:07.0515 1888 NetDDEdsdm - ok 23:09:07.0546 1888 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 23:09:07.0718 1888 Netlogon - ok 23:09:07.0750 1888 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 23:09:07.0937 1888 Netman - ok 23:09:08.0390 1888 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:09:08.0421 1888 NetTcpPortSharing - ok 23:09:08.0453 1888 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 23:09:08.0625 1888 NIC1394 - ok 23:09:08.0687 1888 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 23:09:08.0703 1888 Nla - ok 23:09:08.0718 1888 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 23:09:08.0890 1888 Npfs - ok 23:09:08.0937 1888 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 23:09:09.0359 1888 Ntfs - ok 23:09:09.0390 1888 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 23:09:09.0750 1888 NtLmSsp - ok 23:09:09.0812 1888 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 23:09:10.0015 1888 NtmsSvc - ok 23:09:10.0031 1888 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 23:09:10.0187 1888 Null - ok 23:09:10.0234 1888 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:09:10.0406 1888 NwlnkFlt - ok 23:09:10.0421 1888 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:09:10.0578 1888 NwlnkFwd - ok 23:09:10.0593 1888 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 23:09:10.0765 1888 ohci1394 - ok 23:09:10.0812 1888 [ BF5E627ABAA3B5D04B0104559654CB8A ] OwnershipProtocol C:\Programme\Intel\Wireless\Bin\OProtSvc.exe 23:09:10.0828 1888 OwnershipProtocol ( UnsignedFile.Multi.Generic ) - warning 23:09:10.0828 1888 OwnershipProtocol - detected UnsignedFile.Multi.Generic (1) 23:09:10.0875 1888 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 23:09:11.0000 1888 Parport - ok 23:09:11.0031 1888 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 23:09:11.0171 1888 PartMgr - ok 23:09:11.0203 1888 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 23:09:11.0375 1888 ParVdm - ok 23:09:11.0375 1888 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 23:09:11.0515 1888 PCI - ok 23:09:11.0515 1888 PCIDump - ok 23:09:11.0531 1888 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 23:09:11.0859 1888 PCIIde - ok 23:09:11.0859 1888 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 23:09:12.0187 1888 Pcmcia - ok 23:09:12.0203 1888 PDCOMP - ok 23:09:12.0203 1888 PDFRAME - ok 23:09:12.0218 1888 PDRELI - ok 23:09:12.0218 1888 PDRFRAME - ok 23:09:12.0234 1888 perc2 - ok 23:09:12.0234 1888 perc2hib - ok 23:09:12.0312 1888 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 23:09:12.0343 1888 PlugPlay - ok 23:09:12.0375 1888 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe 23:09:12.0437 1888 Pml Driver HPZ12 - ok 23:09:12.0453 1888 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 23:09:12.0750 1888 PolicyAgent - ok 23:09:12.0781 1888 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:09:12.0953 1888 PptpMiniport - ok 23:09:12.0953 1888 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 23:09:13.0109 1888 ProtectedStorage - ok 23:09:13.0109 1888 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 23:09:13.0281 1888 PSched - ok 23:09:13.0296 1888 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:09:13.0468 1888 Ptilink - ok 23:09:13.0468 1888 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 23:09:13.0500 1888 PxHelp20 - ok 23:09:13.0500 1888 ql1080 - ok 23:09:13.0500 1888 Ql10wnt - ok 23:09:13.0515 1888 ql12160 - ok 23:09:13.0515 1888 ql1240 - ok 23:09:13.0531 1888 ql1280 - ok 23:09:13.0562 1888 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:09:13.0734 1888 RasAcd - ok 23:09:13.0765 1888 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 23:09:13.0937 1888 RasAuto - ok 23:09:13.0984 1888 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys 23:09:14.0078 1888 Rasirda - ok 23:09:14.0093 1888 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:09:14.0234 1888 Rasl2tp - ok 23:09:14.0312 1888 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 23:09:14.0484 1888 RasMan - ok 23:09:14.0484 1888 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:09:14.0625 1888 RasPppoe - ok 23:09:14.0640 1888 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 23:09:14.0796 1888 Raspti - ok 23:09:14.0843 1888 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:09:14.0984 1888 Rdbss - ok 23:09:15.0000 1888 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:09:15.0187 1888 RDPCDD - ok 23:09:15.0234 1888 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 23:09:15.0328 1888 RDPWD - ok 23:09:15.0375 1888 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 23:09:15.0562 1888 RDSessMgr - ok 23:09:15.0609 1888 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 23:09:15.0765 1888 redbook - ok 23:09:15.0828 1888 [ E6CD560A4A16FEEE5503CB59A3E30A84 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 23:09:15.0875 1888 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 23:09:15.0875 1888 RegSrvc - detected UnsignedFile.Multi.Generic (1) 23:09:15.0906 1888 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 23:09:16.0109 1888 RemoteAccess - ok 23:09:16.0187 1888 [ 5338E12CC00F6CE1B11E252FFF25AC1E ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 23:09:16.0250 1888 rimsptsk - ok 23:09:16.0250 1888 [ C5B1E7188D110AA23961F29ABBAD8A47 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys 23:09:16.0281 1888 risdptsk - ok 23:09:16.0328 1888 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 23:09:16.0578 1888 RpcLocator - ok 23:09:16.0640 1888 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 23:09:16.0687 1888 RpcSs - ok 23:09:16.0750 1888 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 23:09:16.0968 1888 RSVP - ok 23:09:17.0000 1888 [ ACCAEF9F58AE156772BE67DF148C5B3A ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 23:09:17.0093 1888 RTL8023xp - ok 23:09:17.0125 1888 [ A57B20BB52B7C504B7A9FB4C82B639BA ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 23:09:17.0187 1888 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning 23:09:17.0187 1888 S24EventMonitor - detected UnsignedFile.Multi.Generic (1) 23:09:17.0218 1888 [ 9C40CB317400F2CF643B8706147DD06D ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys 23:09:17.0250 1888 s24trans ( UnsignedFile.Multi.Generic ) - warning 23:09:17.0250 1888 s24trans - detected UnsignedFile.Multi.Generic (1) 23:09:17.0281 1888 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 23:09:17.0484 1888 SamSs - ok 23:09:17.0546 1888 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 23:09:17.0812 1888 SCardSvr - ok 23:09:17.0859 1888 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 23:09:18.0015 1888 Schedule - ok 23:09:18.0062 1888 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:09:18.0203 1888 Secdrv - ok 23:09:18.0250 1888 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 23:09:18.0406 1888 seclogon - ok 23:09:18.0421 1888 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 23:09:18.0562 1888 SENS - ok 23:09:18.0593 1888 [ 412A3A8A9043616B9246BFEFC376E933 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS 23:09:18.0609 1888 Sentinel - ok 23:09:18.0625 1888 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 23:09:18.0796 1888 serenum - ok 23:09:18.0812 1888 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 23:09:18.0968 1888 Serial - ok 23:09:19.0015 1888 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 23:09:19.0171 1888 Sfloppy - ok 23:09:19.0234 1888 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 23:09:19.0406 1888 SharedAccess - ok 23:09:19.0453 1888 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 23:09:19.0484 1888 ShellHWDetection - ok 23:09:19.0484 1888 Simbad - ok 23:09:19.0531 1888 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 23:09:19.0718 1888 SLIP - ok 23:09:19.0765 1888 [ 054C6D41933B3BDB09DCA17DE08A97B2 ] SNTNLUSB C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS 23:09:19.0781 1888 SNTNLUSB - ok 23:09:19.0781 1888 Sparrow - ok 23:09:19.0812 1888 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 23:09:20.0000 1888 splitter - ok 23:09:20.0046 1888 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 23:09:20.0140 1888 Spooler - ok 23:09:20.0156 1888 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 23:09:20.0359 1888 sr - ok 23:09:20.0390 1888 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 23:09:20.0593 1888 srservice - ok 23:09:20.0625 1888 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 23:09:20.0734 1888 Srv - ok 23:09:20.0750 1888 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 23:09:20.0890 1888 SSDPSRV - ok 23:09:20.0906 1888 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 23:09:20.0937 1888 ssmdrv - ok 23:09:20.0968 1888 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 23:09:21.0109 1888 stisvc - ok 23:09:21.0171 1888 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 23:09:21.0328 1888 streamip - ok 23:09:21.0359 1888 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 23:09:21.0515 1888 swenum - ok 23:09:21.0546 1888 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 23:09:21.0687 1888 swmidi - ok 23:09:21.0703 1888 SwPrv - ok 23:09:21.0703 1888 symc810 - ok 23:09:21.0718 1888 symc8xx - ok 23:09:21.0718 1888 sym_hi - ok 23:09:21.0734 1888 sym_u3 - ok 23:09:21.0765 1888 [ 37CF9DAD5C9073CDCCC215F771A2CD68 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 23:09:21.0843 1888 SynTP - ok 23:09:21.0875 1888 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 23:09:22.0015 1888 sysaudio - ok 23:09:22.0062 1888 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 23:09:22.0203 1888 SysmonLog - ok 23:09:22.0265 1888 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 23:09:22.0421 1888 TapiSrv - ok 23:09:22.0468 1888 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:09:22.0515 1888 Tcpip - ok 23:09:22.0546 1888 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 23:09:22.0718 1888 TDPIPE - ok 23:09:22.0734 1888 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 23:09:22.0921 1888 TDTCP - ok 23:09:22.0953 1888 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 23:09:23.0140 1888 TermDD - ok 23:09:23.0218 1888 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 23:09:23.0421 1888 TermService - ok 23:09:23.0468 1888 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 23:09:23.0500 1888 Themes - ok 23:09:23.0500 1888 TosIde - ok 23:09:23.0546 1888 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 23:09:23.0734 1888 TrkWks - ok 23:09:23.0812 1888 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 23:09:24.0015 1888 Udfs - ok 23:09:24.0031 1888 ultra - ok 23:09:24.0031 1888 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 23:09:24.0156 1888 UMWdf - ok 23:09:24.0187 1888 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 23:09:24.0421 1888 Update - ok 23:09:24.0468 1888 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 23:09:24.0687 1888 upnphost - ok 23:09:24.0765 1888 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe 23:09:24.0828 1888 UPnPService ( UnsignedFile.Multi.Generic ) - warning 23:09:24.0828 1888 UPnPService - detected UnsignedFile.Multi.Generic (1) 23:09:24.0843 1888 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 23:09:25.0093 1888 UPS - ok 23:09:25.0187 1888 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 23:09:25.0453 1888 usbccgp - ok 23:09:25.0484 1888 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:09:25.0640 1888 usbehci - ok 23:09:25.0671 1888 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:09:25.0843 1888 usbhub - ok 23:09:25.0875 1888 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:09:26.0015 1888 usbprint - ok 23:09:26.0015 1888 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:09:26.0171 1888 USBSTOR - ok 23:09:26.0203 1888 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 23:09:26.0343 1888 usbuhci - ok 23:09:26.0359 1888 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 23:09:26.0500 1888 VgaSave - ok 23:09:26.0500 1888 ViaIde - ok 23:09:26.0515 1888 [ 9FE6C63D22ABFEA5C1D2B3EFB9D31619 ] Video3D C:\WINDOWS\system32\Drivers\Video3D.sys 23:09:26.0515 1888 Video3D ( UnsignedFile.Multi.Generic ) - warning 23:09:26.0515 1888 Video3D - detected UnsignedFile.Multi.Generic (1) 23:09:26.0531 1888 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 23:09:26.0703 1888 VolSnap - ok 23:09:26.0765 1888 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 23:09:26.0921 1888 VSS - ok 23:09:27.0125 1888 [ ADB2F5AF36155C9F1FBFD66A3ACACBE6 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys 23:09:27.0359 1888 w29n51 - ok 23:09:27.0406 1888 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 23:09:27.0578 1888 W32Time - ok 23:09:27.0656 1888 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:09:27.0875 1888 Wanarp - ok 23:09:27.0906 1888 WDICA - ok 23:09:27.0937 1888 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 23:09:28.0140 1888 wdmaud - ok 23:09:28.0218 1888 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 23:09:28.0421 1888 WebClient - ok 23:09:28.0500 1888 [ 448F0DE9B06386A4DD605D28C0CC5FEB ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 23:09:28.0578 1888 winachsf - ok 23:09:28.0640 1888 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 23:09:28.0859 1888 winmgmt - ok 23:09:28.0906 1888 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 23:09:28.0953 1888 WmdmPmSN - ok 23:09:29.0000 1888 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 23:09:29.0250 1888 WmiApSrv - ok 23:09:29.0281 1888 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys 23:09:29.0312 1888 WpdUsb - ok 23:09:29.0375 1888 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 23:09:29.0625 1888 wscsvc - ok 23:09:29.0671 1888 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 23:09:29.0921 1888 WSTCODEC - ok 23:09:29.0953 1888 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 23:09:30.0218 1888 wuauserv - ok 23:09:30.0265 1888 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 23:09:30.0453 1888 WZCSVC - ok 23:09:30.0484 1888 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 23:09:30.0640 1888 xmlprov - ok 23:09:30.0656 1888 [ 49A529FC3E953E2E67959148954D6913 ] zremote C:\WINDOWS\system32\drivers\zremote.sys 23:09:30.0718 1888 zremote ( UnsignedFile.Multi.Generic ) - warning 23:09:30.0718 1888 zremote - detected UnsignedFile.Multi.Generic (1) 23:09:30.0734 1888 ================ Scan global =============================== 23:09:30.0765 1888 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 23:09:30.0796 1888 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 23:09:30.0828 1888 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 23:09:30.0859 1888 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 23:09:30.0859 1888 [Global] - ok 23:09:30.0859 1888 ================ Scan MBR ================================== 23:09:30.0890 1888 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 23:09:31.0250 1888 \Device\Harddisk0\DR0 - ok 23:09:31.0265 1888 ================ Scan VBR ================================== 23:09:31.0265 1888 [ 5F75CF552460AB143B84CB8115E49489 ] \Device\Harddisk0\DR0\Partition1 23:09:31.0281 1888 \Device\Harddisk0\DR0\Partition1 - ok 23:09:31.0281 1888 [ BE65F8F5A96056EC400CDDE5990BB657 ] \Device\Harddisk0\DR0\Partition2 23:09:31.0281 1888 \Device\Harddisk0\DR0\Partition2 - ok 23:09:31.0296 1888 ============================================================ 23:09:31.0296 1888 Scan finished 23:09:31.0296 1888 ============================================================ 23:09:31.0406 2272 Detected object count: 14 23:09:31.0406 2272 Actual detected object count: 14 23:10:25.0781 2272 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0781 2272 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0781 2272 Asushwio ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0781 2272 Asushwio ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0781 2272 asuskbnt ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0781 2272 asuskbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0796 2272 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0796 2272 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0796 2272 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0796 2272 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0796 2272 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0796 2272 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0796 2272 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0796 2272 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0796 2272 OwnershipProtocol ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0796 2272 OwnershipProtocol ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0812 2272 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0812 2272 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0812 2272 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0812 2272 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0812 2272 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0812 2272 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0812 2272 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0812 2272 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0828 2272 Video3D ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0828 2272 Video3D ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:10:25.0828 2272 zremote ( UnsignedFile.Multi.Generic ) - skipped by user 23:10:25.0828 2272 zremote ( UnsignedFile.Multi.Generic ) - User select action: Skip Gute Nacht und bis morgen! Danke, daß Du so nett hilfst - solltest einen Orden kriegen! |
28.09.2012, 12:33 | #29 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
02.10.2012, 18:39 | #30 |
| BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? So, vom verlängerten Wochenende zurück, Internetzugang erbettelt und "gefixt": Hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-02.02 - Sport 02.10.2012 18:48:31.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1007.531 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Sport\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\Default User\WINDOWS c:\dokumente und einstellungen\Schule\WINDOWS c:\dokumente und einstellungen\Sport\WINDOWS c:\windows\IsUn0407.exe c:\windows\system32\config\systemprofile\WINDOWS . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-02 bis 2012-10-02 )))))))))))))))))))))))))))))) . . 2012-09-25 20:17 . 2012-09-25 20:17 -------- d-----w- C:\_OTL 2012-09-25 19:55 . 2012-09-25 19:55 1409 ----a-w- c:\windows\QTFont.for 2012-09-21 14:39 . 2012-09-21 14:39 73696 ----a-w- c:\programme\Mozilla Firefox\breakpadinjector.dll 2012-09-19 11:01 . 2012-09-19 11:01 -------- d-----w- c:\programme\ESET 2012-09-19 05:09 . 2011-07-08 14:02 10496 ----a-w- c:\windows\system32\dllcache\ndistapi.sys 2012-09-19 05:08 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\iacenc.dll 2012-09-19 05:08 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\dllcache\iacenc.dll 2012-09-19 05:08 . 2010-10-11 14:59 45568 ----a-w- c:\windows\system32\dllcache\wab.exe 2012-09-18 10:01 . 2010-09-18 06:52 954368 ----a-w- c:\windows\system32\dllcache\mfc40.dll 2012-09-18 10:01 . 2010-09-18 06:52 953856 ----a-w- c:\windows\system32\dllcache\mfc40u.dll 2012-09-18 09:54 . 2010-11-02 15:17 40960 ----a-w- c:\windows\system32\dllcache\ndproxy.sys 2012-09-18 09:51 . 2011-04-21 13:37 105472 ----a-w- c:\windows\system32\dllcache\mup.sys 2012-09-18 09:50 . 2012-07-04 14:05 139784 ----a-w- c:\windows\system32\dllcache\rdpwd.sys 2012-09-18 09:47 . 2012-05-28 18:16 536576 ----a-w- c:\windows\system32\dllcache\msado15.dll 2012-09-18 09:44 . 2011-04-29 19:07 852480 ----a-w- c:\windows\system32\dllcache\vgx.dll 2012-09-18 09:43 . 2010-08-23 16:11 617472 ----a-w- c:\windows\system32\dllcache\comctl32.dll 2012-09-17 20:46 . 2012-09-17 20:46 -------- d-----w- c:\windows\system32\wbem\Repository 2012-09-05 08:24 . 2012-09-05 08:24 -------- d-----w- c:\dokumente und einstellungen\Schüler\Lokale Einstellungen\Anwendungsdaten\Adobe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-21 06:55 . 2012-04-27 09:09 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-21 06:55 . 2012-04-27 09:09 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-07 15:04 . 2012-07-30 10:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-30 20:28 . 2004-09-07 14:34 672768 ----a-w- c:\windows\system32\wininet.dll 2012-08-30 20:28 . 2004-09-07 14:34 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-08-30 20:28 . 2004-09-07 14:33 81920 ----a-w- c:\windows\system32\ieencode.dll 2012-08-30 20:26 . 2004-09-07 14:33 371200 ----a-w- c:\windows\system32\html.iec 2012-07-18 16:04 . 2012-07-30 14:44 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-18 16:04 . 2012-07-30 14:44 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-07-18 16:04 . 2009-10-18 17:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-06 13:59 . 2004-09-07 14:33 78336 ----a-w- c:\windows\system32\browser.dll 2008-06-19 08:16 . 2008-06-19 08:16 118784 ----a-w- c:\programme\mozilla firefox\plugins\MyCamera.dll 2012-09-21 14:39 . 2012-05-23 07:37 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2005-08-28 102400] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952] "SoundMan"="SOUNDMAN.EXE" [2005-09-20 86016] "AlcWzrd"="ALCWZRD.EXE" [2005-10-10 2807808] "ASUS Live Update"="c:\programme\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032] "Wireless Console 2"="c:\programme\ASUS\Wireless Console 2\wcourier.exe" [2005-08-23 987136] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-08-18 737369] "RemoteControl"="c:\programme\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\programme\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 86016] "IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 401408] "IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 385024] "EOUApp"="c:\programme\Intel\Wireless\Bin\EOUWiz.exe" [2005-07-22 356352] "StreamZap Remote"="c:\programme\Streamzap\Remote\zremote.exe" [2005-03-28 655360] "TrayServer"="c:\programme\MAGIX\Video_deluxe_2008_Premium\TrayServer.exe" [2008-01-17 90112] "BrStsWnd"="c:\programme\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-09-21 98304] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\Sport\Startmenü\Programme\Autostart\ WISO Mein Sparbuch heute.lnk - c:\programme\WISO\Sparbuch 2009\meinsparbuchheute.exe [2009-9-15 1140008] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] ASUS ChkMail.lnk - c:\programme\ASUS\Asus ChkMail\ChkMail.exe [2006-2-10 32768] Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-07-22 20:46 110592 ----a-w- c:\programme\Intel\Wireless\Bin\LgNotify.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [30.07.2012 16:44 36000] R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.01.2008 09:19 501560] R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [30.07.2012 16:44 86224] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27.04.2012 11:09 250288] S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [01.01.2007 20:44 5824] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [02.03.2009 08:42 1527900] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [23.05.2012 09:37 114144] S3 UPnPService;UPnPService;c:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [02.03.2009 08:44 544768] S3 zremote;zremote;c:\windows\system32\drivers\zremote.sys [01.03.2004 14:57 10368] . Inhalt des "geplante Tasks" Ordners . 2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 06:55] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.spiegel.de/ uInternet Connection Wizard,ShellNext = hxxp://www.spiegel.de/ IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\dokumente und einstellungen\Sport\Anwendungsdaten\Mozilla\Firefox\Profiles\1fcmdhh2.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966 - c:\programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966 AddRemove-Mediothek Biologie 1 - c:\windows\IsUn0407.exe AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-10-02 18:54 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(612) c:\programme\Intel\Wireless\Bin\LgNotify.dll . Zeit der Fertigstellung: 2012-10-02 18:56:03 ComboFix-quarantined-files.txt 2012-10-02 16:56 . Vor Suchlauf: 11 Verzeichnis(se), 20.946.528.768 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 21.168.328.704 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 94D56E69A21F8552F70A1E5A44243917 Nach wie vor behauptet er, es gäbe keine drahtlose Netzwerkverbindung in Reichweite. Außerdem kommt immer noch die "Can't find flash.ocx" Meldung... Liebe Grüße und schönen Feiertag, Chrys |
Themen zu BKA-Sperrung auch bei mir - Rechner wieder sauber (zu kriegen)? |
32 bit, administrator, askbar, avira, bka sperrbildschirm, canon, computer, dateien, eingefroren, escape, explorer, firewall, hdaudio.sys, kis, malwarebytes, neu, neustarten, problem, programme, prozesse, schließen, tan, task-manager, taskmanager, trojaner, trojaner?, updates, virus, virus?, warnung |