| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Warten Sie während Verbindung hergestellt wird - TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.10.2012, 13:59
| #31 | |
 |  Warten Sie während Verbindung hergestellt wird - TrojanerZitat:
EDIT: Es funktioniert aber nur Firefox, bei IE steht immer: Die Website kann nicht angezeigt werden. |
|
18.10.2012, 14:45
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Warten Sie während Verbindung hergestellt wird - Trojaner Ok, dann mach jetzt bitte das Log mit dem TDSS-Killer
__________________
__________________ |
|
18.10.2012, 18:50
| #33 |
| | Warten Sie während Verbindung hergestellt wird - Trojaner Ich kann nichts auf den Desktop kopieren, auch das Kaspersky-Tool nicht. Oder darf ich es auch so aus dem Ordner Downloads starten?
__________________Ich weiß zudem nicht wie man Avira ausschaltet  Ich weiß nur wie ich den Antivir Guard deaktiviere. Und deinstallieren wollte ich es nicht, falls die Malware-Meldungen noch gebraucht werden. Bitte um Hilfe, Gruß Geralt |
|
18.10.2012, 20:38
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Warten Sie während Verbindung hergestellt wird - Trojaner Aus dem Ordner Downloads geht es auch Und ja, mit ausschalten wird deaktivieren des Guards gemeint
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2012, 20:59
| #35 |
| | Warten Sie während Verbindung hergestellt wird - Trojaner Hier das Log von Kaspersky, tut mir leid, dass es diemal etwas länger gedauert hat, ich bin einfach nicht dazugekommen. Hätte nicht gedacht, dass das so schnell erledigt ist. Code:
ATTFilter 20:26:07.0254 5796 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:26:07.0301 5796 ============================================================
20:26:07.0301 5796 Current date / time: 2012/10/19 20:26:07.0301
20:26:07.0301 5796 SystemInfo:
20:26:07.0301 5796
20:26:07.0301 5796 OS Version: 5.1.2600 ServicePack: 3.0
20:26:07.0301 5796 Product type: Workstation
20:26:07.0301 5796 ComputerName: TONI
20:26:07.0301 5796 UserName: ***
20:26:07.0301 5796 Windows directory: C:\WINDOWS
20:26:07.0301 5796 System windows directory: C:\WINDOWS
20:26:07.0301 5796 Processor architecture: Intel x86
20:26:07.0301 5796 Number of processors: 2
20:26:07.0301 5796 Page size: 0x1000
20:26:07.0301 5796 Boot type: Normal boot
20:26:07.0301 5796 ============================================================
20:26:07.0520 5796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:26:07.0535 5796 ============================================================
20:26:07.0535 5796 \Device\Harddisk0\DR0:
20:26:07.0535 5796 MBR partitions:
20:26:07.0535 5796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
20:26:07.0535 5796 ============================================================
20:26:07.0567 5796 C: <-> \Device\Harddisk0\DR0\Partition1
20:26:07.0567 5796 ============================================================
20:26:07.0567 5796 Initialize success
20:26:07.0567 5796 ============================================================
20:28:29.0020 4948 ============================================================
20:28:29.0020 4948 Scan started
20:28:29.0020 4948 Mode: Manual; SigCheck; TDLFS;
20:28:29.0020 4948 ============================================================
20:28:29.0113 4948 ================ Scan system memory ========================
20:28:29.0129 4948 System memory - ok
20:28:29.0129 4948 ================ Scan services =============================
20:28:29.0192 4948 Abiosdsk - ok
20:28:29.0192 4948 abp480n5 - ok
20:28:29.0223 4948 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:28:30.0301 4948 ACPI - ok
20:28:30.0332 4948 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:28:30.0457 4948 ACPIEC - ok
20:28:30.0457 4948 ADIHdAudAddService - ok
20:28:30.0457 4948 adpu160m - ok
20:28:30.0473 4948 AEAudioService - ok
20:28:30.0488 4948 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:28:30.0567 4948 aec - ok
20:28:30.0598 4948 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:28:30.0629 4948 AFD - ok
20:28:30.0629 4948 Aha154x - ok
20:28:30.0629 4948 aic78u2 - ok
20:28:30.0629 4948 aic78xx - ok
20:28:30.0660 4948 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:28:30.0738 4948 Alerter - ok
20:28:30.0754 4948 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:28:30.0848 4948 ALG - ok
20:28:30.0848 4948 AliIde - ok
20:28:30.0879 4948 [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:28:30.0910 4948 AmdK8 - ok
20:28:30.0910 4948 amsint - ok
20:28:31.0004 4948 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:28:31.0020 4948 AntiVirSchedulerService - ok
20:28:31.0035 4948 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:28:31.0051 4948 AntiVirService - ok
20:28:31.0082 4948 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:28:31.0098 4948 Apple Mobile Device - ok
20:28:31.0098 4948 AppMgmt - ok
20:28:31.0113 4948 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:28:31.0192 4948 Arp1394 - ok
20:28:31.0192 4948 asc - ok
20:28:31.0207 4948 asc3350p - ok
20:28:31.0207 4948 asc3550 - ok
20:28:31.0285 4948 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:28:31.0317 4948 aspnet_state - ok
20:28:31.0332 4948 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:28:31.0410 4948 AsyncMac - ok
20:28:31.0426 4948 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:28:31.0504 4948 atapi - ok
20:28:31.0520 4948 Atdisk - ok
20:28:31.0551 4948 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:28:32.0551 4948 atksgt - ok
20:28:32.0582 4948 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:28:32.0660 4948 Atmarpc - ok
20:28:32.0692 4948 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:28:32.0770 4948 AudioSrv - ok
20:28:32.0801 4948 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:28:32.0895 4948 audstub - ok
20:28:32.0926 4948 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
20:28:32.0926 4948 avgio - ok
20:28:32.0942 4948 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:28:32.0957 4948 avgntflt - ok
20:28:32.0988 4948 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:28:33.0004 4948 avipbb - ok
20:28:33.0035 4948 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:28:33.0113 4948 Beep - ok
20:28:33.0145 4948 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:28:33.0238 4948 BITS - ok
20:28:33.0301 4948 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
20:28:33.0317 4948 Bonjour Service - ok
20:28:33.0348 4948 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
20:28:33.0426 4948 Browser - ok
20:28:33.0473 4948 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:28:33.0582 4948 cbidf2k - ok
20:28:33.0582 4948 cd20xrnt - ok
20:28:33.0613 4948 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:28:33.0692 4948 Cdaudio - ok
20:28:33.0707 4948 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:28:33.0785 4948 Cdfs - ok
20:28:33.0817 4948 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:28:33.0910 4948 Cdrom - ok
20:28:33.0910 4948 Changer - ok
20:28:33.0942 4948 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:28:34.0035 4948 CiSvc - ok
20:28:34.0051 4948 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:28:34.0129 4948 ClipSrv - ok
20:28:34.0145 4948 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:34.0270 4948 clr_optimization_v2.0.50727_32 - ok
20:28:34.0270 4948 CmdIde - ok
20:28:34.0270 4948 COMSysApp - ok
20:28:34.0285 4948 Cpqarray - ok
20:28:34.0317 4948 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:28:34.0410 4948 CryptSvc - ok
20:28:34.0410 4948 dac2w2k - ok
20:28:34.0426 4948 dac960nt - ok
20:28:34.0457 4948 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:28:34.0504 4948 DcomLaunch - ok
20:28:34.0504 4948 dgderdrv - ok
20:28:34.0535 4948 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:28:34.0629 4948 Dhcp - ok
20:28:34.0645 4948 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:28:34.0723 4948 Disk - ok
20:28:34.0723 4948 dmadmin - ok
20:28:34.0754 4948 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:28:34.0879 4948 dmboot - ok
20:28:34.0895 4948 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:28:34.0988 4948 dmio - ok
20:28:35.0004 4948 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:28:35.0098 4948 dmload - ok
20:28:35.0129 4948 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:28:35.0207 4948 dmserver - ok
20:28:35.0207 4948 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:28:35.0301 4948 DMusic - ok
20:28:35.0332 4948 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:28:35.0379 4948 Dnscache - ok
20:28:35.0395 4948 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:28:35.0488 4948 Dot3svc - ok
20:28:35.0488 4948 dpti2o - ok
20:28:35.0504 4948 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:28:35.0582 4948 drmkaud - ok
20:28:35.0582 4948 EagleNT - ok
20:28:35.0598 4948 EagleXNt - ok
20:28:35.0613 4948 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:28:35.0692 4948 EapHost - ok
20:28:35.0707 4948 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:28:35.0785 4948 ERSvc - ok
20:28:35.0817 4948 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:28:35.0848 4948 Eventlog - ok
20:28:35.0863 4948 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
20:28:35.0910 4948 EventSystem - ok
20:28:35.0926 4948 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:28:36.0004 4948 Fastfat - ok
20:28:36.0035 4948 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:28:36.0067 4948 FastUserSwitchingCompatibility - ok
20:28:36.0098 4948 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:28:36.0176 4948 Fdc - ok
20:28:36.0192 4948 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:28:36.0285 4948 Fips - ok
20:28:36.0301 4948 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:28:36.0363 4948 Flpydisk - ok
20:28:36.0410 4948 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:28:36.0488 4948 FltMgr - ok
20:28:36.0567 4948 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:28:36.0582 4948 FontCache3.0.0.0 - ok
20:28:36.0660 4948 [ A6F98D7FB17477E6EC99538223B54DAA ] ForceWare Intelligent Application Manager (IAM) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
20:28:36.0676 4948 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
20:28:36.0676 4948 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
20:28:36.0707 4948 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
20:28:36.0723 4948 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
20:28:36.0723 4948 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
20:28:36.0738 4948 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:28:36.0754 4948 fssfltr - ok
20:28:36.0832 4948 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Programme\Windows Live\Family Safety\fsssvc.exe
20:28:36.0863 4948 fsssvc - ok
20:28:36.0910 4948 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
20:28:36.0926 4948 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:28:36.0926 4948 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:28:36.0926 4948 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:28:37.0020 4948 Fs_Rec - ok
20:28:37.0035 4948 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:28:37.0129 4948 Ftdisk - ok
20:28:37.0145 4948 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:28:37.0223 4948 gameenum - ok
20:28:37.0254 4948 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:28:37.0270 4948 GEARAspiWDM - ok
20:28:37.0301 4948 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:28:37.0379 4948 Gpc - ok
20:28:37.0426 4948 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9fd9be36a0d4a C:\Programme\Google\Update\GoogleUpdate.exe
20:28:37.0442 4948 gupdate1c9fd9be36a0d4a - ok
20:28:37.0442 4948 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
20:28:37.0457 4948 gupdatem - ok
20:28:37.0488 4948 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
20:28:37.0504 4948 gusvc - ok
20:28:37.0520 4948 [ F58D2900C66A1E773E3375098E0E9337 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
20:28:37.0551 4948 HdAudAddService - ok
20:28:37.0582 4948 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:28:37.0660 4948 HDAudBus - ok
20:28:37.0723 4948 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:28:37.0801 4948 helpsvc - ok
20:28:37.0817 4948 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
20:28:37.0895 4948 HidServ - ok
20:28:37.0895 4948 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:28:37.0973 4948 HidUsb - ok
20:28:38.0004 4948 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:28:38.0067 4948 hkmsvc - ok
20:28:38.0082 4948 hpn - ok
20:28:38.0192 4948 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
20:28:38.0207 4948 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:28:38.0207 4948 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:28:38.0238 4948 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
20:28:38.0238 4948 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:28:38.0238 4948 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:28:38.0285 4948 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:28:38.0363 4948 HPZid412 - ok
20:28:38.0395 4948 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:28:38.0410 4948 HPZipr12 - ok
20:28:38.0442 4948 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:28:38.0457 4948 HPZius12 - ok
20:28:38.0488 4948 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:28:38.0520 4948 HTTP - ok
20:28:38.0551 4948 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:28:38.0645 4948 HTTPFilter - ok
20:28:38.0645 4948 i2omgmt - ok
20:28:38.0660 4948 i2omp - ok
20:28:38.0676 4948 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:28:38.0754 4948 i8042prt - ok
20:28:38.0801 4948 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:28:38.0801 4948 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:28:38.0801 4948 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:28:38.0848 4948 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:28:38.0879 4948 idsvc - ok
20:28:38.0910 4948 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:28:38.0988 4948 Imapi - ok
20:28:39.0004 4948 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
20:28:39.0082 4948 ImapiService - ok
20:28:39.0098 4948 ini910u - ok
20:28:39.0098 4948 IntelIde - ok
20:28:39.0129 4948 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:28:39.0192 4948 Ip6Fw - ok
20:28:39.0223 4948 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:28:39.0317 4948 IpFilterDriver - ok
20:28:39.0332 4948 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:28:39.0410 4948 IpInIp - ok
20:28:39.0426 4948 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:28:39.0504 4948 IpNat - ok
20:28:39.0551 4948 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Programme\iPod\bin\iPodService.exe
20:28:39.0567 4948 iPod Service - ok
20:28:39.0598 4948 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:28:39.0676 4948 IPSec - ok
20:28:39.0692 4948 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:28:39.0785 4948 IRENUM - ok
20:28:39.0785 4948 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:28:39.0863 4948 isapnp - ok
20:28:39.0895 4948 [ B7A5FADF67136FDA7E8F25303565B674 ] ithsgt C:\WINDOWS\system32\DRIVERS\ithsgt.sys
20:28:39.0910 4948 ithsgt ( UnsignedFile.Multi.Generic ) - warning
20:28:39.0910 4948 ithsgt - detected UnsignedFile.Multi.Generic (1)
20:28:39.0957 4948 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
20:28:39.0973 4948 JavaQuickStarterService - ok
20:28:39.0988 4948 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:28:40.0067 4948 Kbdclass - ok
20:28:40.0082 4948 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:28:40.0160 4948 kmixer - ok
20:28:40.0192 4948 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:28:40.0223 4948 KSecDD - ok
20:28:40.0270 4948 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:28:40.0285 4948 lanmanserver - ok
20:28:40.0317 4948 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:28:40.0348 4948 lanmanworkstation - ok
20:28:40.0348 4948 lbrtfdc - ok
20:28:40.0379 4948 [ 16767EA492B5D140E1DE3679A65EAE74 ] lilsgt C:\WINDOWS\system32\DRIVERS\lilsgt.sys
20:28:40.0379 4948 lilsgt ( UnsignedFile.Multi.Generic ) - warning
20:28:40.0379 4948 lilsgt - detected UnsignedFile.Multi.Generic (1)
20:28:40.0395 4948 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:28:40.0426 4948 lirsgt - ok
20:28:40.0442 4948 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:28:40.0520 4948 LmHosts - ok
20:28:40.0582 4948 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
20:28:40.0598 4948 MDM - ok
20:28:40.0613 4948 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:28:40.0692 4948 Messenger - ok
20:28:40.0723 4948 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:28:40.0817 4948 mnmdd - ok
20:28:40.0832 4948 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:28:40.0926 4948 mnmsrvc - ok
20:28:40.0926 4948 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:28:41.0004 4948 Modem - ok
20:28:41.0020 4948 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:28:41.0098 4948 Mouclass - ok
20:28:41.0113 4948 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:28:41.0207 4948 mouhid - ok
20:28:41.0223 4948 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:28:41.0301 4948 MountMgr - ok
20:28:41.0301 4948 mraid35x - ok
20:28:41.0317 4948 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:28:41.0395 4948 MRxDAV - ok
20:28:41.0442 4948 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:28:41.0504 4948 MRxSmb - ok
20:28:41.0535 4948 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:28:41.0613 4948 MSDTC - ok
20:28:41.0629 4948 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:28:41.0707 4948 Msfs - ok
20:28:41.0723 4948 MSIServer - ok
20:28:41.0738 4948 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:28:41.0817 4948 MSKSSRV - ok
20:28:41.0832 4948 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:28:41.0910 4948 MSPCLOCK - ok
20:28:41.0926 4948 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:28:42.0004 4948 MSPQM - ok
20:28:42.0035 4948 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:28:42.0098 4948 mssmbios - ok
20:28:42.0145 4948 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
20:28:42.0160 4948 MTsensor - ok
20:28:42.0192 4948 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:28:42.0207 4948 Mup - ok
20:28:42.0254 4948 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:28:42.0348 4948 napagent - ok
20:28:42.0395 4948 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:28:42.0473 4948 NDIS - ok
20:28:42.0473 4948 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:28:42.0504 4948 NdisTapi - ok
20:28:42.0504 4948 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:28:42.0598 4948 Ndisuio - ok
20:28:42.0613 4948 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:28:42.0676 4948 NdisWan - ok
20:28:42.0707 4948 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:28:42.0723 4948 NDProxy - ok
20:28:42.0754 4948 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:28:42.0770 4948 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:28:42.0770 4948 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:28:42.0770 4948 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:28:42.0848 4948 NetBIOS - ok
20:28:42.0863 4948 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:28:42.0942 4948 NetBT - ok
20:28:42.0973 4948 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:28:43.0067 4948 NetDDE - ok
20:28:43.0067 4948 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:28:43.0145 4948 NetDDEdsdm - ok
20:28:43.0176 4948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:28:43.0254 4948 Netlogon - ok
20:28:43.0285 4948 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:28:43.0363 4948 Netman - ok
20:28:43.0395 4948 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:28:43.0410 4948 NetTcpPortSharing - ok
20:28:43.0426 4948 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:28:43.0504 4948 NIC1394 - ok
20:28:43.0535 4948 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:28:43.0535 4948 Nla - ok
20:28:43.0567 4948 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:28:43.0645 4948 Npfs - ok
20:28:43.0645 4948 [ C98168642B15B5EC4AF116E4C30C8BAF ] nSvcIp C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
20:28:43.0660 4948 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
20:28:43.0660 4948 nSvcIp - detected UnsignedFile.Multi.Generic (1)
20:28:43.0692 4948 [ 381A4EDAC8C5D4327E27387686087A99 ] nSvcLog C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
20:28:43.0707 4948 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
20:28:43.0707 4948 nSvcLog - detected UnsignedFile.Multi.Generic (1)
20:28:43.0723 4948 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:28:43.0817 4948 Ntfs - ok
20:28:43.0832 4948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:28:43.0910 4948 NtLmSsp - ok
20:28:43.0942 4948 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:28:44.0035 4948 NtmsSvc - ok
20:28:44.0051 4948 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:28:44.0067 4948 NuidFltr - ok
20:28:44.0067 4948 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:28:44.0160 4948 Null - ok
20:28:44.0317 4948 [ F8BE83F0C686533170F7537E94BF411A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:28:44.0645 4948 nv - ok
20:28:44.0676 4948 [ 3AC5EEDD35B7437D53960F3998BFA462 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
20:28:44.0707 4948 nvata - ok
20:28:44.0723 4948 [ B9333604527E02CD2223F200C0BAE7E0 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:28:44.0754 4948 NVENETFD - ok
20:28:44.0785 4948 [ 5E9E55F7EE644C7C5FD78A206FBE37AB ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:28:44.0801 4948 nvnetbus - ok
20:28:44.0817 4948 [ E9E110CDF6A063A5F9B841C36FB5CC95 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:28:44.0848 4948 NVSvc - ok
20:28:44.0879 4948 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:28:44.0957 4948 NwlnkFlt - ok
20:28:44.0988 4948 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:28:45.0082 4948 NwlnkFwd - ok
20:28:45.0113 4948 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:28:45.0192 4948 ohci1394 - ok
20:28:45.0192 4948 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:28:45.0270 4948 Parport - ok
20:28:45.0285 4948 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:28:45.0363 4948 PartMgr - ok
20:28:45.0395 4948 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:28:45.0488 4948 ParVdm - ok
20:28:45.0488 4948 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:28:45.0567 4948 PCI - ok
20:28:45.0567 4948 PCIDump - ok
20:28:45.0582 4948 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:28:45.0676 4948 PCIIde - ok
20:28:45.0692 4948 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:28:45.0770 4948 Pcmcia - ok
20:28:45.0785 4948 PDCOMP - ok
20:28:45.0785 4948 PDFRAME - ok
20:28:45.0785 4948 PDRELI - ok
20:28:45.0785 4948 PDRFRAME - ok
20:28:45.0801 4948 perc2 - ok
20:28:45.0801 4948 perc2hib - ok
20:28:45.0817 4948 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:28:45.0863 4948 PlugPlay - ok
20:28:45.0879 4948 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:28:45.0895 4948 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:28:45.0895 4948 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:28:45.0910 4948 [ A9D6B1E7EF097C7F3B5DC4F56C0E7386 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
20:28:45.0910 4948 PnkBstrA - ok
20:28:45.0926 4948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:28:45.0988 4948 PolicyAgent - ok
20:28:46.0020 4948 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:28:46.0098 4948 PptpMiniport - ok
20:28:46.0098 4948 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:28:46.0176 4948 Processor - ok
20:28:46.0192 4948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:28:46.0270 4948 ProtectedStorage - ok
20:28:46.0285 4948 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:28:46.0363 4948 PSched - ok
20:28:46.0379 4948 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:28:46.0457 4948 Ptilink - ok
20:28:46.0457 4948 PxHelp20 - ok
20:28:46.0457 4948 ql1080 - ok
20:28:46.0473 4948 Ql10wnt - ok
20:28:46.0473 4948 ql12160 - ok
20:28:46.0473 4948 ql1240 - ok
20:28:46.0488 4948 ql1280 - ok
20:28:46.0504 4948 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:28:46.0598 4948 RasAcd - ok
20:28:46.0629 4948 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:28:46.0723 4948 RasAuto - ok
20:28:46.0723 4948 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:28:46.0801 4948 Rasl2tp - ok
20:28:46.0817 4948 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:28:46.0895 4948 RasMan - ok
20:28:46.0910 4948 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:28:46.0988 4948 RasPppoe - ok
20:28:47.0004 4948 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:28:47.0082 4948 Raspti - ok
20:28:47.0098 4948 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:28:47.0176 4948 Rdbss - ok
20:28:47.0192 4948 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:28:47.0270 4948 RDPCDD - ok
20:28:47.0317 4948 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:28:47.0348 4948 RDPWD - ok
20:28:47.0379 4948 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:28:47.0457 4948 RDSessMgr - ok
20:28:47.0488 4948 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:28:47.0567 4948 redbook - ok
20:28:47.0598 4948 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:28:47.0692 4948 RemoteAccess - ok
20:28:47.0707 4948 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:28:47.0785 4948 RpcLocator - ok
20:28:47.0801 4948 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:28:47.0832 4948 RpcSs - ok
20:28:47.0879 4948 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:28:47.0957 4948 RSVP - ok
20:28:47.0988 4948 [ 69013A123A00B3042C260B0056DF0152 ] s1029bus C:\WINDOWS\system32\DRIVERS\s1029bus.sys
20:28:48.0957 4948 s1029bus - ok
20:28:48.0988 4948 [ 1565FC31F872963FE8AF471123D8424C ] s1029mdfl C:\WINDOWS\system32\DRIVERS\s1029mdfl.sys
20:28:48.0988 4948 s1029mdfl - ok
20:28:49.0035 4948 [ D67A8042ECF6C983AC0E308B36603677 ] s1029mdm C:\WINDOWS\system32\DRIVERS\s1029mdm.sys
20:28:49.0051 4948 s1029mdm - ok
20:28:49.0051 4948 [ 9AC56F06C1E13A963C82EBD067FDF274 ] s1029mgmt C:\WINDOWS\system32\DRIVERS\s1029mgmt.sys
20:28:49.0082 4948 s1029mgmt - ok
20:28:49.0113 4948 [ 00C66C6BAAFB2747F15F94F15888C94A ] s1029nd5 C:\WINDOWS\system32\DRIVERS\s1029nd5.sys
20:28:49.0129 4948 s1029nd5 - ok
20:28:49.0129 4948 [ 6FC093ABA554E45755DC2F3896B6C8D7 ] s1029obex C:\WINDOWS\system32\DRIVERS\s1029obex.sys
20:28:49.0145 4948 s1029obex - ok
20:28:49.0160 4948 [ 9979B0E68815394665B2109B03D15FA1 ] s1029unic C:\WINDOWS\system32\DRIVERS\s1029unic.sys
20:28:49.0176 4948 s1029unic - ok
20:28:49.0192 4948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:28:49.0270 4948 SamSs - ok
20:28:49.0301 4948 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:28:49.0379 4948 SCardSvr - ok
20:28:49.0410 4948 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:28:49.0504 4948 Schedule - ok
20:28:49.0567 4948 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:28:49.0582 4948 SeaPort - ok
20:28:49.0598 4948 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:28:49.0676 4948 Secdrv - ok
20:28:49.0676 4948 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:28:49.0754 4948 seclogon - ok
20:28:49.0754 4948 SenFiltService - ok
20:28:49.0770 4948 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:28:49.0832 4948 SENS - ok
20:28:49.0863 4948 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:28:49.0942 4948 serenum - ok
20:28:49.0957 4948 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:28:50.0035 4948 Serial - ok
20:28:50.0067 4948 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
20:28:50.0067 4948 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
20:28:50.0067 4948 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
20:28:50.0082 4948 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
20:28:50.0082 4948 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
20:28:50.0082 4948 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
20:28:50.0098 4948 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:28:50.0176 4948 Sfloppy - ok
20:28:50.0192 4948 [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
20:28:50.0207 4948 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
20:28:50.0207 4948 sfsync02 - detected UnsignedFile.Multi.Generic (1)
20:28:50.0223 4948 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
20:28:50.0223 4948 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
20:28:50.0223 4948 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
20:28:50.0270 4948 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:28:50.0348 4948 SharedAccess - ok
20:28:50.0379 4948 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:28:50.0395 4948 ShellHWDetection - ok
20:28:50.0395 4948 Simbad - ok
20:28:50.0395 4948 Sparrow - ok
20:28:50.0426 4948 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:28:50.0504 4948 splitter - ok
20:28:50.0535 4948 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:28:50.0551 4948 Spooler - ok
20:28:50.0598 4948 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:28:50.0660 4948 sr - ok
20:28:50.0707 4948 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
20:28:50.0785 4948 srservice - ok
20:28:50.0801 4948 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:28:50.0832 4948 Srv - ok
20:28:50.0863 4948 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:28:50.0942 4948 SSDPSRV - ok
20:28:50.0973 4948 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:28:50.0973 4948 ssmdrv - ok
20:28:51.0004 4948 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:28:51.0098 4948 stisvc - ok
20:28:51.0129 4948 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:28:51.0192 4948 swenum - ok
20:28:51.0207 4948 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:28:51.0301 4948 swmidi - ok
20:28:51.0301 4948 SwPrv - ok
20:28:51.0301 4948 symc810 - ok
20:28:51.0317 4948 symc8xx - ok
20:28:51.0317 4948 sym_hi - ok
20:28:51.0317 4948 sym_u3 - ok
20:28:51.0332 4948 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:28:51.0410 4948 sysaudio - ok
20:28:51.0426 4948 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:28:51.0520 4948 SysmonLog - ok
20:28:51.0551 4948 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:28:51.0629 4948 TapiSrv - ok
20:28:51.0645 4948 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:28:51.0676 4948 Tcpip - ok
20:28:51.0692 4948 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:28:51.0770 4948 TDPIPE - ok
20:28:51.0817 4948 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:28:51.0879 4948 TDTCP - ok
20:28:51.0895 4948 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:28:51.0973 4948 TermDD - ok
20:28:52.0004 4948 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:28:52.0098 4948 TermService - ok
20:28:52.0098 4948 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:28:52.0113 4948 Themes - ok
20:28:52.0113 4948 TosIde - ok
20:28:52.0145 4948 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:28:52.0223 4948 TrkWks - ok
20:28:52.0254 4948 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:28:52.0348 4948 Udfs - ok
20:28:52.0348 4948 ultra - ok
20:28:52.0379 4948 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:28:52.0488 4948 Update - ok
20:28:52.0520 4948 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:28:52.0598 4948 upnphost - ok
20:28:52.0629 4948 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:28:52.0707 4948 UPS - ok
20:28:52.0723 4948 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:28:52.0754 4948 USBAAPL - ok
20:28:52.0770 4948 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:28:52.0848 4948 usbccgp - ok
20:28:52.0863 4948 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:28:52.0942 4948 usbehci - ok
20:28:52.0973 4948 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:28:53.0051 4948 usbhub - ok
20:28:53.0067 4948 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:28:53.0160 4948 usbohci - ok
20:28:53.0160 4948 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:28:53.0238 4948 usbprint - ok
20:28:53.0254 4948 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:28:53.0317 4948 usbscan - ok
20:28:53.0332 4948 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:28:53.0395 4948 usbstor - ok
20:28:53.0426 4948 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
20:28:53.0442 4948 VClone ( UnsignedFile.Multi.Generic ) - warning
20:28:53.0442 4948 VClone - detected UnsignedFile.Multi.Generic (1)
20:28:53.0457 4948 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:28:53.0535 4948 VgaSave - ok
20:28:53.0535 4948 ViaIde - ok
20:28:53.0551 4948 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:28:53.0613 4948 VolSnap - ok
20:28:53.0660 4948 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:28:53.0754 4948 VSS - ok
20:28:53.0770 4948 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
20:28:53.0848 4948 W32Time - ok
20:28:53.0863 4948 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:28:53.0942 4948 Wanarp - ok
20:28:53.0973 4948 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:28:53.0988 4948 Wdf01000 - ok
20:28:53.0988 4948 WDICA - ok
20:28:54.0020 4948 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:28:54.0082 4948 wdmaud - ok
20:28:54.0113 4948 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:28:54.0192 4948 WebClient - ok
20:28:54.0254 4948 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:28:54.0348 4948 winmgmt - ok
20:28:54.0379 4948 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:28:54.0457 4948 WmdmPmSN - ok
20:28:54.0488 4948 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:28:54.0567 4948 WmiApSrv - ok
20:28:54.0645 4948 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
20:28:54.0692 4948 WMPNetworkSvc - ok
20:28:54.0723 4948 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:28:54.0754 4948 WpdUsb - ok
20:28:54.0801 4948 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:28:54.0879 4948 WS2IFSL - ok
20:28:54.0910 4948 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:28:54.0973 4948 wuauserv - ok
20:28:55.0004 4948 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:28:55.0035 4948 WudfPf - ok
20:28:55.0035 4948 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:28:55.0067 4948 WudfRd - ok
20:28:55.0067 4948 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:28:55.0082 4948 WudfSvc - ok
20:28:55.0113 4948 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:28:55.0207 4948 WZCSVC - ok
20:28:55.0223 4948 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:28:55.0317 4948 xmlprov - ok
20:28:55.0317 4948 ================ Scan global ===============================
20:28:55.0363 4948 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:28:55.0395 4948 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:28:55.0410 4948 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:28:55.0442 4948 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:28:55.0442 4948 [Global] - ok
20:28:55.0442 4948 ================ Scan MBR ==================================
20:28:55.0457 4948 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:28:55.0629 4948 \Device\Harddisk0\DR0 - ok
20:28:55.0629 4948 ================ Scan VBR ==================================
20:28:55.0629 4948 [ CFEF7ECCEEEE025DB2601A6C1CBE7DD9 ] \Device\Harddisk0\DR0\Partition1
20:28:55.0645 4948 \Device\Harddisk0\DR0\Partition1 - ok
20:28:55.0645 4948 ============================================================
20:28:55.0645 4948 Scan finished
20:28:55.0645 4948 ============================================================
20:28:55.0754 4940 Detected object count: 17
20:28:55.0754 4940 Actual detected object count: 17
20:30:21.0332 4940 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0332 4940 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0332 4940 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0332 4940 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0332 4940 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0332 4940 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0332 4940 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0332 4940 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0332 4940 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0332 4940 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 ithsgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 ithsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 lilsgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 lilsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0348 4940 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0348 4940 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0363 4940 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0363 4940 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0363 4940 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0363 4940 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:21.0363 4940 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:21.0363 4940 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß, Geralt |
|
21.10.2012, 11:45
| #36 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Warten Sie während Verbindung hergestellt wird - Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Warten Sie während Verbindung hergestellt wird - Trojaner |
|
21.10.2012, 19:42
| #37 |
| | Warten Sie während Verbindung hergestellt wird - Trojaner Hey cosinus! Mir ist leider etwas ganz blödes passiert. Meine Cousine hat den PC ausgeschaltet als ich nicht daheim war und jetzt ist alles wieder wie ganz am Anfang. Es tut mir sehr leid, dass dadurch unnötig zusätzliche Arbeit erzeugt wird. Ich wäre dir sehr verbunden, wenn du mir dennoch weiterhelfen würdest. (Ich bin zum Glück schon bisschen routiniert, mit dem erstellen der Logs und dem fixing.) Also: Soll ich gleich mal ein neues OTL-Log erstellen oder reicht dir das letzte? Besten Dank! Gruß, Geralt |
|
22.10.2012, 09:38
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Warten Sie während Verbindung hergestellt wird - Trojaner Wann hat sie ihn ausgeschaltet? Als CF noch lief?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 16:26
| #39 |
| | Warten Sie während Verbindung hergestellt wird - Trojaner Nein mit cf habe ich mich noch garnicht befasst... Ausgeschaltet wurde er ein Tag nachdem ich das kasperskytool gestartet habe. Ich habe ihn die ganzen Tage angelassen weil ich eben Angst hatte, dass dann wieder alles weg ist, wenn ich ihn ausschalte. (außer wenn er halt neu gestartet werden musste wegen OTL-Log und so..) Gruß, Geralt |
|
22.10.2012, 18:34
| #40 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Warten Sie während Verbindung hergestellt wird - Trojaner Das hilft mir so irgendwie nicht weiter Was genau wurde mit dem Rechner denn gemacht als er ausgeschaltet wurde Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 20:13
| #41 | |
| | Warten Sie während Verbindung hergestellt wird - TrojanerZitat:
Gruß, Geralt |
|
23.10.2012, 15:49
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Warten Sie während Verbindung hergestellt wird - Trojaner Dann mach bitte erstmal ein neues OTL-Log im abgesicherten Modus, normales Log also kein CustomScan reicht erstmal: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2012, 21:49
| #43 |
| | Warten Sie während Verbindung hergestellt wird - Trojaner Hallo Also hier ist das OTL.txt Code:
ATTFilter OTL logfile created on: 26.10.2012 22:32:57 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 87,91% Memory free 3,85 Gb Paging File | 3,79 Gb Available in Paging File | 98,44% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 379,40 Gb Free Space | 81,46% Space Free | Partition Type: NTFS Drive I: | 3,64 Gb Total Space | 3,63 Gb Free Space | 99,87% Space Free | Partition Type: FAT32 Computer Name: TONI | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA) SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (SenFiltService) -- system32\drivers\Senfilt.sys File not found DRV - (PxHelp20) -- System32\Drivers\PxHelp20.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (Changer) -- File not found DRV - (AEAudioService) -- system32\drivers\AEAudio.sys File not found DRV - (ADIHdAudAddService) -- system32\drivers\ADIHdAud.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys () DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys () DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (s1029unic) -- C:\WINDOWS\system32\drivers\s1029unic.sys (MCCI Corporation) DRV - (s1029mdm) -- C:\WINDOWS\system32\drivers\s1029mdm.sys (MCCI Corporation) DRV - (s1029bus) -- C:\WINDOWS\system32\drivers\s1029bus.sys (MCCI Corporation) DRV - (s1029mdfl) -- C:\WINDOWS\system32\drivers\s1029mdfl.sys (MCCI Corporation) DRV - (s1029mgmt) -- C:\WINDOWS\system32\drivers\s1029mgmt.sys (MCCI Corporation) DRV - (s1029obex) -- C:\WINDOWS\system32\drivers\s1029obex.sys (MCCI Corporation) DRV - (s1029nd5) -- C:\WINDOWS\system32\drivers\s1029nd5.sys (MCCI Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation) DRV - (sfvfs02) -- C:\WINDOWS\system32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-343818398-1303643608-725345543-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-343818398-1303643608-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-343818398-1303643608-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Seekmo@Seekmo.com: C:\Programme\Seekmo\bin\10.0.424.0\firefox\extensions FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.17 19:29:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.27 21:34:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.10.11 12:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.08.13 13:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.17 19:29:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.13 14:44:51 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 14:44:51 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.13 14:44:51 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 14:44:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 14:44:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 14:44:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.17 21:51:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [K3aRyluP6SiCkoR] C:\Dokumente und Einstellungen\***\Anwendungsdaten\flint4ytw.exe File not found O4 - HKLM..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-343818398-1303643608-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\flint4ytw.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\flint4ytw.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.12.04 17:27:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 360 Days ========== [2012.10.14 21:06:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.11 18:07:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.10.11 12:53:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads [2012.10.11 12:53:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla [2012.10.11 12:53:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla [2012.10.10 22:52:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2012.10.10 14:26:18 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2012.02.22 15:40:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF24 [2012.02.22 15:40:26 | 000,000,000 | ---D | C] -- C:\Programme\PDF24 [2012.02.22 15:33:00 | 000,000,000 | ---D | C] -- C:\JPGToPDF [2012.02.22 15:33:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JPGToPDF [2012.01.08 19:36:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2011.12.16 20:16:25 | 000,000,000 | ---D | C] -- C:\Programme\3432E [2011.12.09 01:26:21 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\eax.dll [2011.12.09 01:26:21 | 000,000,000 | ---D | C] -- C:\Programme\Creative [2011.11.28 00:24:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2011.11.22 16:27:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar [2011.11.22 15:09:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Citavi 3 [2011.11.22 15:08:49 | 000,000,000 | ---D | C] -- C:\Programme\Citavi 3 [2011.11.22 14:52:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software [2011.11.20 08:12:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe [2004.07.09 04:08:36 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Programme\dxsetup.exe [2004.07.09 04:08:34 | 002,242,560 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll [2004.07.09 03:03:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll ========== Files - Modified Within 360 Days ========== [2012.10.26 22:29:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.10.26 22:28:25 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.26 22:28:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.22 23:31:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2012.10.22 23:24:10 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.21 20:02:25 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.20 23:35:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.10.18 23:50:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.18 19:31:07 | 000,158,748 | ---- | M] () -- C:\WINDOWS\hpoins15.dat [2012.10.18 19:31:06 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Photosmart C4200 series.job [2012.10.17 21:51:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012.10.11 18:17:24 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\otl text [2012.10.09 18:28:51 | 000,462,764 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.09 18:28:51 | 000,444,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.09 18:28:51 | 000,086,122 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.09 18:28:51 | 000,072,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.02.22 15:40:32 | 000,001,495 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk [2012.02.22 15:40:32 | 000,001,480 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Fax.lnk [2012.02.22 15:33:00 | 000,000,491 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\JPG To PDF.lnk [2012.02.17 16:57:41 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.17 01:22:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.01.12 19:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012.01.12 19:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2012.01.11 21:06:33 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.11 21:06:33 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.01.03 17:31:02 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.12.18 15:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2011.12.17 21:43:23 | 005,979,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2011.12.17 21:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2011.12.17 21:43:23 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2011.12.17 21:43:23 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2011.12.17 21:43:23 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2011.12.17 21:43:23 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2011.12.17 21:43:23 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2011.12.17 21:43:23 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2011.12.17 21:43:23 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2011.12.17 21:43:23 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2011.12.17 21:43:23 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2011.12.17 21:43:23 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2011.12.17 21:43:23 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2011.12.17 21:43:23 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2011.12.17 21:43:23 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2011.12.17 21:43:23 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2011.12.17 21:43:23 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll [2011.12.17 21:43:23 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll [2011.12.17 21:43:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2011.12.17 21:43:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2011.12.17 21:43:22 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2011.12.17 21:43:22 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2011.12.17 21:43:22 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2011.12.17 21:43:22 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2011.12.17 21:43:22 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2011.12.16 14:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2011.12.16 14:22:58 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2011.12.15 04:02:18 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2011.11.25 23:57:03 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll [2011.11.25 23:57:03 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll [2011.11.20 08:12:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe [2011.11.20 08:12:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe [2011.11.16 16:21:44 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll [2011.11.16 16:21:44 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll [2011.11.03 17:28:30 | 001,297,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll [2011.11.03 17:28:30 | 000,387,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll ========== Files Created - No Company Name ========== [2012.10.18 19:31:06 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Photosmart C4200 series.job [2012.10.11 18:17:24 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\otl text [2012.02.22 15:40:32 | 000,001,495 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk [2012.02.22 15:40:32 | 000,001,480 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Fax.lnk [2012.02.22 15:33:00 | 000,000,491 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\JPG To PDF.lnk [2012.02.16 20:45:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.16 20:45:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2011.12.09 01:25:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.12.09 00:48:45 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe [2011.08.13 13:48:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.07.08 21:07:44 | 000,021,052 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011.07.08 21:07:44 | 000,015,144 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011.07.08 21:07:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2011.07.02 16:47:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011.05.26 23:50:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.09 14:44:49 | 000,089,223 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2011.05.09 14:44:49 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2011.04.12 18:15:24 | 000,000,105 | ---- | C] () -- C:\WINDOWS\NovaBackup.INI [2010.12.30 02:16:41 | 000,085,752 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.12.27 19:55:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.12.27 19:55:03 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.12.15 19:55:21 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys [2010.12.15 19:55:21 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys [2008.02.26 11:38:33 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2004.07.22 10:51:34 | 003,432,656 | ---- | C] () -- C:\Programme\ManagedDX.CAB [2004.07.19 22:58:36 | 001,156,363 | ---- | C] () -- C:\Programme\BDANT.cab [2004.07.19 22:53:26 | 000,976,020 | ---- | C] () -- C:\Programme\BDAXP.cab [2004.07.09 14:17:16 | 013,265,040 | ---- | C] () -- C:\Programme\dxnt.cab [2004.07.09 09:13:48 | 015,493,481 | ---- | C] () -- C:\Programme\DirectX.cab [2004.07.09 09:13:46 | 000,703,080 | ---- | C] () -- C:\Programme\BDA.cab ========== ZeroAccess Check ========== [2008.11.23 21:55:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.10.2012 22:32:57 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 87,91% Memory free
3,85 Gb Paging File | 3,79 Gb Available in Paging File | 98,44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 379,40 Gb Free Space | 81,46% Space Free | Partition Type: NTFS
Drive I: | 3,64 Gb Total Space | 3,63 Gb Free Space | 99,87% Space Free | Partition Type: FAT32
Computer Name: TONI | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Warcraft III\Warcraft III.exe" = C:\Programme\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\FrostWire\FrostWire.exe" = C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC
"C:\Programme\TrackMania Original Demo\TmOriginalDemo.exe" = C:\Programme\TrackMania Original Demo\TmOriginalDemo.exe:*:Enabled:TmOriginalDemo
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\Firefly Studios\Stronghold\Stronghold.exe" = C:\Programme\Firefly Studios\Stronghold\Stronghold.exe:*:Enabled:Stronghold -- ()
"C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\theHunter\launcher\launcher.exe" = C:\Programme\theHunter\launcher\launcher.exe:*:Enabled:theHunter Launcher -- ()
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader Extreme -- ( )
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B65C841-EC48-4087-8021-6DBB9C1DE5E6}" = 3200
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6CA1CD8C-2D65-491E-9467-00A3ACA4A0A9}" = Tropico 3
"{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.0
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPIF215 USB to SATA Bridge 98 Driver Installer
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C39BB4FF-70DD-419C-8892-631F81A52BEB}" = Alexander - Die Stunde Der Helden
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EAX Unified" = EAX Unified
"FrostWire" = FrostWire 4.17.0
"GamersFirst War Rock" = War Rock
"Gothic-Patch 1.07c" = Gothic-Patch 1.07c
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"JPG To PDF_is1" = JPG To PDF 2.2.1
"Mafia" = Mafia
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Shop for HP Supplies" = Shop for HP Supplies
"theHunter" = theHunter (remove only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 19.10.2012 14:28:49 | Computer Name = TONI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
[ System Events ]
Error - 21.10.2012 13:55:46 | Computer Name = TONI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 21.10.2012 13:57:07 | Computer Name = TONI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AmdK8 avgio avipbb Fips ssmdrv
Error - 21.10.2012 14:01:02 | Computer Name = TONI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 22.10.2012 17:21:16 | Computer Name = TONI | Source = DCOM | ID = 10010
Description = Der Server "{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.10.2012 17:56:46 | Computer Name = TONI | Source = DCOM | ID = 10010
Description = Der Server "{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 26.10.2012 16:28:40 | Computer Name = TONI | Source = sfsync02 | ID = 262156
Description =
Error - 26.10.2012 16:28:49 | Computer Name = TONI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 26.10.2012 16:30:09 | Computer Name = TONI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AmdK8 avgio avipbb Fips ssmdrv
Error - 26.10.2012 16:30:35 | Computer Name = TONI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 26.10.2012 16:36:01 | Computer Name = TONI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
Geralt |
|
27.10.2012, 14:28
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Warten Sie während Verbindung hergestellt wird - Trojaner Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
C:\Programme\3432E\*. /s
%systemdrive%\*.
%allusersprofile%\*. /s
%allusersprofile%\Application Data\*. /s
%appdata%\*. /s
%systemroot%\system32\*. /s
%systemroot%\system32\drivers\*. /s
%systemroot%\System32\config\*. /s
%systemroot%\*. /mp /s
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2012, 16:53
| #45 |
| | Warten Sie während Verbindung hergestellt wird - Trojaner Leider ist das OTL.txt zu lang um es zu posten. Soll ich es einfach in 2 Posts posten oder geht das nicht? |
|
| Themen zu Warten Sie während Verbindung hergestellt wird - Trojaner |
| bildschirm, computer, einfach, eingefroren, forum, gen, hintergrund, internet, kleine, klicke, kommt wieder, laptop, lösung, namen, neue, neuen, nicht mehr, nichts, pcs, please, please wait, problem, probleme, tippen, trojaner, trojaner-board, verbindung, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
