| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.11.2012, 16:43
| #16 |
 |  Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniertCode:
ATTFilter # AdwCleaner v2.007 - Datei am 08/11/2012 um 16:41:56 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - EVIBOX
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [893 octets] - [08/11/2012 16:41:56]
########## EOF - C:\AdwCleaner[S1].txt - [952 octets] ##########
|
|
08.11.2012, 17:08
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert Wiesi warst du erst so ungeduldig und lässt dir dann auf einmal über 2 Wochen Zeit mit der Antwort?
__________________  Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
|
08.11.2012, 18:30
| #18 |
| | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert ja, es gab bei uns einen Familiären Zwischenfall und ich fühlte mich dann nicht in der Lage das sofort weiterzuführen...
__________________GMER Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-08 18:29:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD300LD rev.WK100-12
Running: dwq56kqg.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uxtdapoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB1641CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB1641BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB1642160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB164208A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB1641782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB1641C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB16416C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB1641726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB1641DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB164222E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB1641D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB1641EE6]
INT 0x62 ? 8A687CB8
INT 0x63 ? 8A43DCB8
INT 0x73 ? 8A43DCB8
INT 0x73 ? 8A43DCB8
INT 0x82 ? 8A687CB8
INT 0xA4 ? 8A43DCB8
INT 0xB4 ? 8A43DCB8
---- Kernel code sections - GMER 1.0.15 ----
.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75B2B2E]
.text USBPORT.SYS!DllUnload B9E6B8AC 5 Bytes JMP 8A43D1C8
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9D3AF80]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 01172B92 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0141A3C3 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0141A3A0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 0B40EAB5
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 0B410045
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 012F14FA C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 0B40FE83
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 0B40FAF9
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 0B40FDA8
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 0B40FF5E
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] GDI32.dll!TextOutW 77EF7EAC 5 Bytes JMP 0B40FCDC
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] GDI32.dll!ExtTextOutW 77EF8086 5 Bytes JMP 0B410210
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 0141A321 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] GDI32.dll!TextOutA 77EFBA4F 5 Bytes JMP 0B40FC10
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] GDI32.dll!ExtTextOutA 77EFD3FA 5 Bytes JMP 0B41012C
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] GDI32.dll!GetGlyphIndicesA 77F1DFE3 5 Bytes JMP 0B4105D0
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] GDI32.dll!GetGlyphIndicesW 77F32604 5 Bytes JMP 0B41069D
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 0B40E5FB
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 0B40FA52
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!send 71A14C27 5 Bytes JMP 0B40F5C7
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 0B40F7EE
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!gethostbyname 71A15355 5 Bytes JMP 0B40E53A
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!recv 71A1676F 5 Bytes JMP 0B40F66C
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0B40F71A
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WS2_32.dll!WSAAsyncGetHostByName 71A1E99D 5 Bytes JMP 0B40E9D6
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WININET.dll!InternetCrackUrlW 408B40C0 5 Bytes JMP 0B410AAC
.text C:\Programme\Mozilla Firefox\firefox.exe[1588] WININET.dll!InternetCrackUrlA 408D4948 5 Bytes JMP 0B410963
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74BE232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F74BD730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F74BDF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74BD730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74BD914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74BD856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74BE0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74BDF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A43D2F8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74D1EB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[900] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[900] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6861E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{D040DB06-F739-4230-AE82-D402ACEB262C} 89FB51E8
Device \Driver\usbuhci \Device\USBPDO-0 8A43B1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A43B1E8
Device \Driver\usbuhci \Device\USBPDO-2 8A43B1E8
Device \Driver\usbuhci \Device\USBPDO-3 8A43B1E8
Device \Driver\usbehci \Device\USBPDO-4 8A4CE1E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Cdrom \Device\CdRom0 8A4BA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 8A4BA1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89FB51E8
Device \Driver\NetBT \Device\NetbiosSmb 89FB51E8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{38788432-CA12-46E8-99C5-2E8CFAFAA284} 89FB51E8
Device \Driver\usbuhci \Device\USBFDO-0 8A43B1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A43B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A41B1E8
Device \Driver\usbuhci \Device\USBFDO-2 8A43B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A41B1E8
Device \Driver\usbuhci \Device\USBFDO-3 8A43B1E8
Device \Driver\usbehci \Device\USBFDO-4 8A4CE1E8
Device \FileSystem\Cdfs \Cdfs 8A4191E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0x17 0xC5 0x0E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0xD3 0xCE 0xE5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD3 0x10 0x1E 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0x17 0xC5 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0xD3 0xCE 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD3 0x10 0x1E 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0x17 0xC5 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0xD3 0xCE 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD3 0x10 0x1E 0x15 ...
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe.part (size mismatch) 2477652/4542036 bytes executable
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Temporäres Verzeichnis 3 für femaleadult03644-03648.zip\Peggy_Clo080314_pegy057_pur_73j\Peggy_Clo080314_pegy061_black_6yd\Peggy_Clo080314_pegy059_pink_3je\Peggy_Clo080314_pegy060_white_3jr\Peggy_Clo080314_pegy060_white.packa 388025 bytes
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Temporäres Verzeichnis 4 für femaleadult03644-03648.zip\Peggy_Clo080314_pegy057_pur_73j\Peggy_Clo080314_pegy061_black_6yd\Peggy_Clo080314_pegy059_pink_3je\Peggy_Clo080314_pegy060_white_3jr\Peggy_Clo080314_pegy060_white.packa 388025 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-08 18:30:02
-----------------------------
18:30:02.859 OS Version: Windows 5.1.2600 Service Pack 3
18:30:02.859 Number of processors: 2 586 0x401
18:30:02.859 ComputerName: EVIBOX UserName:
18:30:03.250 Initialize success
18:30:03.531 AVAST engine defs: 11090101
18:31:01.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:31:01.421 Disk 0 Vendor: SAMSUNG_HD300LD WK100-12 Size: 286168MB BusType: 3
18:31:01.468 Disk 0 MBR read successfully
18:31:01.468 Disk 0 MBR scan
18:31:01.546 Disk 0 Windows XP default MBR code
18:31:01.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 51199 MB offset 63
18:31:01.593 Disk 0 Partition - 00 0F Extended LBA 234958 MB offset 104856255
18:31:01.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 234958 MB offset 104856318
18:31:01.671 Disk 0 scanning sectors +586051200
18:31:04.343 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:51.187 Service scanning
18:32:01.171 Modules scanning
18:32:51.390 Disk 0 trace - called modules:
18:32:51.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
18:32:51.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b7ab8]
18:32:51.453 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a5ba9e8]
18:32:51.468 5 ACPI.sys[f7492620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5bad98]
18:32:51.468 \Driver\atapi[0x8a615d20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7717d60]
18:32:51.781 AVAST engine scan C:\WINDOWS
18:33:22.250 AVAST engine scan C:\WINDOWS\system32
18:43:06.015 AVAST engine scan C:\WINDOWS\system32\drivers
18:44:10.687 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
18:58:03.718 AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:01:40.234 Scan finished successfully
19:27:55.812 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
19:27:55.828 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"
Geändert von Mayourisan (08.11.2012 um 19:30 Uhr) |
|
08.11.2012, 20:29
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.11.2012, 21:00
| #20 |
| | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert hier der Log Code:
ATTFilter 20:57:15.0953 2520 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:57:16.0109 2520 ============================================================
20:57:16.0109 2520 Current date / time: 2012/11/08 20:57:16.0109
20:57:16.0109 2520 SystemInfo:
20:57:16.0109 2520
20:57:16.0109 2520 OS Version: 5.1.2600 ServicePack: 3.0
20:57:16.0109 2520 Product type: Workstation
20:57:16.0109 2520 ComputerName: EVIBOX
20:57:16.0109 2520 UserName: Administrator
20:57:16.0109 2520 Windows directory: C:\WINDOWS
20:57:16.0109 2520 System windows directory: C:\WINDOWS
20:57:16.0109 2520 Processor architecture: Intel x86
20:57:16.0109 2520 Number of processors: 2
20:57:16.0109 2520 Page size: 0x1000
20:57:16.0109 2520 Boot type: Normal boot
20:57:16.0109 2520 ============================================================
20:57:17.0218 2520 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:57:17.0218 2520 ============================================================
20:57:17.0218 2520 \Device\Harddisk0\DR0:
20:57:17.0218 2520 MBR partitions:
20:57:17.0218 2520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x63FFA80
20:57:17.0234 2520 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x63FFAFE, BlocksNum 0x1CAE7382
20:57:17.0234 2520 ============================================================
20:57:17.0250 2520 C: <-> \Device\Harddisk0\DR0\Partition1
20:57:17.0281 2520 D: <-> \Device\Harddisk0\DR0\Partition2
20:57:17.0281 2520 ============================================================
20:57:17.0281 2520 Initialize success
20:57:17.0281 2520 ============================================================
20:57:39.0500 2692 ============================================================
20:57:39.0500 2692 Scan started
20:57:39.0500 2692 Mode: Manual; SigCheck; TDLFS;
20:57:39.0500 2692 ============================================================
20:57:40.0000 2692 ================ Scan system memory ========================
20:57:40.0000 2692 System memory - ok
20:57:40.0000 2692 ================ Scan services =============================
20:57:40.0156 2692 [ 8D488938E2F7048906F1FBD3AF394887 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:57:40.0328 2692 Aavmker4 - ok
20:57:40.0343 2692 Abiosdsk - ok
20:57:40.0359 2692 abp480n5 - ok
20:57:40.0390 2692 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:57:40.0609 2692 ACPI - ok
20:57:40.0640 2692 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:57:40.0765 2692 ACPIEC - ok
20:57:40.0812 2692 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
20:57:40.0843 2692 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
20:57:40.0843 2692 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
20:57:40.0906 2692 [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:57:40.0921 2692 AdobeFlashPlayerUpdateSvc - ok
20:57:40.0937 2692 adpu160m - ok
20:57:40.0968 2692 [ 6803453F3FF53CF353CDBEF5FFAA8B7E ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
20:57:41.0000 2692 aeaudio - ok
20:57:41.0031 2692 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:57:41.0156 2692 aec - ok
20:57:41.0187 2692 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:57:41.0234 2692 AFD - ok
20:57:41.0250 2692 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:57:41.0359 2692 agp440 - ok
20:57:41.0375 2692 Aha154x - ok
20:57:41.0375 2692 aic78u2 - ok
20:57:41.0390 2692 aic78xx - ok
20:57:41.0406 2692 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:57:41.0593 2692 Alerter - ok
20:57:41.0625 2692 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:57:41.0734 2692 ALG - ok
20:57:41.0734 2692 AliIde - ok
20:57:41.0750 2692 amsint - ok
20:57:41.0781 2692 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:57:41.0906 2692 AppMgmt - ok
20:57:41.0906 2692 asc - ok
20:57:41.0921 2692 asc3350p - ok
20:57:41.0921 2692 asc3550 - ok
20:57:42.0031 2692 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:57:42.0046 2692 aspnet_state - ok
20:57:42.0062 2692 [ A0D86B8AC93EF95620420C7A24AC5344 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:57:42.0062 2692 aswFsBlk - ok
20:57:42.0078 2692 [ 7D880C76A285A41284D862E2D798EC0D ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:57:42.0093 2692 aswMon2 - ok
20:57:42.0109 2692 [ 69823954BBD461A73D69774928C9737E ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
20:57:42.0125 2692 aswRdr - ok
20:57:42.0140 2692 [ 7ECC2776638B04553F9A85BD684C3ABF ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:57:42.0156 2692 aswSP - ok
20:57:42.0171 2692 [ 095ED820A926AA8189180B305E1BCFC9 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:57:42.0187 2692 aswTdi - ok
20:57:42.0218 2692 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:57:42.0328 2692 AsyncMac - ok
20:57:42.0375 2692 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:57:42.0593 2692 atapi - ok
20:57:42.0593 2692 Atdisk - ok
20:57:42.0640 2692 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:57:42.0718 2692 Ati HotKey Poller - ok
20:57:42.0750 2692 [ 1A73F763DFAD0CA36DBB45BBE1AB66E5 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
20:57:42.0796 2692 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
20:57:42.0796 2692 ATI Smart - detected UnsignedFile.Multi.Generic (1)
20:57:42.0843 2692 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:57:42.0906 2692 ati2mtag - ok
20:57:42.0921 2692 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:57:43.0046 2692 Atmarpc - ok
20:57:43.0078 2692 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:57:43.0218 2692 AudioSrv - ok
20:57:43.0234 2692 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:57:43.0359 2692 audstub - ok
20:57:43.0421 2692 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
20:57:43.0421 2692 avast! Antivirus - ok
20:57:43.0437 2692 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Mail Scanner C:\Programme\Alwil Software\Avast5\AvastSvc.exe
20:57:43.0437 2692 avast! Mail Scanner - ok
20:57:43.0453 2692 [ ACB544D7254F366DFB48F380BC36CD25 ] avast! Web Scanner C:\Programme\Alwil Software\Avast5\AvastSvc.exe
20:57:43.0468 2692 avast! Web Scanner - ok
20:57:43.0484 2692 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
20:57:43.0500 2692 BANTExt ( UnsignedFile.Multi.Generic ) - warning
20:57:43.0500 2692 BANTExt - detected UnsignedFile.Multi.Generic (1)
20:57:43.0531 2692 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:57:43.0703 2692 Beep - ok
20:57:43.0734 2692 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:57:43.0890 2692 BITS - ok
20:57:43.0906 2692 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
20:57:44.0046 2692 Browser - ok
20:57:44.0062 2692 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:57:44.0203 2692 cbidf2k - ok
20:57:44.0203 2692 cd20xrnt - ok
20:57:44.0234 2692 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:57:44.0375 2692 Cdaudio - ok
20:57:44.0406 2692 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:57:44.0531 2692 Cdfs - ok
20:57:44.0546 2692 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:57:44.0718 2692 Cdrom - ok
20:57:44.0734 2692 Changer - ok
20:57:44.0750 2692 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:57:44.0875 2692 CiSvc - ok
20:57:44.0906 2692 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:57:45.0015 2692 ClipSrv - ok
20:57:45.0078 2692 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:57:45.0093 2692 clr_optimization_v2.0.50727_32 - ok
20:57:45.0125 2692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:57:45.0140 2692 clr_optimization_v4.0.30319_32 - ok
20:57:45.0140 2692 CmdIde - ok
20:57:45.0156 2692 COMSysApp - ok
20:57:45.0156 2692 Cpqarray - ok
20:57:45.0187 2692 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:57:45.0312 2692 CryptSvc - ok
20:57:45.0343 2692 [ BD6C9E685505859C4B33CEE8FDDA6870 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:57:45.0375 2692 ctsfm2k - ok
20:57:45.0406 2692 [ AFFBB19B6B53616F10B3E2A13BCEDC63 ] CTSFSYN C:\WINDOWS\system32\drivers\ctsfsyn.sys
20:57:45.0437 2692 CTSFSYN - ok
20:57:45.0437 2692 dac2w2k - ok
20:57:45.0453 2692 dac960nt - ok
20:57:45.0484 2692 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:57:45.0546 2692 DcomLaunch - ok
20:57:45.0578 2692 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:57:45.0765 2692 Dhcp - ok
20:57:45.0796 2692 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:57:45.0921 2692 Disk - ok
20:57:45.0921 2692 dmadmin - ok
20:57:45.0968 2692 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:57:46.0125 2692 dmboot - ok
20:57:46.0140 2692 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:57:46.0265 2692 dmio - ok
20:57:46.0281 2692 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:57:46.0421 2692 dmload - ok
20:57:46.0453 2692 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:57:46.0578 2692 dmserver - ok
20:57:46.0609 2692 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:57:46.0796 2692 DMusic - ok
20:57:46.0843 2692 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:57:46.0875 2692 Dnscache - ok
20:57:46.0906 2692 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:57:47.0031 2692 Dot3svc - ok
20:57:47.0031 2692 dpti2o - ok
20:57:47.0062 2692 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:57:47.0187 2692 drmkaud - ok
20:57:47.0218 2692 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:57:47.0328 2692 EapHost - ok
20:57:47.0359 2692 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:57:47.0484 2692 ERSvc - ok
20:57:47.0515 2692 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:57:47.0546 2692 Eventlog - ok
20:57:47.0578 2692 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
20:57:47.0625 2692 EventSystem - ok
20:57:47.0656 2692 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:57:47.0859 2692 Fastfat - ok
20:57:47.0890 2692 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:57:47.0921 2692 FastUserSwitchingCompatibility - ok
20:57:47.0937 2692 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:57:48.0062 2692 Fdc - ok
20:57:48.0078 2692 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:57:48.0203 2692 Fips - ok
20:57:48.0218 2692 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:57:48.0343 2692 Flpydisk - ok
20:57:48.0359 2692 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:57:48.0484 2692 FltMgr - ok
20:57:48.0531 2692 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:57:48.0546 2692 FontCache3.0.0.0 - ok
20:57:48.0562 2692 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:57:48.0703 2692 Fs_Rec - ok
20:57:48.0734 2692 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:57:48.0906 2692 Ftdisk - ok
20:57:48.0937 2692 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:57:49.0062 2692 gameenum - ok
20:57:49.0078 2692 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:57:49.0203 2692 Gpc - ok
20:57:49.0250 2692 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:57:49.0375 2692 helpsvc - ok
20:57:49.0375 2692 HidServ - ok
20:57:49.0406 2692 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:57:49.0546 2692 HidUsb - ok
20:57:49.0562 2692 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:57:49.0687 2692 hkmsvc - ok
20:57:49.0687 2692 hpn - ok
20:57:49.0718 2692 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:57:49.0828 2692 HPZid412 - ok
20:57:49.0843 2692 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:57:49.0890 2692 HPZipr12 - ok
20:57:49.0921 2692 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:57:49.0953 2692 HPZius12 - ok
20:57:49.0984 2692 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:57:50.0015 2692 HTTP - ok
20:57:50.0046 2692 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:57:50.0171 2692 HTTPFilter - ok
20:57:50.0171 2692 i2omgmt - ok
20:57:50.0187 2692 i2omp - ok
20:57:50.0187 2692 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:57:50.0312 2692 i8042prt - ok
20:57:50.0375 2692 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:57:50.0390 2692 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:57:50.0390 2692 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:57:50.0453 2692 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:57:50.0515 2692 idsvc - ok
20:57:50.0546 2692 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:57:50.0671 2692 Imapi - ok
20:57:50.0703 2692 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
20:57:50.0843 2692 ImapiService - ok
20:57:50.0859 2692 ini910u - ok
20:57:50.0890 2692 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:57:51.0046 2692 IntelIde - ok
20:57:51.0078 2692 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:57:51.0203 2692 intelppm - ok
20:57:51.0218 2692 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:57:51.0343 2692 Ip6Fw - ok
20:57:51.0375 2692 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:57:51.0500 2692 IpFilterDriver - ok
20:57:51.0515 2692 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:57:51.0640 2692 IpInIp - ok
20:57:51.0656 2692 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:57:51.0796 2692 IpNat - ok
20:57:51.0828 2692 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:57:52.0015 2692 IPSec - ok
20:57:52.0031 2692 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:57:52.0156 2692 IRENUM - ok
20:57:52.0187 2692 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:57:52.0312 2692 isapnp - ok
20:57:52.0406 2692 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
20:57:52.0421 2692 JavaQuickStarterService - ok
20:57:52.0437 2692 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:57:52.0562 2692 Kbdclass - ok
20:57:52.0593 2692 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:57:52.0718 2692 kmixer - ok
20:57:52.0750 2692 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:57:52.0796 2692 KSecDD - ok
20:57:52.0828 2692 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:57:52.0859 2692 lanmanserver - ok
20:57:52.0890 2692 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:57:52.0937 2692 lanmanworkstation - ok
20:57:52.0937 2692 lbrtfdc - ok
20:57:52.0968 2692 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:57:53.0140 2692 LmHosts - ok
20:57:53.0171 2692 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:57:53.0343 2692 Messenger - ok
20:57:53.0375 2692 [ 63C34814492AA65FC517B002DE77B191 ] MidiSyn C:\WINDOWS\system32\drivers\MidiSyn.sys
20:57:53.0421 2692 MidiSyn - ok
20:57:53.0468 2692 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:57:53.0625 2692 mnmdd - ok
20:57:53.0656 2692 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:57:53.0843 2692 mnmsrvc - ok
20:57:53.0875 2692 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:57:54.0062 2692 Modem - ok
20:57:54.0078 2692 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:57:54.0296 2692 Mouclass - ok
20:57:54.0328 2692 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:57:54.0531 2692 mouhid - ok
20:57:54.0546 2692 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:57:54.0734 2692 MountMgr - ok
20:57:54.0734 2692 mraid35x - ok
20:57:54.0750 2692 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:57:54.0937 2692 MRxDAV - ok
20:57:54.0984 2692 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:57:55.0046 2692 MRxSmb - ok
20:57:55.0062 2692 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:57:55.0218 2692 MSDTC - ok
20:57:55.0234 2692 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:57:55.0406 2692 Msfs - ok
20:57:55.0421 2692 MSIServer - ok
20:57:55.0437 2692 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:57:55.0656 2692 MSKSSRV - ok
20:57:55.0687 2692 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:57:55.0890 2692 MSPCLOCK - ok
20:57:55.0921 2692 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:57:56.0125 2692 MSPQM - ok
20:57:56.0140 2692 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:57:56.0328 2692 mssmbios - ok
20:57:56.0375 2692 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
20:57:56.0546 2692 ms_mpu401 - ok
20:57:56.0562 2692 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
20:57:56.0578 2692 MTsensor ( UnsignedFile.Multi.Generic ) - warning
20:57:56.0578 2692 MTsensor - detected UnsignedFile.Multi.Generic (1)
20:57:56.0593 2692 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:57:56.0625 2692 Mup - ok
20:57:56.0656 2692 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:57:56.0843 2692 napagent - ok
20:57:56.0875 2692 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:57:57.0093 2692 NDIS - ok
20:57:57.0109 2692 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:57:57.0156 2692 NdisTapi - ok
20:57:57.0203 2692 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:57:57.0390 2692 Ndisuio - ok
20:57:57.0406 2692 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:57:57.0546 2692 NdisWan - ok
20:57:57.0593 2692 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:57:57.0625 2692 NDProxy - ok
20:57:57.0656 2692 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:57:57.0843 2692 NetBIOS - ok
20:57:57.0875 2692 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:57:58.0046 2692 NetBT - ok
20:57:58.0093 2692 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:57:58.0296 2692 NetDDE - ok
20:57:58.0296 2692 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:57:58.0640 2692 NetDDEdsdm - ok
20:57:58.0671 2692 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:57:58.0906 2692 Netlogon - ok
20:57:58.0937 2692 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:57:59.0156 2692 Netman - ok
20:57:59.0187 2692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:57:59.0203 2692 NetTcpPortSharing - ok
20:57:59.0250 2692 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:57:59.0296 2692 Nla - ok
20:57:59.0312 2692 nmwcd - ok
20:57:59.0312 2692 nmwcdc - ok
20:57:59.0328 2692 nmwcdnsu - ok
20:57:59.0359 2692 [ B15E0180C43D8B5219196D76878CC2DD ] NPF C:\WINDOWS\system32\drivers\npf.sys
20:57:59.0390 2692 NPF - ok
20:57:59.0406 2692 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:57:59.0609 2692 Npfs - ok
20:57:59.0625 2692 npggsvc - ok
20:57:59.0656 2692 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:57:59.0890 2692 Ntfs - ok
20:57:59.0890 2692 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:58:00.0093 2692 NtLmSsp - ok
20:58:00.0140 2692 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:58:00.0359 2692 NtmsSvc - ok
20:58:00.0390 2692 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:58:00.0578 2692 Null - ok
20:58:00.0609 2692 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:58:00.0781 2692 NwlnkFlt - ok
20:58:00.0796 2692 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:58:00.0937 2692 NwlnkFwd - ok
20:58:00.0984 2692 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:58:01.0000 2692 ose - ok
20:58:01.0031 2692 [ 5E0BD8B985C2A98CFC1A2C5E0B99BB31 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:58:01.0046 2692 ossrv - ok
20:58:01.0078 2692 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:58:01.0203 2692 Parport - ok
20:58:01.0234 2692 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:58:01.0343 2692 PartMgr - ok
20:58:01.0375 2692 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:58:01.0515 2692 ParVdm - ok
20:58:01.0515 2692 pccsmcfd - ok
20:58:01.0531 2692 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:58:01.0703 2692 PCI - ok
20:58:01.0718 2692 PCIDump - ok
20:58:01.0750 2692 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:58:01.0890 2692 PCIIde - ok
20:58:01.0921 2692 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:58:02.0031 2692 Pcmcia - ok
20:58:02.0031 2692 PDCOMP - ok
20:58:02.0046 2692 PDFRAME - ok
20:58:02.0046 2692 PDRELI - ok
20:58:02.0062 2692 PDRFRAME - ok
20:58:02.0062 2692 perc2 - ok
20:58:02.0078 2692 perc2hib - ok
20:58:02.0109 2692 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:58:02.0140 2692 PlugPlay - ok
20:58:02.0156 2692 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:58:02.0281 2692 PolicyAgent - ok
20:58:02.0312 2692 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:58:02.0437 2692 PptpMiniport - ok
20:58:02.0453 2692 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:58:02.0562 2692 ProtectedStorage - ok
20:58:02.0578 2692 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:58:02.0765 2692 PSched - ok
20:58:02.0765 2692 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:58:02.0906 2692 Ptilink - ok
20:58:02.0937 2692 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:58:02.0953 2692 PxHelp20 - ok
20:58:02.0953 2692 ql1080 - ok
20:58:02.0968 2692 Ql10wnt - ok
20:58:02.0968 2692 ql12160 - ok
20:58:02.0968 2692 ql1240 - ok
20:58:02.0984 2692 ql1280 - ok
20:58:03.0000 2692 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:58:03.0125 2692 RasAcd - ok
20:58:03.0140 2692 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:58:03.0265 2692 RasAuto - ok
20:58:03.0296 2692 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:58:03.0421 2692 Rasl2tp - ok
20:58:03.0453 2692 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:58:03.0578 2692 RasMan - ok
20:58:03.0593 2692 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:58:03.0781 2692 RasPppoe - ok
20:58:03.0781 2692 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:58:03.0937 2692 Raspti - ok
20:58:03.0953 2692 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:58:04.0078 2692 Rdbss - ok
20:58:04.0109 2692 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:58:04.0234 2692 RDPCDD - ok
20:58:04.0281 2692 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:58:04.0406 2692 rdpdr - ok
20:58:04.0437 2692 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:58:04.0468 2692 RDPWD - ok
20:58:04.0500 2692 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:58:04.0625 2692 RDSessMgr - ok
20:58:04.0625 2692 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:58:04.0796 2692 redbook - ok
20:58:04.0828 2692 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:58:04.0953 2692 RemoteAccess - ok
20:58:04.0968 2692 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:58:05.0109 2692 RemoteRegistry - ok
20:58:05.0125 2692 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:58:05.0234 2692 RpcLocator - ok
20:58:05.0265 2692 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:58:05.0312 2692 RpcSs - ok
20:58:05.0328 2692 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:58:05.0468 2692 RSVP - ok
20:58:05.0500 2692 [ DA4980FAD2B7D86D6ED8E35E3874F65E ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
20:58:05.0562 2692 RT73 - ok
20:58:05.0593 2692 [ 20EB79FD0A13A18B70B6731A1285CA94 ] s1039bus C:\WINDOWS\system32\DRIVERS\s1039bus.sys
20:58:05.0609 2692 s1039bus - ok
20:58:05.0640 2692 [ 58780C6C3AD51DA84B57D6AE42DC49CA ] s1039mdfl C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys
20:58:05.0656 2692 s1039mdfl - ok
20:58:05.0671 2692 [ 1FF8B42D1346133A945B52876376ED40 ] s1039mdm C:\WINDOWS\system32\DRIVERS\s1039mdm.sys
20:58:05.0671 2692 s1039mdm - ok
20:58:05.0703 2692 [ F64C13C549CB4732FE99C771FA35D038 ] s1039mgmt C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys
20:58:05.0703 2692 s1039mgmt - ok
20:58:05.0734 2692 [ EC22D9BAA464A892C0637982B67292E6 ] s1039nd5 C:\WINDOWS\system32\DRIVERS\s1039nd5.sys
20:58:05.0734 2692 s1039nd5 - ok
20:58:05.0765 2692 [ 69E9CE002E7249E61FF2EA1336C71D89 ] s1039obex C:\WINDOWS\system32\DRIVERS\s1039obex.sys
20:58:05.0781 2692 s1039obex - ok
20:58:05.0812 2692 [ 482DFB3721A0DE11CC22B439D17C348C ] s1039unic C:\WINDOWS\system32\DRIVERS\s1039unic.sys
20:58:05.0828 2692 s1039unic - ok
20:58:05.0859 2692 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:58:05.0984 2692 SamSs - ok
20:58:06.0125 2692 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA D:\Programme\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\Sandra.sys
20:58:06.0125 2692 SANDRA - ok
20:58:06.0156 2692 [ 6858620E6EF1DF704366ACD45A317AD2 ] SandraAgentSrv D:\Programme\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe
20:58:06.0171 2692 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
20:58:06.0171 2692 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
20:58:06.0218 2692 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:58:06.0343 2692 SCardSvr - ok
20:58:06.0375 2692 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:58:06.0515 2692 Schedule - ok
20:58:06.0546 2692 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:58:06.0656 2692 Secdrv - ok
20:58:06.0687 2692 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:58:06.0812 2692 seclogon - ok
20:58:06.0843 2692 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
20:58:06.0906 2692 senfilt - ok
20:58:06.0937 2692 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:58:07.0062 2692 SENS - ok
20:58:07.0093 2692 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:58:07.0218 2692 serenum - ok
20:58:07.0250 2692 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:58:07.0375 2692 Serial - ok
20:58:07.0375 2692 ServiceLayer - ok
20:58:07.0421 2692 [ 00DE597B81B381053CB5B21A7F20E365 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
20:58:07.0453 2692 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
20:58:07.0453 2692 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
20:58:07.0453 2692 [ 64B9AB76F1B16EB059CB6CDD906C067A ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
20:58:07.0453 2692 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
20:58:07.0453 2692 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
20:58:07.0468 2692 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:58:07.0578 2692 Sfloppy - ok
20:58:07.0609 2692 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
20:58:07.0625 2692 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
20:58:07.0625 2692 sfsync02 - detected UnsignedFile.Multi.Generic (1)
20:58:07.0656 2692 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:58:07.0812 2692 SharedAccess - ok
20:58:07.0828 2692 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:58:07.0859 2692 ShellHWDetection - ok
20:58:07.0859 2692 Simbad - ok
20:58:07.0921 2692 [ CE7EEA6BDC5D608C9580C305CF9D9450 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:58:07.0953 2692 smwdm - ok
20:58:08.0000 2692 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
20:58:08.0031 2692 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
20:58:08.0031 2692 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
20:58:08.0031 2692 Sparrow - ok
20:58:08.0046 2692 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:58:08.0171 2692 splitter - ok
20:58:08.0218 2692 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:58:08.0265 2692 Spooler - ok
20:58:08.0296 2692 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
20:58:08.0328 2692 sptd - ok
20:58:08.0359 2692 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:58:08.0484 2692 sr - ok
20:58:08.0515 2692 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
20:58:08.0640 2692 srservice - ok
20:58:08.0687 2692 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:58:08.0750 2692 Srv - ok
20:58:08.0796 2692 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:58:08.0921 2692 SSDPSRV - ok
20:58:08.0921 2692 StarOpen - ok
20:58:08.0968 2692 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:58:09.0140 2692 stisvc - ok
20:58:09.0156 2692 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:58:09.0265 2692 swenum - ok
20:58:09.0328 2692 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:58:09.0437 2692 swmidi - ok
20:58:09.0437 2692 SwPrv - ok
20:58:09.0453 2692 symc810 - ok
20:58:09.0453 2692 symc8xx - ok
20:58:09.0468 2692 sym_hi - ok
20:58:09.0468 2692 sym_u3 - ok
20:58:09.0484 2692 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:58:09.0625 2692 sysaudio - ok
20:58:09.0640 2692 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:58:09.0765 2692 SysmonLog - ok
20:58:09.0812 2692 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:58:09.0937 2692 TapiSrv - ok
20:58:09.0984 2692 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:58:10.0046 2692 Tcpip - ok
20:58:10.0078 2692 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:58:10.0203 2692 TDPIPE - ok
20:58:10.0218 2692 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:58:10.0343 2692 TDTCP - ok
20:58:10.0375 2692 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:58:10.0500 2692 TermDD - ok
20:58:10.0546 2692 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:58:10.0671 2692 TermService - ok
20:58:10.0703 2692 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:58:10.0718 2692 Themes - ok
20:58:10.0750 2692 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:58:10.0875 2692 TlntSvr - ok
20:58:10.0890 2692 TosIde - ok
20:58:10.0921 2692 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:58:11.0078 2692 TrkWks - ok
20:58:11.0109 2692 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:58:11.0234 2692 Udfs - ok
20:58:11.0234 2692 ultra - ok
20:58:11.0281 2692 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:58:11.0406 2692 Update - ok
20:58:11.0437 2692 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:58:11.0578 2692 upnphost - ok
20:58:11.0578 2692 upperdev - ok
20:58:11.0609 2692 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:58:11.0734 2692 UPS - ok
20:58:11.0781 2692 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:58:11.0906 2692 usbccgp - ok
20:58:11.0921 2692 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:58:12.0062 2692 usbehci - ok
20:58:12.0093 2692 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:58:12.0250 2692 usbhub - ok
20:58:12.0281 2692 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:58:12.0390 2692 usbprint - ok
20:58:12.0406 2692 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:58:12.0515 2692 usbscan - ok
20:58:12.0562 2692 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
20:58:12.0671 2692 usbser - ok
20:58:12.0687 2692 UsbserFilt - ok
20:58:12.0718 2692 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:58:12.0843 2692 USBSTOR - ok
20:58:12.0875 2692 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:58:12.0984 2692 usbuhci - ok
20:58:13.0015 2692 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:58:13.0156 2692 VgaSave - ok
20:58:13.0156 2692 ViaIde - ok
20:58:13.0203 2692 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:58:14.0062 2692 VolSnap - ok
20:58:14.0093 2692 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:58:14.0296 2692 VSS - ok
20:58:14.0343 2692 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
20:58:14.0484 2692 W32Time - ok
20:58:14.0500 2692 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:58:14.0609 2692 Wanarp - ok
20:58:14.0656 2692 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:58:14.0687 2692 Wdf01000 - ok
20:58:14.0703 2692 WDICA - ok
20:58:14.0718 2692 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:58:14.0843 2692 wdmaud - ok
20:58:14.0875 2692 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:58:15.0000 2692 WebClient - ok
20:58:15.0062 2692 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:58:15.0187 2692 winmgmt - ok
20:58:15.0296 2692 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:58:15.0359 2692 wlidsvc - ok
20:58:15.0421 2692 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:58:15.0453 2692 WmdmPmSN - ok
20:58:15.0484 2692 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:58:15.0546 2692 Wmi - ok
20:58:15.0578 2692 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:58:15.0687 2692 WmiApSrv - ok
20:58:15.0765 2692 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
20:58:15.0828 2692 WMPNetworkSvc - ok
20:58:15.0843 2692 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:58:15.0875 2692 WpdUsb - ok
20:58:15.0953 2692 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:58:15.0984 2692 WPFFontCache_v0400 - ok
20:58:16.0015 2692 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:58:16.0140 2692 wscsvc - ok
20:58:16.0171 2692 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:58:16.0375 2692 wuauserv - ok
20:58:16.0421 2692 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:58:16.0468 2692 WudfPf - ok
20:58:16.0484 2692 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:58:16.0515 2692 WudfRd - ok
20:58:16.0531 2692 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:58:16.0562 2692 WudfSvc - ok
20:58:16.0609 2692 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:58:16.0765 2692 WZCSVC - ok
20:58:16.0765 2692 X4HSEx - ok
20:58:16.0796 2692 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:58:16.0953 2692 xmlprov - ok
20:58:16.0984 2692 [ A8D429E2268792638CFFC57552C5E736 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:58:17.0015 2692 yukonwxp ( UnsignedFile.Multi.Generic ) - warning
20:58:17.0015 2692 yukonwxp - detected UnsignedFile.Multi.Generic (1)
20:58:17.0015 2692 ================ Scan global ===============================
20:58:17.0031 2692 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:58:17.0078 2692 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:58:17.0093 2692 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:58:17.0109 2692 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:58:17.0109 2692 [Global] - ok
20:58:17.0109 2692 ================ Scan MBR ==================================
20:58:17.0125 2692 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:58:18.0265 2692 \Device\Harddisk0\DR0 - ok
20:58:18.0265 2692 ================ Scan VBR ==================================
20:58:18.0265 2692 [ 74A121F8E4EEDC102FA860E9F1C461BE ] \Device\Harddisk0\DR0\Partition1
20:58:18.0265 2692 \Device\Harddisk0\DR0\Partition1 - ok
20:58:18.0296 2692 [ DCA87CA84B8F315810F3AD2C4541B924 ] \Device\Harddisk0\DR0\Partition2
20:58:18.0296 2692 \Device\Harddisk0\DR0\Partition2 - ok
20:58:18.0296 2692 ============================================================
20:58:18.0296 2692 Scan finished
20:58:18.0296 2692 ============================================================
20:58:18.0406 3124 Detected object count: 11
20:58:18.0406 3124 Actual detected object count: 11
20:59:13.0250 3124 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0250 3124 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0250 3124 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0250 3124 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0250 3124 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0250 3124 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0250 3124 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0250 3124 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0250 3124 MTsensor ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0250 3124 MTsensor ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0265 3124 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0265 3124 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0265 3124 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0265 3124 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0265 3124 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0265 3124 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0265 3124 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0265 3124 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0265 3124 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0265 3124 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:13.0265 3124 yukonwxp ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:13.0265 3124 yukonwxp ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.11.2012, 21:23
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert Eine Kontrolle mit OTL bitte:
__________________ --> Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert |
|
08.11.2012, 21:48
| #22 |
| | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert ok hier die Log Code:
ATTFilter OTL logfile created on: 08.11.2012 21:44:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,40% Memory free 3,85 Gb Paging File | 2,92 Gb Available in Paging File | 75,93% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 50,00 Gb Total Space | 33,03 Gb Free Space | 66,06% Space Free | Partition Type: NTFS Drive D: | 229,45 Gb Total Space | 147,14 Gb Free Space | 64,13% Space Free | Partition Type: NTFS Computer Name: EVIBOX | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\WINDOWS\system32\FCA\Syslogin.exe (InfoWorks Technology Company) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d558737c\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7ac87082\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f2bd656e\system.xml.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b14cf83f\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_21831d4d\system.dll () MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll () MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll () MOD - C:\WINDOWS\system32\FCA\InfoUtil.dll () MOD - C:\WINDOWS\system32\FCA\infokbl.dll () ========== Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.) SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SandraAgentSrv) -- D:\Programme\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe (SiSoftware) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (X4HSEx) -- C:\Programme\Free Ride Games\X4HSEx.Sys File not found DRV - (WDICA) -- File not found DRV - (uxtdapoc) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uxtdapoc.sys File not found DRV - (UsbserFilt) -- system32\DRIVERS\usbser_lowerfltj.sys File not found DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (StarOpen) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found DRV - (nmwcdnsu) -- system32\drivers\nmwcdnsu.sys File not found DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (aswMBR) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\aswMBR.sys File not found DRV - (amwi4rcj) -- File not found DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys () DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (s1039bus) -- C:\WINDOWS\system32\drivers\s1039bus.sys (MCCI Corporation) DRV - (s1039nd5) -- C:\WINDOWS\system32\drivers\s1039nd5.sys (MCCI Corporation) DRV - (s1039mdm) -- C:\WINDOWS\system32\drivers\s1039mdm.sys (MCCI Corporation) DRV - (s1039unic) -- C:\WINDOWS\system32\drivers\s1039unic.sys (MCCI Corporation) DRV - (s1039mgmt) -- C:\WINDOWS\system32\drivers\s1039mgmt.sys (MCCI Corporation) DRV - (s1039obex) -- C:\WINDOWS\system32\drivers\s1039obex.sys (MCCI Corporation) DRV - (s1039mdfl) -- C:\WINDOWS\system32\drivers\s1039mdfl.sys (MCCI Corporation) DRV - (SANDRA) -- D:\Programme\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\sandra.sys (SiSoftware) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (CTSFSYN) -- C:\WINDOWS\system32\drivers\ctsfsyn.sys (Creative Technology Ltd.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\SearchScopes\{1527A512-06A3-4821-A5AC-57D296E822AC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=244506&p={searchTerms} IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\SearchScopes\{9EA6F631-99BB-4B9F-814D-48252A0DF6EB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0 FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81 FF - prefs.js..extensions.enabledAddons: formhistory@yahoo.com:1.3.0.2 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.15.1.0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=e4da0bfb0000000000000013d4586d72&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Programme\Free Ride Games\npExentCtl.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programme\Sony\Media Go\npmediago.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.21 12:06:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.25 07:29:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.18 07:02:14 | 000,000,000 | ---D | M] [2012.01.06 01:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.11.08 16:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions [2012.06.18 15:09:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.10.21 20:12:31 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2012.07.20 14:44:22 | 000,000,000 | ---D | M] (Form History Control) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\formhistory@yahoo.com [2012.10.21 20:12:30 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\ich@maltegoetz.de [2012.11.08 16:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\staged [2012.10.17 19:59:52 | 000,282,512 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\azhang@cloudacl.com.xpi [2012.10.21 20:12:30 | 000,621,521 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\testpilot@labs.mozilla.com.xpi [2012.10.17 19:59:59 | 000,509,739 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\toolbar@gmx.net.xpi [2012.07.11 03:45:10 | 000,177,357 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2011.12.19 09:04:38 | 000,016,192 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2012.11.08 16:47:34 | 000,189,128 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.02.23 14:28:58 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\searchplugins\11-suche.xml [2012.02.23 14:28:58 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\searchplugins\englische-ergebnisse.xml [2012.02.23 14:28:58 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\searchplugins\gmx-suche.xml [2012.02.23 14:28:58 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\searchplugins\lastminute.xml [2012.02.23 14:28:58 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kmld710h.default\searchplugins\webde-suche.xml [2012.07.10 09:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.25 07:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.06.20 14:59:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.15 14:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll [2012.06.05 23:36:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.05 23:36:57 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.05 23:36:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.05 23:36:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.05 23:36:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.05 23:36:57 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\3.0.40818.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Media Go Detector (Enabled) = C:\Programme\Sony\Media Go\npmediago.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: General Crawler = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2010.12.18 02:38:28 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No CLSID value found. O3 - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No CLSID value found. O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCA\Syslogin.exe (InfoWorks Technology Company) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Programme\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Programme\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Programme\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Programme\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-21-1644491937-583907252-1417001333-500..\Run: [renovator] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search\{F8BDF6DB-FE5A-4547-AD3F-5E348C70A07A}\renovator.exe File not found O4 - HKU\S-1-5-21-1644491937-583907252-1417001333-500..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1644491937-583907252-1417001333-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-583907252-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm File not found O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm File not found O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292636432671 (WUWebControl Class) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38788432-CA12-46E8-99C5-2E8CFAFAA284}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D040DB06-F739-4230-AE82-D402ACEB262C}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.18 01:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7251c59c-4f35-11e0-91d5-0013d4586d72}\Shell - "" = AutoRun O33 - MountPoints2\{7251c59c-4f35-11e0-91d5-0013d4586d72}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7251c59c-4f35-11e0-91d5-0013d4586d72}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{de8b9819-0b66-11e0-91c1-0013d4586d72}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe O33 - MountPoints2\{de8b9819-0b66-11e0-91c1-0013d4586d72}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 21:43:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.08 20:56:56 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2012.11.08 17:19:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe [2012.10.17 19:57:31 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe [2012.10.11 19:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.08 21:47:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.08 21:43:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.08 20:57:09 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Administrator\Desktop\tdsskiller.exe [2012.11.08 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012.11.08 19:59:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012.11.08 19:27:55 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat [2012.11.08 17:20:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe [2012.11.08 17:16:45 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dwq56kqg.exe [2012.11.08 16:43:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.08 16:43:05 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RYAW.job [2012.11.08 16:42:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.08 16:41:33 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.11.08 15:17:07 | 000,570,102 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.08 15:17:07 | 000,541,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.08 15:17:07 | 000,115,146 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.08 15:17:07 | 000,095,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.17 19:57:46 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe [2012.10.12 13:00:05 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012.10.11 19:08:13 | 000,000,772 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.08 19:27:55 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat [2012.11.08 17:16:45 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dwq56kqg.exe [2012.11.08 16:41:32 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.07.27 03:33:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2012.07.14 08:13:09 | 011,632,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sandra.mdb [2012.07.13 06:29:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TS3Patch.lck [2012.06.19 19:36:34 | 000,232,782 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1644491937-583907252-1417001333-500-0.dat [2012.06.19 19:36:33 | 000,232,782 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.05.15 13:25:15 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ogxwvari.sys [2012.04.24 14:21:59 | 000,176,128 | RHS- | C] () -- C:\WINDOWS\System32\exts4.dll [2012.04.23 10:04:57 | 000,000,027 | ---- | C] () -- C:\WINDOWS\msrresmap.dll [2012.04.19 23:53:20 | 000,169,224 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.04.17 14:03:35 | 010,997,760 | ---- | C] ( ) -- C:\WINDOWS\sspro.exe [2012.04.17 14:03:11 | 000,000,304 | ---- | C] () -- C:\WINDOWS\km32hlpr.dll [2012.04.17 14:03:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wnsperf32.dll [2012.04.17 14:03:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stdensrv.dll [2012.04.17 14:03:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\javexisb.dll [2012.04.17 14:03:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\javexisa.dll [2012.04.17 14:03:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cr2gui32.dll [2012.04.17 14:03:10 | 000,003,592 | ---- | C] () -- C:\WINDOWS\memgprep.dll [2012.03.29 19:33:01 | 000,032,758 | ---- | C] () -- C:\WINDOWS\System32\HDMPATH.INI [2012.03.29 19:33:01 | 000,000,463 | ---- | C] () -- C:\WINDOWS\System32\WHDM.INI [2012.03.22 07:05:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.03.03 17:46:09 | 000,134,656 | ---- | C] () -- C:\WINDOWS\System32\vds_date32.dll [2011.12.28 12:32:51 | 000,002,648 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.12.08 21:23:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2011.12.08 21:23:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2011.12.07 10:59:16 | 000,003,461 | ---- | C] () -- C:\WINDOWS\System32\ygfknrqu.dll [2011.12.07 10:59:15 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\vpnbsjla.dll [2011.10.29 16:46:56 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2011.10.20 07:20:07 | 000,088,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\chrtmp [2011.10.17 17:06:25 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.10.17 16:53:29 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI [2011.10.03 13:33:41 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\msibcxord.dll [2011.08.01 14:40:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2011.07.12 08:16:36 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2011.07.10 13:15:59 | 000,001,751 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2011.07.08 11:44:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\Msglixgrx.dll [2011.05.22 11:08:56 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2011.05.14 14:54:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011.05.14 10:33:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011.05.14 10:33:35 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011.05.03 16:37:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.19 16:12:32 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.12 19:04:37 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI [2011.01.12 14:15:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010.12.18 04:48:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.12.18 02:09:52 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.12.18 02:05:53 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2010.12.18 02:05:45 | 000,095,617 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.12.18 01:55:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.12.18 01:55:31 | 000,004,018 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.12.18 01:55:29 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.12.18 01:36:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.12.18 01:31:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.12.18 01:21:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.12.18 01:20:09 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.08.02 12:51:36 | 000,726,234 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Administratorlog.dat ========== ZeroAccess Check ========== [2010.12.18 02:06:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1713795 @Alternate Data Stream - 203 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8927A071 @Alternate Data Stream - 138 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E1982A23 @Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B468194E < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.11.2012 21:44:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,40% Memory free
3,85 Gb Paging File | 2,92 Gb Available in Paging File | 75,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,00 Gb Total Space | 33,03 Gb Free Space | 66,06% Space Free | Partition Type: NTFS
Drive D: | 229,45 Gb Total Space | 147,14 Gb Free Space | 64,13% Space Free | Partition Type: NTFS
Computer Name: EVIBOX | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1644491937-583907252-1417001333-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"Vps" = ËÏÆÈÎ
"Vps45x_mod" = ÏËÑÏÌÑÍÏÎÍ
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58217:TCP" = 58217:TCP:*:Enabled:Pando Media Booster
"58217:UDP" = 58217:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6511:TCP" = 6511:TCP:*:Enabled:Windows Core Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"D:\Spiele\Siedler 3\s3.exe" = D:\Spiele\Siedler 3\s3.exe:*:Enabled:Siedler3
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Giraffic\Giraffic.exe" = C:\Programme\Giraffic\Giraffic.exe:*:Enabled:Giraffic (Agent)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Disabled:Veoh Web Player Beta
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin
"C:\Programme\Sony\Media Go\MediaGo.exe" = C:\Programme\Sony\Media Go\MediaGo.exe:*:Enabled:Media Go
"D:\Programme\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe" = D:\Programme\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"D:\Programme\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\RpcSandraSrv.exe" = D:\Programme\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{16536AE9-7CFB-4BC9-B601-DA59F57D117B}" = WLAN Quick Starter
"{1C4C16A8-3D06-4B15-905A-19B76F9647CD}" = WLAN Monitor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD19F1-C27D-414C-9A1C-2AB803B2C9E5}" = WLAN Quick Starter
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7FE52176-F151-431E-9FCE-55CEDE7DBDAF}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{82680B83-6A0B-4501-9D97-CCE4F9D2BCC8}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86EC42B5-346E-4BAB-948D-58E021EA4BD1}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E0EB79-CB6B-4540-9FC1-3D215CE25AD4}" = Nokia Ovi Suite
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}" = Adobe Flash Player 10 ActiveX
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = Digital Audio MB
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2
"{FD4C3214-C09D-4773-B367-2F3CEF6A8769}" = WLAN Monitor
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoScape" = PhotoScape
"Software Informer_is1" = Software Informer 1.0 BETA
"VLC media player" = VLC media player 2.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.09.2011 14:16:05 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 06:30:19 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 06:42:23 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 09:12:07 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 09:22:43 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 12:22:43 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 02.01.2002 11:17:45 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 02.01.2002 14:17:48 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
[ Application Events ]
Error - 24.09.2011 14:16:05 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 06:30:19 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 06:42:23 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 09:12:07 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 09:22:43 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 01.01.2002 12:22:43 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 02.01.2002 11:17:45 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
Error - 02.01.2002 14:17:48 | Computer Name = EVIBOX | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 08.11.2012 10:15:46 | Computer Name = EVIBOX | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.11.2012 10:15:50 | Computer Name = EVIBOX | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Microsoft XPS
Document Writer, Freigabename Drucker.
Error - 08.11.2012 10:17:13 | Computer Name = EVIBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.11.2012 10:17:13 | Computer Name = EVIBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "X4HSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 08.11.2012 10:32:59 | Computer Name = EVIBOX | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.11.2012 10:33:19 | Computer Name = EVIBOX | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.11.2012 11:43:05 | Computer Name = EVIBOX | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.11.2012 11:44:32 | Computer Name = EVIBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.11.2012 11:44:32 | Computer Name = EVIBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "X4HSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 08.11.2012 13:31:04 | Computer Name = EVIBOX | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
< End of report >
|
|
09.11.2012, 09:59
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1644491937-583907252-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=e4da0bfb0000000000000013d4586d72&q="
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-583907252-1417001333-500\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No CLSID value found.
@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1713795
@Alternate Data Stream - 203 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8927A071
@Alternate Data Stream - 138 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E1982A23
@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B468194E
:Files
C:\WINDOWS\tasks\At*.job
C:\WINDOWS\tasks\RYAW.job
C:\WINDOWS\System32\ygfknrqu.dll
C:\WINDOWS\System32\vpnbsjla.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2012, 12:21
| #24 |
| | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert hey, also hier das Log Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1644491937-583907252-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=e4da0bfb0000000000000013d4586d72&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}\ not found.
Registry value HKEY_USERS\S-1-5-21-1644491937-583907252-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1644491937-583907252-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}\ not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1713795 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8927A071 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E1982A23 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B468194E deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\RYAW.job moved successfully.
C:\WINDOWS\System32\ygfknrqu.dll moved successfully.
C:\WINDOWS\System32\vpnbsjla.dll moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Administrator\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 423304254 bytes
->Temporary Internet Files folder emptied: 17714165 bytes
->Java cache emptied: 391438 bytes
->FireFox cache emptied: 175253819 bytes
->Google Chrome cache emptied: 309847562 bytes
->Flash cache emptied: 2385 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 82400 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1036918 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1058869 bytes
RecycleBin emptied: 65275610 bytes
Total Files Cleaned = 949,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11092012_121533
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
jetzt hab ich aber noch eine frage, und zwar wurde mir danach angezeigt, dass ich einer softwarefälschung zum opfer gefallen bin.... was mach ich denn jetzt? |
|
09.11.2012, 19:53
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniertZitat:
Du schreibst nicht welche Software angeblich gefälscht sein soll
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2012, 20:03
| #26 |
| | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert eine microsoft-software, konkreteres weiß ich auch nicht... ich denke mal die meinen das betriebssystem oder? aber das kann eig. nicht sein, da das ein bekannter mit seiner win xp setup cd raufgespielt hat. |
|
09.11.2012, 21:37
| #27 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniertZitat:
Zitat:
???
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2012, 21:40
| #28 |
| | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert ach, ich hab jetzt in der unteren rechten ecke meines bildschirms nen halb verschwundenes Fenster wo steht: "Diese Kopie von Windows hat die Windows-Echtheitsprüfung nicht bestanden." Nein ich meinte er hat ne originale Win XP CD |
|
09.11.2012, 22:06
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert Da fragt man sich doch, wo er die Key hergenommen hat  Wenn ein und derselbe Key zu oft benutzt wird, landet der irgendwann auf der Blacklist bei M$ und dann bekommst so eine Meldung Hat dein Rechner überhaupt einen Windows-Lizenzaufkleber?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2012, 22:08
| #30 |
| | Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert hmm, weiß ich leider nicht.... wo sehe ich denn ob da son sticker ist? |
|
| Themen zu Windows XP reagiert langsam bis gar nicht, habe irgendeinenschädling der mich auch ausspioniert |
| account, ausspionieren, ausspioniert, befehl, bootet nicht, brauch, e-mail, e-mail account, formatieren, funktioniert, geändert, helft, langsam, maleware, nichts, ordner, passwörter, problem, reagiert, reagiert langsam, sache, schädling, task-manager, windows, windows xp, wurm, ähnliches, öffnen, öffnet |
Linear-Darstellung
