|
Plagegeister aller Art und deren Bekämpfung: Win xp startet mit fast leerem DesktopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.11.2012, 17:09 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Und welchen Ordner verwendet Windows jetzt? Siehst du zB wenn du auf Start/Ausführen klickst, dort cmd eintippst In der schwarzen Konsole siehst du dann sowas Code:
ATTFilter Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Dokumente und Einstellungen\USER>
__________________ Logfiles bitte immer in CODE-Tags posten |
07.11.2012, 17:12 | #17 |
| Win xp startet mit fast leerem Desktop Ah ok, dass man das so nachschaut, wusste ich nicht.
__________________Win verwendet gerade ***.PC132431016427 (also ohne .OLD aber eben auch nicht den der einfach *** heißt). |
07.11.2012, 19:46 | #18 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem DesktopZitat:
1. Windows neu starten 2. direkt nach dem Reboot ins heute neu erstellte Adminkonto rein 3. ***.PC132431016427 umbenennen zu ***.PC132431016427.old 4. *** umbenennen zu ***.PC132431016427 5. Windows Neustart 6. mit deinem User einloggen und Daumen drücken
__________________ |
07.11.2012, 20:27 | #19 |
| Win xp startet mit fast leerem Desktop Wenn ich .old dranhänge, kommt die Fehlermeldung, dass es den entsprechenden Ordner schon gibt (die unterschiedliche Groß- und Kleinschreibung ändert daran nichts). Kann ich auch eine beliebeige andere Endung nehmen? |
07.11.2012, 20:30 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Ja natürlich! Der muss nur einen anderen Namen haben! Du kannst statt .old auch .alt oder irgendwas anderes ranhängen!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.11.2012, 20:39 | #21 |
| Win xp startet mit fast leerem Desktop Habs so ausprobiert und es hat geklappt! Aber das war wahrscheinlich noch nicht alles, also da gabs sicher einen Grund warum sich das Desktop vertauscht hat? Bzw. was passiert jetzt mit den ganzen ***.PC...OLD Ordnern? |
07.11.2012, 21:09 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Warum das so war, keine Ahnung. Hab schon ein paar genau solcher Hilfeschreie genau in dieser Art auch schon im Büro bekommen und mit dieser Methode immer wieder korrigieren können. Vllt hat Windows irgendwas in deinem Profilordner nicht geschmeckt und er hat kurzerhand ohne großartige Hinweise einfach von vorn angefangen Wenn dein aktueller Profilordner ***.PC132431016427 nun der richtige ist können die anderen eigentlich weg, aber ich würde nochetwas warten und die paar MB mehr auf C stören auch noch nicht wirklich. Code:
ATTFilter Drive C: | 93,15 Gb Total Space | 0,63 Gb Free Space | 0,68% Space Free Da sollten wir mal dringend aufräumen Zitat:
Wenn wir deinen Rechner soweit fertig haben muss unbedingt das SP3 installiert werden! Erst eine Kontrolle mit OTL bitte, das Profilverzeichnis hat sich ja auch signifikant geändert!!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.11.2012, 21:42 | #23 |
| Win xp startet mit fast leerem Desktop Hab den Scan durchgeführt. aus irgendeinem Grund kann ich nach wie vor f-secure nicht deaktivieren (wobei das icon wieder in der Taskleiste ist), hoffe dass das den scan nicht beeinträchtigt hat. OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2012 21:16:52 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,17 Mb Total Physical Memory | 409,69 Mb Available Physical Memory | 45,82% Memory free 2,12 Gb Paging File | 1,70 Gb Available in Paging File | 80,21% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,15 Gb Total Space | 0,70 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\common\FIH32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Device Control\fsdevcon32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard ) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Java\jre1.5.0_05\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Microsoft Office\Office\OSA.EXE () ========== Modules (No Company Name) ========== MOD - \\?\c:\programme\f-secure\hips\fsumi.dll () MOD - C:\Programme\F-Secure\FSGUI\strres.eng () MOD - C:\Programme\F-Secure\FSGUI\gres.dll () MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng () MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng () MOD - C:\Programme\F-Secure\FSGUI\about.dll () MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll () MOD - C:\Programme\F-Secure\Anti-Virus\fsavhres.eng () MOD - C:\Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\Programme\F-Secure\Anti-Virus\fm4av.dll () MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Microsoft Office\Office\MSO97.DLL () MOD - C:\Programme\Microsoft Office\Office\OSA.EXE () ========== Services (SafeList) ========== SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe File not found SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe File not found SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (F-Secure Network Request Broker) -- C:\Programme\F-Secure\common\FNRB32.exe (F-Secure Corporation) SRV - (FSMA) -- C:\Programme\F-Secure\common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (fsdevcon) -- C:\Programme\F-Secure\Device Control\\fsdevcon32.exe () SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\cofi\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- C:\Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys () DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.) DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG) DRV - (ElbyVCD) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys (Elaborate Bytes AG) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60282 IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 145.254.22.10:8000 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure\NRS\litmus-ff@f-secure.com [2012.10.10 14:41:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.01 20:10:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.01 20:09:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.16 08:12:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions [2010.06.05 11:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 09:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Mozilla\Firefox\Profiles\pepoxhbe.default\extensions [2012.11.01 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.01 20:09:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.10 14:41:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM [2012.11.01 20:10:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.23 21:55:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 17:49:47 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.23 21:55:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 21:55:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 21:55:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 21:55:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.01 20:58:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard ) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***.PC132431016427\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = -1795162112 O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1214247387 (Image Uploader Control) O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Java Plug-in 1.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D234B9-FF90-42BD-8013-B8F51BCDFA54}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - File not found O27 - HKLM IFEO\RapportService.exe: Debugger - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{87431348-b948-11e0-bd9f-0014a56b88eb}\Shell\AutoRun\command - "" = F:\installer.exe O33 - MountPoints2\{87431348-b948-11e0-bd9f-0014a56b88eb}\Shell\verb\command - "" = F:\installer.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: coniSP32 - (C:\WINDOWS\system32\ipxrexnt.dll) - File not found O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.07 14:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe [2012.11.03 13:20:25 | 000,000,000 | ---D | C] -- C:\Mozilla [2012.11.01 20:09:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.24 10:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\Scharfreuter ========== Files - Modified Within 30 Days ========== File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI. [2012.11.07 21:16:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.07 21:00:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.11.07 20:33:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.07 20:33:51 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys [2012.11.07 14:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\OTL.exe [2012.11.04 10:13:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.31 20:22:54 | 000,029,513 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.10.31 19:40:50 | 000,158,720 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.31 15:10:29 | 004,081,428 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.31 15:10:29 | 002,982,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.31 15:10:29 | 001,904,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.31 15:10:28 | 002,171,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.15 06:23:39 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.10.12 19:11:42 | 000,070,663 | ---- | M] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf_anwaltschaft.pdf [2012.10.12 14:34:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job ========== Files Created - No Company Name ========== File not found -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\CASC1PZI. [2012.10.12 19:11:42 | 000,070,663 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\stoffplan_ag_4_3_bf_anwaltschaft.pdf [2012.07.05 00:10:31 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.10.01 10:16:40 | 000,162,304 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe [2011.03.24 23:32:35 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.11.25 13:40:55 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2008.04.13 15:28:35 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\usb [2006.10.21 15:09:11 | 000,001,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\ViewerApp.dat [2006.03.05 22:32:50 | 000,158,720 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.03.03 20:20:09 | 000,001,954 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\.plugin141.trace [2006.02.17 17:01:21 | 000,000,204 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\wklnhst.dat [2006.02.17 16:51:55 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2004.08.07 06:21:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.11.2012 21:16:52 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***.PC132431016427\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,17 Mb Total Physical Memory | 409,69 Mb Available Physical Memory | 45,82% Memory free 2,12 Gb Paging File | 1,70 Gb Available in Paging File | 80,21% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,15 Gb Total Space | 0,70 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Computer Name: PC132431016427 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-3895385494-3161838611-3957656901-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{24638AD1-5F7E-9900-147E-B3EEA1B84EAE}" = Napster 5.0 Beta "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1 "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1 "{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5F2F0392-05F6-4D71-B0F9-0BE3733992FB}" = F-Secure Client Security "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1 "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2 "{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F7875264-810A-4ABB-B185-2C5A332E483B}" = F-Secure PSC Prerequisites "{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe SVG Viewer" = Adobe SVG Viewer "ATI Display Driver" = ATI Display Driver "Audiograbber" = Audiograbber 1.83 SE "Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1 "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CloneCD" = CloneCD "CNXT_AUDIO" = Conexant AC-Link Audio "CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP "com.Rhapsody.Napster5" = Napster 5.0 Beta "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "F-Secure Anti-Virus" = F-Secure Client Security - AntiVirus & AntiSpy-Schutz "F-Secure Device Control" = F-Secure Gerätesteuerung "F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail-Scanning "F-Secure ExploitShield" = F-Secure Client Security - Browser-Schutz "F-Secure HIPS" = F-Secure Client Security - DeepGuard "F-Secure Internet Shield" = F-Secure Client Security - Internet-Schutzschild "F-Secure Protocol Scanner" = F-Secure Client Security - Web-Datenverkehr-Scanning "Guitar Pro 5_is1" = Guitar Pro 5.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung "InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers. "LastFM_is1" = Last.fm 1.5.4.27091 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Office8.0" = Microsoft Office 97, Professional Edition "PhotoRecord" = Canon PhotoRecord "RealPlayer 6.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver "UnderCoverXP_is1" = UnderCoverXP 1.19 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinRAR archiver" = WinRAR Archivierer "XP Codec Pack" = XP Codec Pack "ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.11.2012 09:36:11 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 10 2012-11-07 14:36:11+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP109\SNAPSHOT\_REGISTRY_MACHINE_SAM. Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 11 2012-11-07 15:24:48+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-20. Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 12 2012-11-07 15:24:49+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-20. Error - 07.11.2012 10:24:50 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 13 2012-11-07 15:24:49+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-19. Error - 07.11.2012 10:24:53 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 14 2012-11-07 15:24:53+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_NTUSER_S-1-5-21-3895385494-3161838611-3957656901-1006. Error - 07.11.2012 10:24:54 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 15 2012-11-07 15:24:53+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_USER_USRCLASS_S-1-5-21-3895385494-3161838611-3957656901-1006. Error - 07.11.2012 10:25:00 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 16 2012-11-07 15:25:00+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SECURITY. Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 17 2012-11-07 15:25:06+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SOFTWARE. Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 18 2012-11-07 15:25:06+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SYSTEM. Error - 07.11.2012 10:25:06 | Computer Name = PC132431016427 | Source = F-Secure Anti-Virus | ID = 103 Description = 19 2012-11-07 15:25:06+01:00 pc132431016427 PC132431016427\*** F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP110\SNAPSHOT\_REGISTRY_MACHINE_SAM. [ System Events ] Error - 05.11.2012 14:32:31 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 06.11.2012 02:42:51 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 06.11.2012 14:36:16 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 07.11.2012 08:07:45 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 07.11.2012 09:24:32 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 07.11.2012 10:54:08 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 07.11.2012 11:01:23 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 07.11.2012 11:10:30 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 07.11.2012 15:20:24 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 Error - 07.11.2012 15:34:16 | Computer Name = PC132431016427 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1079 < End of report > |
07.11.2012, 21:48 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - File not found O27 - HKLM IFEO\RapportService.exe: Debugger - File not found @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC :Files C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.11.2012, 22:47 | #25 |
| Win xp startet mit fast leerem Desktop So ausgeführt: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe\ deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:364682BC deleted successfully. ========== FILES ========== C:\Dokumente und Einstellungen\***.PC132431016427\0.6607504357915424.exe moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.bat deleted successfully. C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: ***.PC132431016427 ->Temp folder emptied: 5887731 bytes ->Temporary Internet Files folder emptied: 47892749 bytes ->Java cache emptied: 3439933 bytes ->FireFox cache emptied: 56679403 bytes ->Flash cache emptied: 167026 bytes User: ***.PC132431016427.000.OLD User: ***.PC132431016427.001.OLD User: ***.PC132431016427.002.OLD ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 80547722 bytes ->Flash cache emptied: 566 bytes User: ***.PC132431016427.alt ->Temp folder emptied: 2868 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 54570815 bytes ->Flash cache emptied: 56922 bytes User: ***.PC132431016427.OLD User: ***ie ->Temp folder emptied: 2868 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 19573057 bytes ->Flash cache emptied: 56922 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: TEMP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5852382 bytes RecycleBin emptied: 95392 bytes Total Files Cleaned = 262,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 11072012_221932 Files\Folders moved on Reboot... File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AEIPWEUI\42=4;i44=4;d13=0;f1=1;f2=1;d17=1;c1=1;c3=1;c5=0;c8=0;c9=1;c10=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=9055211250[1] not found! File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AEIPWEUI\i15=4;i17=4;i40=4;i42=4;i44=4;f1=2;f2=2;d17=1;c3=1;c4=0;c5=0;c6=1;c8=0;c9=1;c11=1;c21=1;c19=1;c20=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=5387608681[1] not found! File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=2;f1=1;f2=1;d17=1;c1=1;c3=1;c5=1;c8=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;c9=1;c10=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=1285678491[1] not found! File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=7;f1=2;f2=2;d17=1;c1=1;c3=1;c5=0;c8=0;c9=1;c10=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=5528150384[1] not found! File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\42=4;i44=4;d13=7;f1=2;f2=2;d17=1;c1=1;c3=1;c5=1;c8=0;c11=1;c12=0;c19=1;c20=0;c21=1;c22=0;c9=1;c10=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=3738941611[1] not found! File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1N81PH9G\i15=4;i17=4;i40=4;i42=4;i44=4;f1=1;f2=1;d17=1;c3=1;c4=0;c5=0;c6=0;c8=0;c9=1;c11=1;c21=1;c19=1;c20=0;KW=rog1,rog6;xx=vp;xx=rt1;vi=1;tile=1;ord=6253828205[1] not found! File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0M9522XS\cu=15968__camp=71084__no=90740__kw=link1-90740__uuid=85849fee-6056-11e1-a68c-0026b928e1d3__cman1=76__cman2=1057__csit=111111111111111111__EASLink=[1] not found! File\Folder C:\Dokumente und Einstellungen\***.PC132431016427\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\VBNSFLX4\www.totallynsfw.com\[[IMPORT]]\plugins.longtailvideo.com\5\ltas\ltas.swf\httpwwwtotallynsfwcomvideosvideos.sol not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Geändert von Archivar (07.11.2012 um 23:03 Uhr) |
07.11.2012, 22:49 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.11.2012, 23:01 | #27 |
| Win xp startet mit fast leerem Desktop Ich kann leider aswMBR kann ich nicht runterladen. Beim Draufklicken kommt die Meldung "Schädliche Webseite blockiert" von f-secure. Die Meldung ignorieren und trotzdem speichern? |
07.11.2012, 23:07 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem Desktop Ja was denn sonst?
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2012, 11:13 | #29 |
| Win xp startet mit fast leerem Desktop Beide Scans sind fertig. aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-11-08 09:51:27 ----------------------------- 09:51:27.875 OS Version: Windows 5.1.2600 Service Pack 2 09:51:27.875 Number of processors: 1 586 0x2402 09:51:27.875 ComputerName: PC132431016427 UserName: *** 09:51:33.109 Initialize success 09:52:09.359 AVAST engine defs: 12110701 09:52:34.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 09:52:34.781 Disk 0 Vendor: TOSHIBA_MK1031GAS AA204C Size: 95396MB BusType: 3 09:52:34.812 Disk 0 MBR read successfully 09:52:34.828 Disk 0 MBR scan 09:52:35.078 Disk 0 Windows XP default MBR code 09:52:35.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95385 MB offset 63 09:52:35.156 Disk 0 scanning sectors +195350400 09:52:35.328 Disk 0 scanning C:\WINDOWS\system32\drivers 09:53:17.125 Service scanning 09:53:56.953 Modules scanning 09:54:10.703 Disk 0 trace - called modules: 09:54:10.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 09:54:10.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85358ab8] 09:54:10.718 3 CLASSPNP.SYS[f757305b] -> nt!IofCallDriver -> \Device\00000075[0x853c9030] 09:54:10.718 5 ACPI.sys[f73e8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85398030] 09:54:11.406 AVAST engine scan C:\WINDOWS 09:54:30.468 AVAST engine scan C:\WINDOWS\system32 10:00:00.156 AVAST engine scan C:\WINDOWS\system32\drivers 10:00:20.890 AVAST engine scan C:\Dokumente und Einstellungen\***.PC132431016427 10:46:26.578 AVAST engine scan C:\Dokumente und Einstellungen\All Users 10:47:57.843 Scan finished successfully 10:48:58.359 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\MBR.dat" 10:48:58.421 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***.PC132431016427\Desktop\aswMBR.txt" TDSS: Code:
ATTFilter 10:50:50.0218 3972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 10:50:51.0656 3972 ============================================================ 10:50:51.0656 3972 Current date / time: 2012/11/08 10:50:51.0656 10:50:51.0656 3972 SystemInfo: 10:50:51.0656 3972 10:50:51.0656 3972 OS Version: 5.1.2600 ServicePack: 2.0 10:50:51.0656 3972 Product type: Workstation 10:50:51.0656 3972 ComputerName: PC132431016427 10:50:51.0656 3972 UserName: *** 10:50:51.0656 3972 Windows directory: C:\WINDOWS 10:50:51.0656 3972 System windows directory: C:\WINDOWS 10:50:51.0656 3972 Processor architecture: Intel x86 10:50:51.0656 3972 Number of processors: 1 10:50:51.0656 3972 Page size: 0x1000 10:50:51.0656 3972 Boot type: Normal boot 10:50:51.0656 3972 ============================================================ 10:50:54.0390 3972 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:50:54.0390 3972 ============================================================ 10:50:54.0390 3972 \Device\Harddisk0\DR0: 10:50:54.0390 3972 MBR partitions: 10:50:54.0390 3972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41 10:50:54.0390 3972 ============================================================ 10:50:54.0406 3972 C: <-> \Device\Harddisk0\DR0\Partition1 10:50:54.0437 3972 ============================================================ 10:50:54.0437 3972 Initialize success 10:50:54.0437 3972 ============================================================ 10:51:38.0250 3828 ============================================================ 10:51:38.0250 3828 Scan started 10:51:38.0250 3828 Mode: Manual; SigCheck; TDLFS; 10:51:38.0250 3828 ============================================================ 10:51:38.0531 3828 ================ Scan system memory ======================== 10:51:46.0968 3828 System memory - ok 10:51:46.0968 3828 ================ Scan services ============================= 10:51:47.0093 3828 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 10:51:47.0296 3828 AAV UpdateService - ok 10:51:47.0468 3828 Abiosdsk - ok 10:51:47.0484 3828 abp480n5 - ok 10:51:47.0531 3828 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:51:54.0796 3828 ACPI - ok 10:51:54.0859 3828 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 10:51:55.0093 3828 ACPIEC - ok 10:51:55.0187 3828 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 10:51:55.0296 3828 AdobeFlashPlayerUpdateSvc - ok 10:51:55.0312 3828 adpu160m - ok 10:51:55.0375 3828 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys 10:51:55.0906 3828 aec - ok 10:51:55.0953 3828 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys 10:51:56.0046 3828 AFD - ok 10:51:56.0062 3828 Aha154x - ok 10:51:56.0078 3828 aic78u2 - ok 10:51:56.0093 3828 aic78xx - ok 10:51:56.0140 3828 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll 10:51:56.0312 3828 Alerter - ok 10:51:56.0343 3828 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe 10:51:56.0546 3828 ALG - ok 10:51:56.0609 3828 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys 10:51:56.0859 3828 AliIde - ok 10:51:56.0906 3828 [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 10:51:57.0015 3828 AmdK8 - ok 10:51:57.0031 3828 amsint - ok 10:51:57.0140 3828 [ 69DA2BB73AC426CDEEBDACC68438BA3D ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 10:51:57.0234 3828 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning 10:51:57.0234 3828 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1) 10:51:57.0250 3828 AppMgmt - ok 10:51:57.0296 3828 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:51:57.0484 3828 Arp1394 - ok 10:51:57.0500 3828 asc - ok 10:51:57.0515 3828 asc3350p - ok 10:51:57.0531 3828 asc3550 - ok 10:51:57.0609 3828 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 10:51:57.0687 3828 aspnet_state ( UnsignedFile.Multi.Generic ) - warning 10:51:57.0687 3828 aspnet_state - detected UnsignedFile.Multi.Generic (1) 10:51:57.0718 3828 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:51:57.0890 3828 AsyncMac - ok 10:51:57.0937 3828 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 10:51:58.0156 3828 atapi - ok 10:51:58.0171 3828 Atdisk - ok 10:51:58.0250 3828 [ E548EB303255721145418F85B77B9D8A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 10:51:58.0500 3828 Ati HotKey Poller - ok 10:51:58.0593 3828 [ 6EF070828E7B8C6F45D8F0E9CE28CA8B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:51:58.0937 3828 ati2mtag - ok 10:51:59.0000 3828 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:51:59.0203 3828 Atmarpc - ok 10:51:59.0265 3828 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 10:51:59.0468 3828 AudioSrv - ok 10:51:59.0531 3828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 10:51:59.0750 3828 audstub - ok 10:51:59.0843 3828 [ FA4A4A50B4B2647AFEDC676CC68C69CC ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 10:52:00.0046 3828 BCM43XX - ok 10:52:00.0078 3828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 10:52:00.0312 3828 Beep - ok 10:52:00.0375 3828 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll 10:52:02.0437 3828 BITS - ok 10:52:02.0500 3828 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll 10:52:02.0656 3828 Browser - ok 10:52:02.0703 3828 [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 10:52:02.0765 3828 BTWUSB ( UnsignedFile.Multi.Generic ) - warning 10:52:02.0765 3828 BTWUSB - detected UnsignedFile.Multi.Generic (1) 10:52:02.0828 3828 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys 10:52:02.0937 3828 CAMCAUD - ok 10:52:02.0984 3828 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys 10:52:03.0171 3828 CAMCHALA - ok 10:52:03.0187 3828 catchme - ok 10:52:03.0218 3828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 10:52:03.0437 3828 cbidf2k - ok 10:52:03.0484 3828 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 10:52:03.0687 3828 CCDECODE - ok 10:52:03.0703 3828 cd20xrnt - ok 10:52:03.0734 3828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 10:52:03.0953 3828 Cdaudio - ok 10:52:04.0015 3828 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 10:52:04.0187 3828 Cdfs - ok 10:52:04.0218 3828 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys 10:52:04.0250 3828 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning 10:52:04.0250 3828 cdrbsdrv - detected UnsignedFile.Multi.Generic (1) 10:52:04.0296 3828 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:52:04.0453 3828 Cdrom - ok 10:52:04.0468 3828 Changer - ok 10:52:04.0515 3828 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe 10:52:04.0703 3828 CiSvc - ok 10:52:04.0750 3828 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 10:52:04.0953 3828 ClipSrv - ok 10:52:04.0984 3828 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 10:52:05.0171 3828 CmBatt - ok 10:52:05.0187 3828 CmdIde - ok 10:52:05.0250 3828 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 10:52:05.0484 3828 Compbatt - ok 10:52:05.0500 3828 COMSysApp - ok 10:52:05.0531 3828 Cpqarray - ok 10:52:05.0578 3828 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 10:52:05.0765 3828 CryptSvc - ok 10:52:05.0781 3828 dac2w2k - ok 10:52:05.0796 3828 dac960nt - ok 10:52:05.0859 3828 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 10:52:06.0156 3828 DcomLaunch - ok 10:52:06.0218 3828 [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 10:52:06.0781 3828 Dhcp - ok 10:52:06.0859 3828 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 10:52:07.0046 3828 Disk - ok 10:52:07.0062 3828 dmadmin - ok 10:52:07.0156 3828 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 10:52:07.0390 3828 dmboot - ok 10:52:07.0437 3828 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 10:52:07.0625 3828 dmio - ok 10:52:07.0671 3828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 10:52:07.0890 3828 dmload - ok 10:52:07.0937 3828 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll 10:52:08.0125 3828 dmserver - ok 10:52:08.0156 3828 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 10:52:08.0375 3828 DMusic - ok 10:52:08.0406 3828 [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 10:52:08.0968 3828 Dnscache - ok 10:52:08.0968 3828 dpti2o - ok 10:52:09.0015 3828 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 10:52:09.0203 3828 drmkaud - ok 10:52:09.0250 3828 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys 10:52:09.0312 3828 eabfiltr - ok 10:52:09.0343 3828 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys 10:52:09.0406 3828 eabusb - ok 10:52:09.0453 3828 [ 59C9E1336A4508F059827D638E924C62 ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 10:52:09.0515 3828 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning 10:52:09.0515 3828 ElbyCDFL - detected UnsignedFile.Multi.Generic (1) 10:52:09.0546 3828 [ 389823DB299B350F2EE830D47376EEAC ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 10:52:09.0609 3828 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning 10:52:09.0609 3828 ElbyCDIO - detected UnsignedFile.Multi.Generic (1) 10:52:09.0656 3828 [ C4143FC2F7D39A5A8B1CFE0BC4BD8A9E ] ElbyVCD C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys 10:52:09.0718 3828 ElbyVCD ( UnsignedFile.Multi.Generic ) - warning 10:52:09.0718 3828 ElbyVCD - detected UnsignedFile.Multi.Generic (1) 10:52:09.0765 3828 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll 10:52:09.0937 3828 ERSvc - ok 10:52:09.0984 3828 [ A07CA23EA361A01E627D911CF139B950 ] Eventlog C:\WINDOWS\system32\services.exe 10:52:10.0125 3828 Eventlog - ok 10:52:10.0171 3828 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll 10:52:10.0296 3828 EventSystem - ok 10:52:10.0406 3828 [ 4A076E190BB9DC3202D95D496878923C ] F-Secure Filter C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys 10:52:10.0453 3828 F-Secure Filter - ok 10:52:10.0562 3828 [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys 10:52:10.0640 3828 F-Secure Gatekeeper - ok 10:52:10.0703 3828 [ 45A0A9A8415DF0C22D0A683D798968CD ] F-Secure Gatekeeper Handler Starter C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe 10:52:10.0781 3828 F-Secure Gatekeeper Handler Starter - ok 10:52:10.0859 3828 [ 51B6194B06F8373C7BE83F507F94F405 ] F-Secure HIPS C:\Programme\F-Secure\HIPS\drivers\fshs.sys 10:52:10.0921 3828 F-Secure HIPS - ok 10:52:11.0000 3828 [ 3F3EC2023F3F5C8ADEE89FC21D67FA8B ] F-Secure Network Request Broker C:\Programme\F-Secure\Common\FNRB32.EXE 10:52:11.0093 3828 F-Secure Network Request Broker - ok 10:52:11.0125 3828 [ 958C6C79676E34582CFD3DA2B32CB343 ] F-Secure Recognizer C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys 10:52:11.0171 3828 F-Secure Recognizer - ok 10:52:11.0234 3828 [ E3B0CD18146F9D51A34969E9BC2458D2 ] FANTOM C:\WINDOWS\system32\DRIVERS\fantom.sys 10:52:11.0296 3828 FANTOM ( UnsignedFile.Multi.Generic ) - warning 10:52:11.0296 3828 FANTOM - detected UnsignedFile.Multi.Generic (1) 10:52:11.0328 3828 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 10:52:11.0546 3828 Fastfat - ok 10:52:11.0578 3828 [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 10:52:12.0171 3828 FastUserSwitchingCompatibility - ok 10:52:12.0218 3828 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 10:52:12.0406 3828 Fdc - ok 10:52:12.0453 3828 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 10:52:12.0656 3828 Fips - ok 10:52:12.0687 3828 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:52:12.0859 3828 Flpydisk - ok 10:52:12.0921 3828 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 10:52:13.0484 3828 FltMgr - ok 10:52:13.0515 3828 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys 10:52:13.0562 3828 fsbts - ok 10:52:13.0656 3828 [ 00F5156562FEA93C8CAF5EACC0B9524F ] fsdevcon C:\Programme\F-Secure\Device Control\\fsdevcon32.exe 10:52:13.0828 3828 fsdevcon - ok 10:52:13.0937 3828 [ AA59C15C31B53A4F26B165737B2E4FEB ] FSDFWD C:\Programme\F-Secure\FWES\Program\fsdfwd.exe 10:52:14.0140 3828 FSDFWD - ok 10:52:14.0187 3828 [ D7261B0876E4238D680E96B69292B9E0 ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys 10:52:14.0234 3828 FSFW - ok 10:52:14.0296 3828 [ E0229353879FD33E15462B862A064FD6 ] FSMA C:\Programme\F-Secure\Common\FSMA32.EXE 10:52:14.0375 3828 FSMA - ok 10:52:14.0453 3828 [ DD4A7ECF77AD120310648602C0B262EC ] FSORSPClient C:\Programme\F-Secure\ORSP Client\fsorsp.exe 10:52:14.0515 3828 FSORSPClient - ok 10:52:14.0562 3828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:52:14.0765 3828 Fs_Rec - ok 10:52:14.0812 3828 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:52:15.0046 3828 Ftdisk - ok 10:52:15.0125 3828 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys 10:52:15.0281 3828 FWLANUSB - ok 10:52:15.0328 3828 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 10:52:15.0359 3828 GEARAspiWDM - ok 10:52:15.0406 3828 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:52:15.0578 3828 Gpc - ok 10:52:15.0671 3828 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:52:15.0859 3828 helpsvc - ok 10:52:15.0921 3828 [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ C:\WINDOWS\System32\hidserv.dll 10:52:16.0109 3828 HidServ - ok 10:52:16.0156 3828 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:52:16.0375 3828 HidUsb - ok 10:52:16.0390 3828 hpn - ok 10:52:16.0468 3828 [ 7463E7CBDF29B50ACB90574D5769A160 ] hpqwmi C:\Programme\HPQ\SHARED\HPQWMI.exe 10:52:16.0531 3828 hpqwmi ( UnsignedFile.Multi.Generic ) - warning 10:52:16.0531 3828 hpqwmi - detected UnsignedFile.Multi.Generic (1) 10:52:16.0593 3828 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys 10:52:16.0671 3828 HSFHWATI - ok 10:52:16.0765 3828 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 10:52:17.0078 3828 HSF_DP - ok 10:52:17.0156 3828 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 10:52:17.0375 3828 HTTP - ok 10:52:17.0421 3828 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 10:52:17.0625 3828 HTTPFilter - ok 10:52:17.0640 3828 i2omgmt - ok 10:52:17.0656 3828 i2omp - ok 10:52:17.0703 3828 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:52:17.0906 3828 i8042prt - ok 10:52:18.0031 3828 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe 10:52:18.0093 3828 IDriverT ( UnsignedFile.Multi.Generic ) - warning 10:52:18.0093 3828 IDriverT - detected UnsignedFile.Multi.Generic (1) 10:52:18.0140 3828 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 10:52:18.0312 3828 Imapi - ok 10:52:18.0359 3828 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe 10:52:18.0562 3828 ImapiService - ok 10:52:18.0593 3828 ini910u - ok 10:52:18.0625 3828 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 10:52:18.0828 3828 IntelIde - ok 10:52:18.0875 3828 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 10:52:19.0078 3828 Ip6Fw - ok 10:52:19.0125 3828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:52:19.0312 3828 IpFilterDriver - ok 10:52:19.0343 3828 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:52:19.0531 3828 IpInIp - ok 10:52:19.0578 3828 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:52:20.0156 3828 IpNat - ok 10:52:20.0250 3828 [ E1BD28CA09EE8F30E8EDBD6C19F5579D ] iPod Service C:\Programme\iPod\bin\iPodService.exe 10:52:20.0453 3828 iPod Service - ok 10:52:20.0484 3828 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:52:20.0671 3828 IPSec - ok 10:52:20.0703 3828 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 10:52:20.0890 3828 IRENUM - ok 10:52:20.0953 3828 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:52:21.0171 3828 isapnp - ok 10:52:21.0218 3828 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:52:21.0390 3828 Kbdclass - ok 10:52:21.0437 3828 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 10:52:22.0015 3828 kmixer - ok 10:52:22.0062 3828 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 10:52:22.0218 3828 KSecDD - ok 10:52:22.0281 3828 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 10:52:22.0906 3828 lanmanserver - ok 10:52:22.0953 3828 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 10:52:23.0078 3828 lanmanworkstation - ok 10:52:23.0093 3828 lbrtfdc - ok 10:52:23.0156 3828 [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 10:52:23.0296 3828 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 10:52:23.0296 3828 LightScribeService - detected UnsignedFile.Multi.Generic (1) 10:52:23.0343 3828 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 10:52:23.0515 3828 LmHosts - ok 10:52:23.0562 3828 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 10:52:23.0625 3828 mdmxsdk - ok 10:52:23.0640 3828 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll 10:52:23.0843 3828 Messenger - ok 10:52:23.0906 3828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 10:52:24.0093 3828 mnmdd - ok 10:52:24.0125 3828 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 10:52:24.0328 3828 mnmsrvc - ok 10:52:24.0359 3828 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 10:52:24.0578 3828 Modem - ok 10:52:24.0640 3828 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:52:24.0843 3828 Mouclass - ok 10:52:24.0906 3828 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:52:25.0109 3828 mouhid - ok 10:52:25.0156 3828 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 10:52:25.0343 3828 MountMgr - ok 10:52:25.0437 3828 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 10:52:25.0515 3828 MozillaMaintenance - ok 10:52:25.0531 3828 mraid35x - ok 10:52:25.0578 3828 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:52:26.0218 3828 MRxDAV - ok 10:52:26.0265 3828 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:52:26.0593 3828 MRxSmb - ok 10:52:26.0593 3828 MSCSPTISRV - ok 10:52:26.0656 3828 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe 10:52:26.0828 3828 MSDTC - ok 10:52:26.0875 3828 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 10:52:27.0078 3828 Msfs - ok 10:52:27.0093 3828 MSIServer - ok 10:52:27.0140 3828 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:52:27.0312 3828 MSKSSRV - ok 10:52:27.0343 3828 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:52:27.0546 3828 MSPCLOCK - ok 10:52:27.0593 3828 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 10:52:27.0781 3828 MSPQM - ok 10:52:27.0828 3828 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:52:28.0000 3828 mssmbios - ok 10:52:28.0046 3828 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 10:52:28.0234 3828 MSTEE - ok 10:52:28.0281 3828 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 10:52:28.0500 3828 Mup - ok 10:52:28.0546 3828 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 10:52:28.0734 3828 NABTSFEC - ok 10:52:28.0765 3828 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 10:52:28.0984 3828 NDIS - ok 10:52:29.0015 3828 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 10:52:29.0203 3828 NdisIP - ok 10:52:29.0250 3828 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:52:29.0437 3828 NdisTapi - ok 10:52:29.0468 3828 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:52:29.0656 3828 Ndisuio - ok 10:52:29.0687 3828 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:52:29.0875 3828 NdisWan - ok 10:52:29.0906 3828 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 10:52:30.0109 3828 NDProxy - ok 10:52:30.0156 3828 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 10:52:30.0343 3828 NetBIOS - ok 10:52:30.0375 3828 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 10:52:30.0562 3828 NetBT - ok 10:52:30.0625 3828 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe 10:52:30.0843 3828 NetDDE - ok 10:52:30.0859 3828 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 10:52:31.0046 3828 NetDDEdsdm - ok 10:52:31.0078 3828 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe 10:52:31.0250 3828 Netlogon - ok 10:52:31.0296 3828 [ 1E5218FBE323C375B488318950E10FB4 ] Netman C:\WINDOWS\System32\netman.dll 10:52:31.0906 3828 Netman - ok 10:52:31.0968 3828 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:52:32.0156 3828 NIC1394 - ok 10:52:32.0203 3828 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll 10:52:32.0328 3828 Nla - ok 10:52:32.0375 3828 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 10:52:32.0562 3828 Npfs - ok 10:52:32.0609 3828 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 10:52:33.0390 3828 Ntfs - ok 10:52:33.0421 3828 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 10:52:33.0593 3828 NtLmSsp - ok 10:52:33.0640 3828 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 10:52:33.0937 3828 NtmsSvc - ok 10:52:34.0000 3828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 10:52:34.0218 3828 Null - ok 10:52:34.0265 3828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:52:34.0484 3828 NwlnkFlt - ok 10:52:34.0515 3828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:52:34.0734 3828 NwlnkFwd - ok 10:52:34.0812 3828 [ 197DDF60B254A84D8656850397B5F923 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:52:35.0453 3828 ohci1394 - ok 10:52:35.0453 3828 PACSPTISVR - ok 10:52:35.0531 3828 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 10:52:35.0718 3828 Parport - ok 10:52:35.0750 3828 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 10:52:35.0921 3828 PartMgr - ok 10:52:35.0953 3828 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 10:52:36.0140 3828 ParVdm - ok 10:52:36.0187 3828 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 10:52:36.0375 3828 PCI - ok 10:52:36.0390 3828 PCIDump - ok 10:52:36.0437 3828 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 10:52:36.0609 3828 PCIIde - ok 10:52:36.0640 3828 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 10:52:36.0843 3828 Pcmcia - ok 10:52:36.0859 3828 PDCOMP - ok 10:52:36.0875 3828 PDFRAME - ok 10:52:36.0890 3828 PDRELI - ok 10:52:36.0906 3828 PDRFRAME - ok 10:52:36.0921 3828 perc2 - ok 10:52:36.0937 3828 perc2hib - ok 10:52:37.0000 3828 [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay C:\WINDOWS\system32\services.exe 10:52:37.0125 3828 PlugPlay - ok 10:52:37.0156 3828 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 10:52:37.0312 3828 PolicyAgent - ok 10:52:37.0343 3828 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:52:37.0531 3828 PptpMiniport - ok 10:52:37.0578 3828 [ F04317FB351B75233979DC65D4CEAD54 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 10:52:38.0187 3828 Processor - ok 10:52:38.0187 3828 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 10:52:38.0375 3828 ProtectedStorage - ok 10:52:38.0406 3828 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 10:52:38.0593 3828 PSched - ok 10:52:38.0640 3828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:52:38.0812 3828 Ptilink - ok 10:52:38.0875 3828 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:52:38.0921 3828 PxHelp20 - ok 10:52:38.0937 3828 ql1080 - ok 10:52:38.0953 3828 Ql10wnt - ok 10:52:38.0968 3828 ql12160 - ok 10:52:38.0984 3828 ql1240 - ok 10:52:39.0000 3828 ql1280 - ok 10:52:39.0062 3828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:52:39.0265 3828 RasAcd - ok 10:52:39.0328 3828 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll 10:52:39.0500 3828 RasAuto - ok 10:52:39.0546 3828 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys 10:52:39.0687 3828 Rasirda - ok 10:52:39.0734 3828 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:52:39.0906 3828 Rasl2tp - ok 10:52:39.0968 3828 [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan C:\WINDOWS\System32\rasmans.dll 10:52:40.0609 3828 RasMan - ok 10:52:40.0640 3828 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:52:40.0812 3828 RasPppoe - ok 10:52:40.0859 3828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 10:52:41.0031 3828 Raspti - ok 10:52:41.0062 3828 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:52:41.0828 3828 Rdbss - ok 10:52:41.0875 3828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:52:42.0093 3828 RDPCDD - ok 10:52:42.0156 3828 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 10:52:42.0765 3828 RDPWD - ok 10:52:42.0812 3828 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 10:52:43.0015 3828 RDSessMgr - ok 10:52:43.0078 3828 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 10:52:43.0281 3828 redbook - ok 10:52:43.0328 3828 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 10:52:43.0546 3828 RemoteAccess - ok 10:52:43.0593 3828 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe 10:52:43.0750 3828 RpcLocator - ok 10:52:43.0812 3828 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs C:\WINDOWS\System32\rpcss.dll 10:52:44.0031 3828 RpcSs - ok 10:52:44.0093 3828 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 10:52:44.0343 3828 RSVP - ok 10:52:44.0406 3828 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 10:52:44.0531 3828 RTL8023xp - ok 10:52:44.0562 3828 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe 10:52:44.0734 3828 SamSs - ok 10:52:44.0796 3828 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 10:52:44.0984 3828 SCardSvr - ok 10:52:45.0046 3828 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll 10:52:45.0234 3828 Schedule - ok 10:52:45.0281 3828 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 10:52:45.0484 3828 sdbus - ok 10:52:45.0515 3828 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:52:46.0125 3828 Secdrv - ok 10:52:46.0171 3828 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll 10:52:46.0359 3828 seclogon - ok 10:52:46.0390 3828 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll 10:52:46.0578 3828 SENS - ok 10:52:46.0625 3828 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 10:52:46.0765 3828 serenum - ok 10:52:46.0796 3828 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 10:52:47.0000 3828 Serial - ok 10:52:47.0031 3828 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 10:52:47.0187 3828 Sfloppy - ok 10:52:47.0265 3828 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 10:52:47.0531 3828 SharedAccess - ok 10:52:47.0562 3828 [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 10:52:48.0187 3828 ShellHWDetection - ok 10:52:48.0203 3828 Simbad - ok 10:52:48.0265 3828 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 10:52:48.0453 3828 SLIP - ok 10:52:48.0500 3828 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys 10:52:48.0656 3828 SMCIRDA - ok 10:52:48.0703 3828 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 10:52:48.0906 3828 SONYPVU1 - ok 10:52:48.0921 3828 Sparrow - ok 10:52:48.0968 3828 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 10:52:49.0562 3828 splitter - ok 10:52:49.0609 3828 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe 10:52:50.0406 3828 Spooler - ok 10:52:50.0406 3828 SPTISRV - ok 10:52:50.0468 3828 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 10:52:50.0671 3828 sr - ok 10:52:50.0734 3828 [ E150E7618328562598F4CE0B5851B5CD ] srservice C:\WINDOWS\system32\srsvc.dll 10:52:51.0421 3828 srservice - ok 10:52:51.0484 3828 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 10:52:51.0734 3828 Srv - ok 10:52:51.0781 3828 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 10:52:51.0984 3828 SSDPSRV - ok 10:52:52.0046 3828 [ 5FFB52404158ABC5D9FF4081BCD67033 ] SSHDRV62 C:\WINDOWS\system32\drivers\SSHDRV62.sys 10:52:52.0093 3828 SSHDRV62 ( UnsignedFile.Multi.Generic ) - warning 10:52:52.0109 3828 SSHDRV62 - detected UnsignedFile.Multi.Generic (1) 10:52:52.0125 3828 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 10:52:52.0187 3828 ssmdrv ( UnsignedFile.Multi.Generic ) - warning 10:52:52.0187 3828 ssmdrv - detected UnsignedFile.Multi.Generic (1) 10:52:52.0265 3828 [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc C:\WINDOWS\system32\wiaservc.dll 10:52:53.0093 3828 stisvc - ok 10:52:53.0125 3828 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 10:52:53.0296 3828 streamip - ok 10:52:53.0343 3828 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 10:52:53.0515 3828 swenum - ok 10:52:53.0546 3828 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 10:52:53.0765 3828 swmidi - ok 10:52:53.0796 3828 SwPrv - ok 10:52:53.0812 3828 symc810 - ok 10:52:53.0828 3828 symc8xx - ok 10:52:53.0843 3828 sym_hi - ok 10:52:53.0859 3828 sym_u3 - ok 10:52:53.0921 3828 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 10:52:54.0031 3828 SynTP - ok 10:52:54.0078 3828 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 10:52:54.0265 3828 sysaudio - ok 10:52:54.0328 3828 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 10:52:54.0531 3828 SysmonLog - ok 10:52:54.0578 3828 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 10:52:55.0421 3828 TapiSrv - ok 10:52:55.0468 3828 [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys 10:52:55.0500 3828 tbhsd - ok 10:52:55.0562 3828 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:52:55.0812 3828 Tcpip - ok 10:52:55.0875 3828 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 10:52:56.0062 3828 TDPIPE - ok 10:52:56.0093 3828 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 10:52:56.0296 3828 TDTCP - ok 10:52:56.0328 3828 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 10:52:56.0531 3828 TermDD - ok 10:52:56.0593 3828 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll 10:52:56.0875 3828 TermService - ok 10:52:56.0921 3828 [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes C:\WINDOWS\System32\shsvcs.dll 10:52:57.0515 3828 Themes - ok 10:52:57.0578 3828 [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys 10:52:57.0671 3828 tifm21 - ok 10:52:57.0703 3828 TosIde - ok 10:52:57.0734 3828 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll 10:52:57.0921 3828 TrkWks - ok 10:52:58.0000 3828 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe 10:52:58.0203 3828 TuneUp.Defrag - ok 10:52:58.0250 3828 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 10:52:58.0453 3828 Udfs - ok 10:52:58.0468 3828 ultra - ok 10:52:58.0515 3828 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 10:52:58.0640 3828 UMWdf - ok 10:52:58.0687 3828 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 10:52:58.0906 3828 Update - ok 10:52:58.0937 3828 [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:52:59.0171 3828 uploadmgr - ok 10:52:59.0234 3828 [ 855790C1BACED245A6B210AF430ED17B ] upnphost C:\WINDOWS\System32\upnphost.dll 10:52:59.0906 3828 upnphost - ok 10:52:59.0968 3828 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe 10:53:00.0140 3828 UPS - ok 10:53:00.0203 3828 [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 10:53:00.0312 3828 USBAAPL - ok 10:53:00.0359 3828 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 10:53:00.0546 3828 usbaudio - ok 10:53:00.0578 3828 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:53:00.0765 3828 usbccgp - ok 10:53:00.0796 3828 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:53:00.0984 3828 usbehci - ok 10:53:01.0031 3828 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:53:01.0218 3828 usbhub - ok 10:53:01.0250 3828 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 10:53:01.0421 3828 usbohci - ok 10:53:01.0468 3828 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:53:01.0656 3828 usbprint - ok 10:53:01.0687 3828 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:53:01.0875 3828 usbscan - ok 10:53:01.0921 3828 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:53:02.0109 3828 USBSTOR - ok 10:53:02.0156 3828 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:53:02.0328 3828 usbuhci - ok 10:53:02.0390 3828 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 10:53:02.0593 3828 usbvideo - ok 10:53:02.0656 3828 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll 10:53:02.0703 3828 UxTuneUp - ok 10:53:02.0750 3828 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 10:53:02.0937 3828 VgaSave - ok 10:53:02.0968 3828 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 10:53:03.0125 3828 ViaIde - ok 10:53:03.0171 3828 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 10:53:03.0359 3828 VolSnap - ok 10:53:03.0421 3828 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe 10:53:03.0703 3828 VSS - ok 10:53:03.0781 3828 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll 10:53:03.0984 3828 W32Time - ok 10:53:04.0015 3828 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:53:04.0218 3828 Wanarp - ok 10:53:04.0234 3828 WDICA - ok 10:53:04.0281 3828 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 10:53:04.0843 3828 wdmaud - ok 10:53:04.0890 3828 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll 10:53:05.0531 3828 WebClient - ok 10:53:05.0593 3828 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 10:53:05.0859 3828 winachsf - ok 10:53:05.0968 3828 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 10:53:06.0140 3828 winmgmt - ok 10:53:06.0218 3828 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 10:53:06.0312 3828 WmdmPmSN - ok 10:53:06.0375 3828 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:53:06.0546 3828 WmiAcpi - ok 10:53:06.0609 3828 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:53:06.0828 3828 WmiApSrv - ok 10:53:06.0921 3828 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 10:53:07.0109 3828 wscsvc - ok 10:53:07.0140 3828 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 10:53:07.0343 3828 WSTCODEC - ok 10:53:07.0390 3828 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 10:53:07.0562 3828 wuauserv - ok 10:53:07.0609 3828 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 10:53:07.0953 3828 WZCSVC - ok 10:53:08.0000 3828 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll 10:53:08.0296 3828 xmlprov - ok 10:53:08.0328 3828 ================ Scan global =============================== 10:53:08.0390 3828 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll 10:53:08.0437 3828 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll 10:53:08.0468 3828 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll 10:53:08.0500 3828 [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe 10:53:08.0500 3828 [Global] - ok 10:53:08.0500 3828 ================ Scan MBR ================================== 10:53:08.0531 3828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 10:53:08.0687 3828 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:53:08.0687 3828 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:53:08.0687 3828 ================ Scan VBR ================================== 10:53:08.0703 3828 [ BB5271B3CA9D84C96B48592682BEBF32 ] \Device\Harddisk0\DR0\Partition1 10:53:08.0703 3828 \Device\Harddisk0\DR0\Partition1 - ok 10:53:08.0703 3828 ============================================================ 10:53:08.0703 3828 Scan finished 10:53:08.0703 3828 ============================================================ 10:53:08.0859 0200 Detected object count: 14 10:53:08.0859 0200 Actual detected object count: 14 10:54:16.0265 0200 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0265 0200 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0265 0200 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0265 0200 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0265 0200 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0265 0200 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0265 0200 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0265 0200 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0281 0200 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0281 0200 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0281 0200 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0281 0200 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0281 0200 ElbyVCD ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0281 0200 ElbyVCD ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0281 0200 FANTOM ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0281 0200 FANTOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0296 0200 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0296 0200 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0296 0200 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0296 0200 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0296 0200 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0296 0200 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0296 0200 SSHDRV62 ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0296 0200 SSHDRV62 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0312 0200 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user 10:54:16.0312 0200 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:54:16.0312 0200 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 10:54:16.0312 0200 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:58:12.0265 3984 Deinitialize success |
08.11.2012, 13:44 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win xp startet mit fast leerem DesktopCode:
ATTFilter 10:54:16.0312 0200 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Win xp startet mit fast leerem Desktop |
adobe flash player, amerika, application/pdf:, avira, bho, desktop, einstellungen, error, explorer, festplatte, firefox, flash player, format, helper, home, internet, internet explorer, launch, logfile, national, nodrives, ordner, plug-in, programm, realtek, registry, scan, sich automatisch, software, super, temp, tracker, usb, windows |