| |
| |||||||
Log-Analyse und Auswertung: HDD Repair - nach Anleitung entfernt - weiterhin ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.11.2012, 16:13
| #1 |
 |  HDD Repair - nach Anleitung entfernt - weiterhin Probleme Hallo liebe Malware-Experten, ich habe mir gestern eine Infektion mit einer Version von HDD Repair eingefangen. Ich habe bereits versucht, mein System mittels der Anleitung im Thread "HDD Repair entfernen" zu bereinigen. Die durchgeführten Schritte waren: 1. Einsatz von "RKill" 2. Scan mit MbAM --> Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.04.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Murlain :: MURLAIN-LAPTOP [Administrator] 04.11.2012 20:53:14 mbam-log-2012-11-04 (20-53-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 316395 Laufzeit: 1 Stunde(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\iGgHWCrmYUb1tz.exe.tmp (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Programme\RelevantKnowledge(2)\rlls(2).dll (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{543F9333-96B4-48F4-BFB1-F353240F50A6}\RP255\A0106406.dll (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{543F9333-96B4-48F4-BFB1-F353240F50A6}\RP265\A0112331.exe (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 3. Scan mit Avast --> nichts gefunden außer einem PuP ("RelevantKnowledge") Rechner runtergefahren und Arbeit beendet. Heute Morgen Rechner wieder hochgefahren: Avast blockiert Zugriffe von "svchost" auf diverse Webseiten. 4. Einsatz von TDSSKiller (musste den Namen des Progs ändern, sonst startete es nicht) --> "rootkit.boot.sst.a" gefunden und entfernt. 5. Erneuter Scan mit MbAM --> Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.04.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Murlain :: MURLAIN-LAPTOP [Administrator] 05.11.2012 08:07:25 mbam-log-2012-11-05 (08-07-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 316176 Laufzeit: 1 Stunde(n), 11 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Aber: Firefox und Thunderbird können nicht mehr gestartet werden ("... wird bereits ausgeführt"). Deinstallation geht auch nicht (es passiert einfach nichts, wenn ich auf den Deinstallationsbutton drücke). Im abgesicherten Modus geht es ebenfalls nicht. Nun habe ich mich entschlossen, einen Thread zu eröffnen und auf Hilfe zu hoffen, da ich mit meinem Latein am Ende bin. 1. defogger ausgeführt. Musste einmal neustarten, danach nochmals ausgeführt. --> Logfile: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:59 on 05/11/2012 (Murlain)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
2. OTL ausgeführt. Logfile: Code:
ATTFilter OTL logfile created on: 05.11.2012 10:00:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 73,42% Memory free 5,58 Gb Paging File | 5,24 Gb Available in Paging File | 93,88% Paging File free Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 16,77 Gb Free Space | 28,62% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 12,78 Gb Free Space | 32,73% Space Free | Partition Type: NTFS Drive E: | 200,43 Gb Total Space | 73,53 Gb Free Space | 36,68% Space Free | Partition Type: NTFS Drive H: | 982,70 Mb Total Space | 418,28 Mb Free Space | 42,56% Space Free | Partition Type: FAT Computer Name: MURLAIN-LAPTOP | User Name: Murlain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.05 09:52:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe PRC - [2012.11.05 09:52:00 | 000,050,477 | ---- | M] () -- H:\Defogger.exe PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.21 10:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.03.14 04:48:58 | 003,051,619 | ---- | M] (Logitech Inc.) -- C:\Programme\Squeezebox\SqueezeTray.exe PRC - [2010.07.26 01:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.14 13:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.05.10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe PRC - [2006.01.02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005.02.16 08:18:16 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\tardisnt.exe ========== Modules (No Company Name) ========== MOD - [2012.11.05 09:59:00 | 000,184,414 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\bd5179a413bc0c4b82eedc22c6cab101\re.dll MOD - [2012.11.05 09:59:00 | 000,024,701 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\93e7e3d6030f426844228042348210cf\Service.dll MOD - [2012.11.05 09:58:59 | 000,094,334 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\eb138ef0e4282611dbf485a302784646\LibYAML.dll MOD - [2012.11.05 09:58:59 | 000,061,540 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\e56c61f7248672819579325af3387035\POSIX.dll MOD - [2012.11.05 09:58:59 | 000,053,340 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll MOD - [2012.11.05 09:58:59 | 000,024,676 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll MOD - [2012.11.05 09:58:58 | 000,082,033 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll MOD - [2012.11.05 09:58:58 | 000,036,964 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\f233f63b6654362865c7577442edb9e3\Win32.dll MOD - [2012.11.05 09:58:58 | 000,020,590 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll MOD - [2012.11.05 09:58:58 | 000,020,576 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll MOD - [2012.11.05 09:58:57 | 000,118,918 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll MOD - [2012.11.05 09:58:57 | 000,082,048 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll MOD - [2012.11.05 09:58:56 | 000,032,878 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll MOD - [2012.11.05 09:58:56 | 000,028,779 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll MOD - [2012.11.05 09:58:56 | 000,024,701 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll MOD - [2012.11.05 09:58:56 | 000,020,601 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\4461f48e31bde5c56b31b973b773de09\List.dll MOD - [2012.11.05 09:58:55 | 000,024,679 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\c5cce8d16a1bd48692b421dcf46d3396\Util.dll MOD - [2012.11.05 09:58:53 | 000,028,774 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Temp\pdk-Murlain-2944\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll MOD - [2012.11.05 09:52:00 | 000,050,477 | ---- | M] () -- H:\Defogger.exe MOD - [2012.11.04 22:55:00 | 001,827,840 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12110401\algo.dll MOD - [2012.07.03 21:07:10 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.07.03 21:05:15 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.07.03 21:04:59 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.07.03 21:02:56 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.07.03 21:02:53 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.11 17:36:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.11 17:33:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.11 17:31:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.11 17:30:54 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010.07.30 18:04:12 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.30 18:04:10 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2007.05.14 13:24:00 | 000,098,304 | ---- | M] () -- C:\Programme\Dell\QuickSet\dadkeyb.dll MOD - [2007.03.16 17:10:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll MOD - [2007.03.16 17:10:38 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2005.10.13 12:53:36 | 000,090,223 | ---- | M] () -- C:\Programme\Dell\QuickSet\preflibcl.dll MOD - [2005.02.16 08:18:16 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\tardisnt.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance) SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.21 10:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.02.16 08:18:16 | 000,233,472 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\tardisnt.exe -- (Tardis) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Ultrastar Deluxe\zlportio.sys -- (zlportio) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.08.21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 10:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2012.08.21 10:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 10:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.08.21 10:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.08.21 10:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW) DRV - [2012.08.21 10:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.06.03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd) DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.02.24 10:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.09.06 21:10:01 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis) DRV - [2011.07.29 12:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010.11.09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010.09.02 09:55:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.07.09 12:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.05.11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 03:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2010.04.27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.06.10 10:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2009.06.10 10:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini) DRV - [2009.02.20 19:09:16 | 000,044,032 | R--- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2007.05.10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007.05.01 14:39:00 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFFB5.sys -- (SaiHFFB5) DRV - [2007.05.01 14:39:00 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiIFFB5.sys -- (SaiIFFB5) DRV - [2007.03.16 17:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.21 03:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.10.11 20:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.07.01 22:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005.08.12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/tb/mff_startpage" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.6 FF - prefs.js..extensions.enabledItems: {01c29d60-f7f0-416c-844a-ec8b2e1841d0}:1.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.22 12:19:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.08.24 09:14:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.04 20:32:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.04 20:32:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.11.04 20:23:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.11.04 20:23:12 | 000,000,000 | ---D | M] [2010.07.30 15:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Extensions [2010.07.30 15:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.04 20:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions [2010.07.30 15:22:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.04 20:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.11.04 20:22:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2012.09.17 09:31:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\ich@maltegoetz.de [2012.10.14 18:13:53 | 000,005,490 | -H-- | M] () (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2012.07.25 08:05:52 | 000,741,958 | -H-- | M] () (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.23 17:13:33 | 000,000,933 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\11-suche.xml [2012.02.23 17:13:33 | 000,002,419 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\englische-ergebnisse.xml [2012.02.23 17:13:33 | 000,010,525 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\gmx-suche.xml [2011.07.02 13:30:54 | 000,002,492 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\ixquick-https.xml [2012.02.23 17:13:33 | 000,002,457 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\lastminute.xml [2012.02.23 17:13:33 | 000,005,508 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\webde-suche.xml [2012.11.04 20:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 20:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.30 10:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\updated\extensions [2012.11.04 20:23:32 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\updated\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.30 10:57:01 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.07 09:39:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2004.08.04 11:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2012.11.04 20:20:07 | 000,000,000 | -H-D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Media Server-Taskleisten-Tool.lnk = C:\Programme\Squeezebox\SqueezeTray.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280507214531 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:AutorunsDisabled () - O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.29 18:31:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.05 09:56:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Murlain\Recent [2012.11.05 07:57:00 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\02455266.sys [2012.11.05 07:56:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.04 20:48:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Malwarebytes [2012.11.04 20:48:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.04 20:48:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.04 20:48:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.04 20:48:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.04 20:32:50 | 000,000,000 | ---D | C] -- C:\Programme\RelevantKnowledge(2) [2012.11.04 20:32:49 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2012.11.04 20:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.11.04 20:32:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Desktop\Fotos Handy [2012.11.04 20:32:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Desktop\Fahrtkostenabrechnung [2012.11.04 20:27:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLAC [2012.11.04 20:23:10 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.11.04 20:21:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft [2012.11.04 20:21:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft [2012.11.04 20:21:20 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2012.11.04 13:21:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft(2) [2012.11.04 13:21:01 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft(2) [2012.10.14 18:23:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\.oit [2012.10.14 17:57:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Anwendungsdaten\GlobalGraphics [2012.10.14 17:39:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Global Graphics [2012.10.14 17:33:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Global Graphics [2012.10.14 17:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Global Graphics [2012.10.14 17:02:10 | 000,000,000 | ---D | C] -- C:\Programme\Global Graphics [2012.10.14 12:29:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Murlain\Eigene Dateien\My Videos [2012.10.14 12:28:45 | 000,000,000 | ---D | C] -- C:\AllShare [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.05 09:59:11 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.05 09:57:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.05 09:57:38 | 1876,996,096 | -HS- | M] () -- C:\hiberfil.sys [2012.11.05 09:56:46 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\defogger_reenable [2012.11.05 09:54:33 | 000,486,186 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.05 09:54:33 | 000,466,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.05 09:54:33 | 000,088,698 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.05 09:54:33 | 000,074,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.05 07:57:00 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\02455266.sys [2012.11.04 20:40:43 | 000,001,659 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Internet Security.lnk [2012.11.04 20:40:37 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.11.04 19:09:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.04 18:53:35 | 162,697,216 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2012.10.22 09:46:41 | 000,440,892 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\2011_01_01_aishe1000.jpg [2012.10.14 12:09:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.05 09:56:36 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Murlain\defogger_reenable [2012.11.05 09:50:13 | 1876,996,096 | -HS- | C] () -- C:\hiberfil.sys [2012.11.04 20:40:43 | 000,001,659 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Internet Security.lnk [2012.10.22 09:46:41 | 000,440,892 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\2011_01_01_aishe1000.jpg [2012.08.22 09:48:02 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2012.08.22 09:48:02 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2012.08.22 09:48:02 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2012.08.22 09:48:02 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2012.08.22 09:48:01 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2012.05.29 19:22:39 | 000,125,240 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.02.15 22:02:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.31 18:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.10.16 18:23:21 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.10.05 09:31:45 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\VISCDUN7.DLL [2011.10.05 09:31:45 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\VISCDUNR.DLL [2011.10.05 09:31:45 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\VISCDRTL.DLL [2011.10.05 09:31:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\VISCDUNA.DLL [2011.09.22 11:03:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011.09.22 11:03:41 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011.09.22 11:03:41 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011.09.22 11:03:40 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011.06.02 17:38:35 | 000,883,534 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1214440339-1606980848-1417001333-1003-0.dat [2011.06.02 17:38:34 | 000,254,806 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.12.03 10:39:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.12.03 10:39:10 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.12.03 10:39:05 | 000,002,528 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\$_hpcst$.hpc [2010.11.09 13:15:34 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.09.02 20:00:59 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.30 20:25:09 | 000,011,457 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\SCScrnShot_073010_212509.pcx [2010.07.29 18:44:25 | 003,407,872 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\NTUSER.bak ========== ZeroAccess Check ========== [2010.07.30 11:51:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 17:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.10.17 12:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2010.09.02 09:07:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.07.30 19:41:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.09.29 10:37:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP [2011.09.29 10:37:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2 [2010.09.02 09:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.05.08 12:37:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.08.08 09:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG [2012.08.17 12:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin [2011.11.16 15:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gigaset QuickSync [2012.10.14 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Global Graphics [2010.08.12 17:25:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Saitek [2012.02.16 19:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2012.10.03 20:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Squeezebox [2012.10.18 10:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\.oit [2010.09.02 09:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Canneverbe Limited [2012.06.10 17:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\CasaPortale.de [2011.10.17 10:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\DAEMON Tools Lite [2010.08.16 15:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\diginet [2012.06.10 18:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Dropbox [2012.11.04 20:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\DVDVideoSoft [2011.10.10 10:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\EAC [2012.08.16 09:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\elsterformular [2011.10.14 08:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Foxit Software [2012.11.04 14:25:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Free Download Manager [2012.08.17 12:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Garmin [2012.10.14 17:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Global Graphics [2011.01.12 22:38:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\GrabPro [2012.06.24 10:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\HandBrake [2011.01.28 22:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\JGoodies [2010.12.07 17:34:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\LolClient [2011.10.17 10:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Miranda Fusion [2012.11.02 11:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mp3tag [2010.07.31 12:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\OpenOffice.org [2011.01.12 22:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Orbit [2010.07.30 18:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\PersBackup5 [2011.01.12 22:38:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\ProgSense [2012.10.14 12:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung [2012.04.11 21:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Steganos [2010.08.19 11:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\TheLastRipper [2010.07.30 15:26:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Thunderbird ========== Purity Check ========== < End of report > 3. Ich nutze Windows XP Prof. 32bit Gmer habe ich laufen lassen. --> Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-05 15:54:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: sfvn701b.exe; Driver: C:\DOKUME~1\Murlain\LOKALE~1\Temp\kwldqkob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8EBB708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8F8E7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA8EBC11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8EFD401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8EC6F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8EC6F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8EC70F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8EFCDB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8EC6E96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8EC6FB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8EC6EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA8EBC310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8EC70B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA8EBCA9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8EBB756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8EFDAC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA8EFDD7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA8EC00E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8EFD932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8EFD79D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8F8E8AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8EBB3BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8EBB7A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8EC0456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8EBD464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8EC6F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8EC6F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8EC711A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8EFD111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8EC6EBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8EBFC5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA8EC703A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8EC6F06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8EBFE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8EC70D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8F8EA2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8EFD618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8EBD330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8EFD46A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA8EBCEDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8F9A30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8EFC428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA8EBB7F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8EBB840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA8EBC91C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8EBB448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8EBB5F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8EFDBCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8EBB59E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA8EBCBFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA8EBCD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA8EBB668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA8EBC632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA8EBC794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8EBB88E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA8EBC160]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8FA6966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 805045E0 4 Bytes [AC, E8, F8, A8]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E00 805046B8 4 Bytes JMP F004A8F8
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 805047E0 12 Bytes [F2, B7, EB, A8, 40, B8, EB, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [FE, CB, EB, A8, 5A, CD, EB, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A8EBDAF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A8FA3806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A8FA5320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A8FA696A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A8EC1A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A8EC195E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A8EC1918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP A8EC0FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP A8EC06E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP A8EC1BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP A8EC1DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP A8EC181E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP A8EC05AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP A8EC108C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP A8EC0B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP A8EC0E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP A8EC0592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP A8EC19A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP A8EC0C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP A8EC0DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP A8EC10A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP A8EC1B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP A8EC1D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP A8EC0FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP A8EC0756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP A8EC0866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP A8EC093E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP A8EC0A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP A8EC048C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP A8EC0FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP A8EC0682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP A8EC0812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP A8EC0F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP A8EC1C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[320] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\bcmwltry.exe[320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\afwServ.exe[328] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\afwServ.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[468] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[468] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[516] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre6\bin\jqs.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\CDBurnerXP\NMSAccessU.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\CDBurnerXP\NMSAccessU.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\tardisnt.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\tardisnt.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1324] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2388] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe[2644] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2684] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\WLTRAY.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\WLTRAY.exe[2708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\WLTRAY.exe[2708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\WLTRAY.exe[2708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\WLTRAY.exe[2708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\WLTRAY.exe[2708] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\WLTRAY.exe[2708] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\WLTRAY.exe[2708] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\Dell\QuickSet\quickset.exe[2744] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Dell\QuickSet\quickset.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[2812] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Programme\AVAST Software\Avast\avastUI.exe[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3148] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3300] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text H:\sfvn701b.exe[3428] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text H:\sfvn701b.exe[3428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3452] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3452] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3460] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3460] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text H:\Defogger.exe[3696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text H:\Defogger.exe[3696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0xDC 0x21 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xBF 0xDA 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xE7 0x8C 0xFA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0xDC 0x21 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xBF 0xDA 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xE7 0x8C 0xFA ...
---- EOF - GMER 1.0.15 ----
Unhide habe ich noch nicht laufen lassen, da die versteckten Dateien bisher das kleinste Problem waren. Wäre super, wenn ihr mir helfen könntet! |
|
07.11.2012, 13:49
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Poste bitte alle Logs vom TDSS-Killer!
__________________ |
|
07.11.2012, 15:16
| #3 |
| | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Hallo cosinus und vielen Dank erst einmal, dass du dich meines Problems annimmst.
__________________Bei Combofix hatte ich hier im Forum gelesen, dass man es nicht ohne Anweisung einsetzen soll. TDSS-Killer habe ich eingesetzt, weil es im "HDD Repair entfernen"-Thread so empfohlen wurde. Die Logfiles von TDSS-Killer hatte ich nicht gefunden, da ich nicht darauf kam, dass sie im Root-Verzeichnis abgespeichert werden. Hier also die Logs: 1) Code:
ATTFilter 07:53:47.0412 2460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:53:47.0677 2460 ============================================================
07:53:47.0677 2460 Current date / time: 2012/11/05 07:53:47.0677
07:53:47.0677 2460 SystemInfo:
07:53:47.0677 2460
07:53:47.0677 2460 OS Version: 5.1.2600 ServicePack: 3.0
07:53:47.0677 2460 Product type: Workstation
07:53:47.0677 2460 ComputerName: MURLAIN-LAPTOP
07:53:47.0677 2460 UserName: Murlain
07:53:47.0677 2460 Windows directory: C:\WINDOWS
07:53:47.0677 2460 System windows directory: C:\WINDOWS
07:53:47.0677 2460 Processor architecture: Intel x86
07:53:47.0677 2460 Number of processors: 2
07:53:47.0677 2460 Page size: 0x1000
07:53:47.0677 2460 Boot type: Normal boot
07:53:47.0677 2460 ============================================================
07:53:49.0052 2460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:53:49.0052 2460 Drive \Device\Harddisk1\DR4 - Size: 0x3D700000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:53:49.0068 2460 ============================================================
07:53:49.0068 2460 \Device\Harddisk0\DR0:
07:53:49.0068 2460 MBR partitions:
07:53:49.0068 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
07:53:49.0084 2460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x4E1EDEC
07:53:49.0099 2460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
07:53:49.0099 2460 \Device\Harddisk1\DR4:
07:53:49.0099 2460 MBR partitions:
07:53:49.0099 2460 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EB7C1
07:53:49.0099 2460 ============================================================
07:53:49.0130 2460 C: <-> \Device\Harddisk0\DR0\Partition1
07:53:49.0146 2460 D: <-> \Device\Harddisk0\DR0\Partition2
07:53:49.0177 2460 E: <-> \Device\Harddisk0\DR0\Partition3
07:53:49.0177 2460 ============================================================
07:53:49.0177 2460 Initialize success
07:53:49.0177 2460 ============================================================
07:54:02.0912 0428 ============================================================
07:54:02.0912 0428 Scan started
07:54:02.0912 0428 Mode: Manual;
07:54:02.0912 0428 ============================================================
07:54:03.0505 0428 ================ Scan system memory ========================
07:54:03.0505 0428 System memory - ok
07:54:03.0505 0428 ================ Scan services =============================
07:54:03.0646 0428 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
07:54:03.0646 0428 Aavmker4 - ok
07:54:03.0646 0428 Abiosdsk - ok
07:54:03.0662 0428 abp480n5 - ok
07:54:03.0693 0428 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:54:03.0693 0428 ACPI - ok
07:54:03.0724 0428 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:54:03.0724 0428 ACPIEC - ok
07:54:03.0724 0428 adpu160m - ok
07:54:03.0755 0428 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:54:03.0771 0428 aec - ok
07:54:03.0802 0428 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:54:03.0802 0428 AFD - ok
07:54:03.0802 0428 Aha154x - ok
07:54:03.0818 0428 aic78u2 - ok
07:54:03.0818 0428 aic78xx - ok
07:54:03.0849 0428 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:54:03.0865 0428 Alerter - ok
07:54:03.0880 0428 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
07:54:03.0880 0428 ALG - ok
07:54:03.0880 0428 AliIde - ok
07:54:03.0912 0428 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
07:54:03.0927 0428 AmdK8 - ok
07:54:03.0927 0428 amsint - ok
07:54:03.0959 0428 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
07:54:03.0959 0428 APPDRV - ok
07:54:03.0990 0428 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:54:04.0005 0428 AppMgmt - ok
07:54:04.0021 0428 asc - ok
07:54:04.0037 0428 asc3350p - ok
07:54:04.0052 0428 asc3550 - ok
07:54:04.0146 0428 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:54:04.0146 0428 aspnet_state - ok
07:54:04.0177 0428 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
07:54:04.0177 0428 aswFsBlk - ok
07:54:04.0209 0428 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
07:54:04.0209 0428 aswFW - ok
07:54:04.0255 0428 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
07:54:04.0255 0428 aswKbd - ok
07:54:04.0287 0428 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
07:54:04.0302 0428 aswMon2 - ok
07:54:04.0302 0428 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
07:54:04.0302 0428 aswNdis - ok
07:54:04.0318 0428 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
07:54:04.0318 0428 aswNdis2 - ok
07:54:04.0334 0428 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
07:54:04.0349 0428 aswRdr - ok
07:54:04.0380 0428 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
07:54:04.0396 0428 aswSnx - ok
07:54:04.0427 0428 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
07:54:04.0427 0428 aswSP - ok
07:54:04.0443 0428 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
07:54:04.0443 0428 aswTdi - ok
07:54:04.0490 0428 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:54:04.0490 0428 AsyncMac - ok
07:54:04.0490 0428 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:54:04.0490 0428 atapi - ok
07:54:04.0505 0428 Atdisk - ok
07:54:04.0552 0428 [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
07:54:04.0552 0428 Ati HotKey Poller - ok
07:54:04.0646 0428 [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:54:04.0693 0428 ati2mtag - ok
07:54:04.0709 0428 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:54:04.0709 0428 Atmarpc - ok
07:54:04.0755 0428 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:54:04.0755 0428 AudioSrv - ok
07:54:04.0787 0428 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:54:04.0802 0428 audstub - ok
07:54:04.0880 0428 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
07:54:04.0880 0428 avast! Antivirus - ok
07:54:04.0896 0428 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Programme\AVAST Software\Avast\afwServ.exe
07:54:04.0896 0428 avast! Firewall - ok
07:54:04.0959 0428 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
07:54:04.0974 0428 BCM43XX - ok
07:54:05.0005 0428 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
07:54:05.0005 0428 bcm4sbxp - ok
07:54:05.0037 0428 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:54:05.0037 0428 Beep - ok
07:54:05.0068 0428 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
07:54:05.0084 0428 BITS - ok
07:54:05.0130 0428 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
07:54:05.0130 0428 Browser - ok
07:54:05.0146 0428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:54:05.0162 0428 cbidf2k - ok
07:54:05.0162 0428 cd20xrnt - ok
07:54:05.0209 0428 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:54:05.0209 0428 Cdaudio - ok
07:54:05.0255 0428 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:54:05.0255 0428 Cdfs - ok
07:54:05.0255 0428 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:54:05.0255 0428 Cdrom - ok
07:54:05.0302 0428 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
07:54:05.0302 0428 cercsr6 - ok
07:54:05.0302 0428 Changer - ok
07:54:05.0334 0428 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:54:05.0349 0428 CiSvc - ok
07:54:05.0380 0428 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:54:05.0380 0428 ClipSrv - ok
07:54:05.0412 0428 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:54:05.0412 0428 clr_optimization_v2.0.50727_32 - ok
07:54:05.0474 0428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:54:05.0474 0428 clr_optimization_v4.0.30319_32 - ok
07:54:05.0505 0428 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:54:05.0505 0428 CmBatt - ok
07:54:05.0505 0428 CmdIde - ok
07:54:05.0537 0428 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:54:05.0537 0428 Compbatt - ok
07:54:05.0537 0428 COMSysApp - ok
07:54:05.0552 0428 Cpqarray - ok
07:54:05.0584 0428 [ 743C403D20A89DB5ED84C874768B7119 ] cpuz133 C:\WINDOWS\system32\drivers\cpuz133_x32.sys
07:54:05.0584 0428 cpuz133 - ok
07:54:05.0615 0428 [ 75FA19142531CBF490770C2988A7DB64 ] cpuz134 C:\WINDOWS\system32\drivers\cpuz134_x32.sys
07:54:05.0615 0428 cpuz134 - ok
07:54:05.0630 0428 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
07:54:05.0630 0428 cpuz135 - ok
07:54:05.0677 0428 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:54:05.0677 0428 CryptSvc - ok
07:54:05.0724 0428 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:54:05.0724 0428 CVirtA - ok
07:54:05.0802 0428 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
07:54:05.0849 0428 CVPND - ok
07:54:05.0896 0428 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:54:05.0912 0428 CVPNDRVA - ok
07:54:05.0927 0428 dac2w2k - ok
07:54:05.0943 0428 dac960nt - ok
07:54:05.0990 0428 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:54:06.0005 0428 DcomLaunch - ok
07:54:06.0068 0428 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
07:54:06.0068 0428 dg_ssudbus - ok
07:54:06.0115 0428 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:54:06.0115 0428 Dhcp - ok
07:54:06.0177 0428 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:54:06.0177 0428 Disk - ok
07:54:06.0193 0428 dmadmin - ok
07:54:06.0240 0428 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:54:06.0255 0428 dmboot - ok
07:54:06.0271 0428 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:54:06.0287 0428 dmio - ok
07:54:06.0318 0428 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:54:06.0318 0428 dmload - ok
07:54:06.0365 0428 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:54:06.0365 0428 dmserver - ok
07:54:06.0412 0428 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:54:06.0427 0428 DMusic - ok
07:54:06.0443 0428 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:54:06.0443 0428 DNE - ok
07:54:06.0490 0428 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:54:06.0505 0428 Dnscache - ok
07:54:06.0537 0428 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:54:06.0552 0428 Dot3svc - ok
07:54:06.0568 0428 dpti2o - ok
07:54:06.0599 0428 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:54:06.0599 0428 drmkaud - ok
07:54:06.0646 0428 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
07:54:06.0646 0428 dvd43llh - ok
07:54:06.0693 0428 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:54:06.0693 0428 EapHost - ok
07:54:06.0740 0428 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
07:54:06.0740 0428 epmntdrv - ok
07:54:06.0771 0428 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:54:06.0771 0428 ERSvc - ok
07:54:06.0818 0428 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
07:54:06.0818 0428 EuGdiDrv - ok
07:54:06.0865 0428 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
07:54:06.0880 0428 Eventlog - ok
07:54:06.0927 0428 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
07:54:06.0943 0428 EventSystem - ok
07:54:06.0974 0428 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:54:06.0990 0428 Fastfat - ok
07:54:07.0037 0428 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:54:07.0052 0428 FastUserSwitchingCompatibility - ok
07:54:07.0084 0428 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
07:54:07.0084 0428 Fdc - ok
07:54:07.0099 0428 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:54:07.0099 0428 Fips - ok
07:54:07.0115 0428 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:54:07.0115 0428 Flpydisk - ok
07:54:07.0162 0428 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:54:07.0177 0428 FltMgr - ok
07:54:07.0240 0428 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:54:07.0240 0428 FontCache3.0.0.0 - ok
07:54:07.0287 0428 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
07:54:07.0287 0428 FsUsbExDisk - ok
07:54:07.0318 0428 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:54:07.0318 0428 Fs_Rec - ok
07:54:07.0349 0428 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:54:07.0349 0428 Ftdisk - ok
07:54:07.0380 0428 [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\WINDOWS\system32\DRIVERS\GigasetGenericUSB.sys
07:54:07.0396 0428 GigasetGenericUSB - ok
07:54:07.0412 0428 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:54:07.0412 0428 Gpc - ok
07:54:07.0443 0428 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
07:54:07.0443 0428 grmnusb - ok
07:54:07.0490 0428 gupdate - ok
07:54:07.0490 0428 gupdatem - ok
07:54:07.0521 0428 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:54:07.0537 0428 HDAudBus - ok
07:54:07.0630 0428 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:54:07.0630 0428 helpsvc - ok
07:54:07.0662 0428 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
07:54:07.0677 0428 HidServ - ok
07:54:07.0724 0428 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:54:07.0724 0428 HidUsb - ok
07:54:07.0755 0428 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:54:07.0771 0428 hkmsvc - ok
07:54:07.0787 0428 hpn - ok
07:54:07.0865 0428 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
07:54:07.0896 0428 HSF_DPV - ok
07:54:07.0912 0428 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
07:54:07.0927 0428 HSXHWAZL - ok
07:54:07.0974 0428 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:54:07.0990 0428 HTTP - ok
07:54:08.0021 0428 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:54:08.0037 0428 HTTPFilter - ok
07:54:08.0052 0428 i2omgmt - ok
07:54:08.0068 0428 i2omp - ok
07:54:08.0115 0428 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:54:08.0115 0428 i8042prt - ok
07:54:08.0209 0428 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:54:08.0240 0428 idsvc - ok
07:54:08.0287 0428 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:54:08.0287 0428 Imapi - ok
07:54:08.0349 0428 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
07:54:08.0365 0428 ImapiService - ok
07:54:08.0380 0428 ini910u - ok
07:54:08.0412 0428 IntelIde - ok
07:54:08.0443 0428 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:54:08.0459 0428 Ip6Fw - ok
07:54:08.0490 0428 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:54:08.0505 0428 IpFilterDriver - ok
07:54:08.0537 0428 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:54:08.0537 0428 IpInIp - ok
07:54:08.0552 0428 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:54:08.0552 0428 IpNat - ok
07:54:08.0584 0428 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:54:08.0584 0428 IPSec - ok
07:54:08.0599 0428 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:54:08.0599 0428 IRENUM - ok
07:54:08.0646 0428 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:54:08.0646 0428 isapnp - ok
07:54:08.0740 0428 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
07:54:08.0740 0428 JavaQuickStarterService - ok
07:54:08.0755 0428 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:54:08.0771 0428 Kbdclass - ok
07:54:08.0787 0428 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:54:08.0787 0428 kbdhid - ok
07:54:08.0802 0428 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:54:08.0818 0428 kmixer - ok
07:54:08.0849 0428 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:54:08.0849 0428 KSecDD - ok
07:54:08.0880 0428 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:54:08.0896 0428 lanmanserver - ok
07:54:08.0912 0428 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:54:08.0927 0428 lanmanworkstation - ok
07:54:08.0943 0428 lbrtfdc - ok
07:54:08.0974 0428 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:54:08.0974 0428 LmHosts - ok
07:54:08.0990 0428 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:54:08.0990 0428 mdmxsdk - ok
07:54:09.0037 0428 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:54:09.0037 0428 Messenger - ok
07:54:09.0068 0428 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:54:09.0068 0428 mnmdd - ok
07:54:09.0099 0428 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:54:09.0099 0428 mnmsrvc - ok
07:54:09.0130 0428 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:54:09.0130 0428 Modem - ok
07:54:09.0146 0428 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:54:09.0162 0428 Mouclass - ok
07:54:09.0193 0428 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:54:09.0193 0428 mouhid - ok
07:54:09.0240 0428 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:54:09.0240 0428 MountMgr - ok
07:54:09.0271 0428 MozillaMaintenance - ok
07:54:09.0271 0428 mraid35x - ok
07:54:09.0287 0428 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:54:09.0287 0428 MRxDAV - ok
07:54:09.0334 0428 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:54:09.0349 0428 MRxSmb - ok
07:54:09.0380 0428 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:54:09.0380 0428 MSDTC - ok
07:54:09.0396 0428 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:54:09.0396 0428 Msfs - ok
07:54:09.0396 0428 MSIServer - ok
07:54:09.0427 0428 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:54:09.0427 0428 MSKSSRV - ok
07:54:09.0459 0428 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:54:09.0459 0428 MSPCLOCK - ok
07:54:09.0474 0428 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:54:09.0474 0428 MSPQM - ok
07:54:09.0505 0428 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:54:09.0505 0428 mssmbios - ok
07:54:09.0552 0428 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:54:09.0552 0428 Mup - ok
07:54:09.0584 0428 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
07:54:09.0615 0428 napagent - ok
07:54:09.0630 0428 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:54:09.0646 0428 NDIS - ok
07:54:09.0677 0428 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:54:09.0693 0428 NdisTapi - ok
07:54:09.0709 0428 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:54:09.0709 0428 Ndisuio - ok
07:54:09.0724 0428 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:54:09.0724 0428 NdisWan - ok
07:54:09.0787 0428 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:54:09.0787 0428 NDProxy - ok
07:54:09.0802 0428 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:54:09.0818 0428 NetBIOS - ok
07:54:09.0818 0428 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:54:09.0818 0428 NetBT - ok
07:54:09.0849 0428 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
07:54:09.0865 0428 NetDDE - ok
07:54:09.0865 0428 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:54:09.0880 0428 NetDDEdsdm - ok
07:54:09.0912 0428 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:54:09.0912 0428 Netlogon - ok
07:54:09.0959 0428 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
07:54:09.0974 0428 Netman - ok
07:54:10.0005 0428 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:54:10.0005 0428 NetTcpPortSharing - ok
07:54:10.0037 0428 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
07:54:10.0037 0428 Nla - ok
07:54:10.0084 0428 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
07:54:10.0084 0428 NMSAccess - ok
07:54:10.0099 0428 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:54:10.0099 0428 Npfs - ok
07:54:10.0130 0428 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:54:10.0146 0428 Ntfs - ok
07:54:10.0146 0428 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:54:10.0162 0428 NtLmSsp - ok
07:54:10.0193 0428 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:54:10.0209 0428 NtmsSvc - ok
07:54:10.0240 0428 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:54:10.0255 0428 Null - ok
07:54:10.0271 0428 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:54:10.0287 0428 NwlnkFlt - ok
07:54:10.0287 0428 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:54:10.0287 0428 NwlnkFwd - ok
07:54:10.0365 0428 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
07:54:10.0396 0428 odserv - ok
07:54:10.0427 0428 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
07:54:10.0427 0428 ose - ok
07:54:10.0443 0428 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
07:54:10.0459 0428 Parport - ok
07:54:10.0459 0428 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:54:10.0459 0428 PartMgr - ok
07:54:10.0490 0428 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:54:10.0490 0428 ParVdm - ok
07:54:10.0505 0428 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:54:10.0505 0428 PCI - ok
07:54:10.0505 0428 PCIDump - ok
07:54:10.0521 0428 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:54:10.0521 0428 PCIIde - ok
07:54:10.0537 0428 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:54:10.0552 0428 Pcmcia - ok
07:54:10.0552 0428 PDCOMP - ok
07:54:10.0552 0428 PDFRAME - ok
07:54:10.0568 0428 PDRELI - ok
07:54:10.0568 0428 PDRFRAME - ok
07:54:10.0584 0428 perc2 - ok
07:54:10.0584 0428 perc2hib - ok
07:54:10.0599 0428 pflt - ok
07:54:10.0630 0428 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
07:54:10.0646 0428 PlugPlay - ok
07:54:10.0662 0428 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:54:10.0662 0428 PolicyAgent - ok
07:54:10.0677 0428 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:54:10.0677 0428 PptpMiniport - ok
07:54:10.0693 0428 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
07:54:10.0693 0428 Processor - ok
07:54:10.0709 0428 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:54:10.0709 0428 ProtectedStorage - ok
07:54:10.0740 0428 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:54:10.0740 0428 Ptilink - ok
07:54:10.0755 0428 ql1080 - ok
07:54:10.0755 0428 Ql10wnt - ok
07:54:10.0771 0428 ql12160 - ok
07:54:10.0771 0428 ql1240 - ok
07:54:10.0787 0428 ql1280 - ok
07:54:10.0787 0428 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:54:10.0802 0428 RasAcd - ok
07:54:10.0818 0428 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:54:10.0834 0428 RasAuto - ok
07:54:10.0849 0428 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:54:10.0865 0428 Rasl2tp - ok
07:54:10.0880 0428 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:54:10.0912 0428 RasMan - ok
07:54:10.0912 0428 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:54:10.0927 0428 RasPppoe - ok
07:54:10.0927 0428 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:54:10.0927 0428 Raspti - ok
07:54:10.0943 0428 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:54:10.0943 0428 Rdbss - ok
07:54:10.0959 0428 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:54:10.0959 0428 RDPCDD - ok
07:54:10.0990 0428 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:54:10.0990 0428 rdpdr - ok
07:54:11.0021 0428 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:54:11.0037 0428 RDPWD - ok
07:54:11.0068 0428 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:54:11.0099 0428 RDSessMgr - ok
07:54:11.0130 0428 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:54:11.0130 0428 redbook - ok
07:54:11.0162 0428 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:54:11.0177 0428 RemoteAccess - ok
07:54:11.0209 0428 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:54:11.0224 0428 RemoteRegistry - ok
07:54:11.0255 0428 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
07:54:11.0271 0428 rimmptsk - ok
07:54:11.0318 0428 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
07:54:11.0318 0428 RpcLocator - ok
07:54:11.0349 0428 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:54:11.0365 0428 RpcSs - ok
07:54:11.0396 0428 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:54:11.0427 0428 RSVP - ok
07:54:11.0459 0428 [ DE7A2FC379671998865122A08FD9DB52 ] SaiHFFB5 C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys
07:54:11.0459 0428 SaiHFFB5 - ok
07:54:11.0490 0428 [ EC45AB6754E931E4335A99933DA133F5 ] SaiIFFB5 C:\WINDOWS\system32\DRIVERS\SaiIFFB5.sys
07:54:11.0490 0428 SaiIFFB5 - ok
07:54:11.0521 0428 [ A79FBDBC6A979259E38DEA7D29B57619 ] SaiMini C:\WINDOWS\system32\DRIVERS\SaiMini.sys
07:54:11.0537 0428 SaiMini - ok
07:54:11.0552 0428 [ BB20EBA89E0EF39697A1A8728C5685FE ] SaiNtBus C:\WINDOWS\system32\drivers\SaiBus.sys
07:54:11.0552 0428 SaiNtBus - ok
07:54:11.0568 0428 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
07:54:11.0568 0428 SamSs - ok
07:54:11.0599 0428 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:54:11.0615 0428 SCardSvr - ok
07:54:11.0646 0428 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:54:11.0662 0428 Schedule - ok
07:54:11.0693 0428 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:54:11.0693 0428 sdbus - ok
07:54:11.0740 0428 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:54:11.0740 0428 Secdrv - ok
07:54:11.0771 0428 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
07:54:11.0787 0428 seclogon - ok
07:54:11.0818 0428 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
07:54:11.0834 0428 SENS - ok
07:54:11.0849 0428 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
07:54:11.0849 0428 Serial - ok
07:54:11.0896 0428 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
07:54:11.0896 0428 sffdisk - ok
07:54:11.0896 0428 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
07:54:11.0896 0428 sffp_sd - ok
07:54:11.0927 0428 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:54:11.0927 0428 Sfloppy - ok
07:54:11.0959 0428 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:54:11.0990 0428 SharedAccess - ok
07:54:12.0005 0428 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:54:12.0005 0428 ShellHWDetection - ok
07:54:12.0021 0428 Simbad - ok
07:54:12.0068 0428 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
07:54:12.0068 0428 SkypeUpdate - ok
07:54:12.0084 0428 Sparrow - ok
07:54:12.0115 0428 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:54:12.0130 0428 splitter - ok
07:54:12.0162 0428 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:54:12.0177 0428 Spooler - ok
07:54:12.0224 0428 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
07:54:12.0240 0428 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
07:54:12.0240 0428 sptd ( LockedFile.Multi.Generic ) - warning
07:54:12.0240 0428 sptd - detected LockedFile.Multi.Generic (1)
07:54:12.0255 0428 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:54:12.0255 0428 sr - ok
07:54:12.0302 0428 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
07:54:12.0318 0428 srservice - ok
07:54:12.0365 0428 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:54:12.0365 0428 Srv - ok
07:54:12.0412 0428 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
07:54:12.0412 0428 sscebus - ok
07:54:12.0443 0428 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
07:54:12.0443 0428 sscemdfl - ok
07:54:12.0474 0428 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
07:54:12.0474 0428 sscemdm - ok
07:54:12.0505 0428 [ 60CD4AD33AA52E58FAAC3ABAD18CF8EF ] ssceserd C:\WINDOWS\system32\DRIVERS\ssceserd.sys
07:54:12.0521 0428 ssceserd - ok
07:54:12.0552 0428 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:54:12.0568 0428 SSDPSRV - ok
07:54:12.0630 0428 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
07:54:12.0646 0428 ssudmdm - ok
07:54:12.0677 0428 [ F1567D6CA46E2233AE626FB4FAABACEF ] ssudserd C:\WINDOWS\system32\DRIVERS\ssudserd.sys
07:54:12.0693 0428 ssudserd - ok
07:54:12.0740 0428 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
07:54:12.0755 0428 ss_bbus - ok
07:54:12.0787 0428 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
07:54:12.0787 0428 ss_bmdfl - ok
07:54:12.0818 0428 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
07:54:12.0818 0428 ss_bmdm - ok
07:54:12.0865 0428 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
07:54:12.0865 0428 StarOpen - ok
07:54:12.0959 0428 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
07:54:13.0005 0428 STHDA - ok
07:54:13.0052 0428 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:54:13.0084 0428 stisvc - ok
07:54:13.0115 0428 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:54:13.0130 0428 swenum - ok
07:54:13.0146 0428 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:54:13.0162 0428 swmidi - ok
07:54:13.0162 0428 SwPrv - ok
07:54:13.0177 0428 symc810 - ok
07:54:13.0193 0428 symc8xx - ok
07:54:13.0209 0428 sym_hi - ok
07:54:13.0240 0428 sym_u3 - ok
07:54:13.0271 0428 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:54:13.0287 0428 SynTP - ok
07:54:13.0302 0428 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:54:13.0302 0428 sysaudio - ok
07:54:13.0334 0428 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:54:13.0334 0428 SysmonLog - ok
07:54:13.0365 0428 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:54:13.0380 0428 TapiSrv - ok
07:54:13.0412 0428 [ 9333FBD7F56B6253AEA877663A0AFAC2 ] Tardis C:\WINDOWS\system32\tardisnt.exe
07:54:13.0427 0428 Tardis - ok
07:54:13.0443 0428 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:54:13.0443 0428 Tcpip - ok
07:54:13.0474 0428 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:54:13.0490 0428 TDPIPE - ok
07:54:13.0490 0428 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:54:13.0490 0428 TDTCP - ok
07:54:13.0505 0428 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:54:13.0521 0428 TermDD - ok
07:54:13.0537 0428 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
07:54:13.0552 0428 TermService - ok
07:54:13.0568 0428 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
07:54:13.0584 0428 Themes - ok
07:54:13.0615 0428 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:54:13.0630 0428 TlntSvr - ok
07:54:13.0630 0428 TosIde - ok
07:54:13.0662 0428 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:54:13.0662 0428 TrkWks - ok
07:54:13.0693 0428 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:54:13.0693 0428 Udfs - ok
07:54:13.0693 0428 UIUSys - ok
07:54:13.0709 0428 ultra - ok
07:54:13.0740 0428 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
07:54:13.0740 0428 UnlockerDriver5 - ok
07:54:13.0787 0428 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:54:13.0802 0428 Update - ok
07:54:13.0818 0428 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:54:13.0834 0428 upnphost - ok
07:54:13.0834 0428 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
07:54:13.0849 0428 UPS - ok
07:54:13.0880 0428 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:54:13.0880 0428 usbaudio - ok
07:54:13.0896 0428 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:54:13.0896 0428 usbccgp - ok
07:54:13.0912 0428 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:54:13.0927 0428 usbehci - ok
07:54:13.0959 0428 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:54:13.0974 0428 usbhub - ok
07:54:13.0974 0428 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:54:13.0974 0428 usbohci - ok
07:54:14.0021 0428 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:54:14.0021 0428 usbprint - ok
07:54:14.0037 0428 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:54:14.0052 0428 usbscan - ok
07:54:14.0068 0428 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:54:14.0068 0428 USBSTOR - ok
07:54:14.0099 0428 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:54:14.0099 0428 VgaSave - ok
07:54:14.0099 0428 ViaIde - ok
07:54:14.0115 0428 vnet - ok
07:54:14.0130 0428 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:54:14.0130 0428 VolSnap - ok
07:54:14.0162 0428 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
07:54:14.0193 0428 vsdatant - ok
07:54:14.0240 0428 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
07:54:14.0255 0428 VSS - ok
07:54:14.0287 0428 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
07:54:14.0302 0428 W32Time - ok
07:54:14.0349 0428 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:54:14.0365 0428 Wanarp - ok
07:54:14.0365 0428 WDICA - ok
07:54:14.0396 0428 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:54:14.0396 0428 wdmaud - ok
07:54:14.0412 0428 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:54:14.0427 0428 WebClient - ok
07:54:14.0474 0428 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
07:54:14.0505 0428 winachsf - ok
07:54:14.0584 0428 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:54:14.0584 0428 winmgmt - ok
07:54:14.0599 0428 wltrysvc - ok
07:54:14.0630 0428 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:54:14.0630 0428 WmdmPmSN - ok
07:54:14.0677 0428 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:54:14.0693 0428 Wmi - ok
07:54:14.0693 0428 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:54:14.0709 0428 WmiAcpi - ok
07:54:14.0755 0428 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:54:14.0755 0428 WmiApSrv - ok
07:54:14.0771 0428 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
07:54:14.0787 0428 WpdUsb - ok
07:54:14.0865 0428 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:54:14.0880 0428 WPFFontCache_v0400 - ok
07:54:14.0912 0428 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:54:14.0927 0428 wscsvc - ok
07:54:14.0959 0428 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:54:14.0974 0428 wuauserv - ok
07:54:15.0005 0428 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:54:15.0005 0428 WudfPf - ok
07:54:15.0021 0428 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:54:15.0021 0428 WudfRd - ok
07:54:15.0052 0428 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:54:15.0068 0428 WudfSvc - ok
07:54:15.0115 0428 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:54:15.0162 0428 WZCSVC - ok
07:54:15.0209 0428 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:54:15.0209 0428 xmlprov - ok
07:54:15.0255 0428 zlportio - ok
07:54:15.0255 0428 ================ Scan global ===============================
07:54:15.0302 0428 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
07:54:15.0334 0428 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
07:54:15.0396 0428 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
07:54:15.0427 0428 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
07:54:15.0443 0428 [Global] - ok
07:54:15.0443 0428 ================ Scan MBR ==================================
07:54:15.0474 0428 [ 1F2659AA9DC6CEAFAB9655071EEB1C34 ] \Device\Harddisk0\DR0
07:54:15.0474 0428 Suspicious mbr (Forged): \Device\Harddisk0\DR0
07:54:15.0505 0428 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
07:54:15.0505 0428 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
07:54:15.0505 0428 [ 3A8C93796FC5CD0B5BEC2CDE9304F0A6 ] \Device\Harddisk1\DR4
07:54:20.0755 0428 \Device\Harddisk1\DR4 - ok
07:54:20.0755 0428 ================ Scan VBR ==================================
07:54:20.0755 0428 [ 7A8086188F83871B26213582D6426944 ] \Device\Harddisk0\DR0\Partition1
07:54:20.0755 0428 \Device\Harddisk0\DR0\Partition1 - ok
07:54:20.0787 0428 [ A305A269F10977DCA17986AC75F7C7B7 ] \Device\Harddisk0\DR0\Partition2
07:54:20.0787 0428 \Device\Harddisk0\DR0\Partition2 - ok
07:54:20.0818 0428 [ B32578388B37D2ADC336262215BCEBF9 ] \Device\Harddisk0\DR0\Partition3
07:54:20.0818 0428 \Device\Harddisk0\DR0\Partition3 - ok
07:54:20.0834 0428 [ 3229B07CB3FE1D804E497B02A7C52CA7 ] \Device\Harddisk1\DR4\Partition1
07:54:20.0834 0428 \Device\Harddisk1\DR4\Partition1 - ok
07:54:20.0834 0428 ============================================================
07:54:20.0834 0428 Scan finished
07:54:20.0834 0428 ============================================================
07:54:20.0865 0852 Detected object count: 2
07:54:20.0865 0852 Actual detected object count: 2
07:56:59.0552 0852 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:56:59.0552 0852 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:57:00.0318 0852 \Device\Harddisk0\DR0\# - copied to quarantine
07:57:00.0318 0852 \Device\Harddisk0\DR0 - copied to quarantine
07:57:00.0459 0852 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
07:57:00.0459 0852 \Device\Harddisk0\DR0 - ok
07:57:00.0459 0852 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
07:57:05.0412 3608 Deinitialize success
2) Code:
ATTFilter 07:59:27.0281 1916 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:59:27.0406 1916 ============================================================
07:59:27.0406 1916 Current date / time: 2012/11/05 07:59:27.0406
07:59:27.0406 1916 SystemInfo:
07:59:27.0406 1916
07:59:27.0406 1916 OS Version: 5.1.2600 ServicePack: 3.0
07:59:27.0406 1916 Product type: Workstation
07:59:27.0406 1916 ComputerName: MURLAIN-LAPTOP
07:59:27.0406 1916 UserName: Murlain
07:59:27.0406 1916 Windows directory: C:\WINDOWS
07:59:27.0406 1916 System windows directory: C:\WINDOWS
07:59:27.0406 1916 Processor architecture: Intel x86
07:59:27.0406 1916 Number of processors: 2
07:59:27.0406 1916 Page size: 0x1000
07:59:27.0406 1916 Boot type: Normal boot
07:59:27.0406 1916 ============================================================
07:59:32.0156 1916 BG loaded
07:59:32.0531 1916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:59:32.0578 1916 Drive \Device\Harddisk1\DR4 - Size: 0x3D700000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:59:32.0578 1916 ============================================================
07:59:32.0578 1916 \Device\Harddisk0\DR0:
07:59:32.0687 1916 MBR partitions:
07:59:32.0687 1916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
07:59:32.0703 1916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x4E1EDEC
07:59:32.0718 1916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
07:59:32.0718 1916 \Device\Harddisk1\DR4:
07:59:32.0718 1916 MBR partitions:
07:59:32.0718 1916 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EB7C1
07:59:32.0718 1916 ============================================================
07:59:33.0031 1916 C: <-> \Device\Harddisk0\DR0\Partition1
07:59:33.0093 1916 D: <-> \Device\Harddisk0\DR0\Partition2
07:59:33.0125 1916 E: <-> \Device\Harddisk0\DR0\Partition3
07:59:33.0125 1916 ============================================================
07:59:33.0125 1916 Initialize success
07:59:33.0125 1916 ============================================================
08:02:17.0410 2652 ============================================================
08:02:17.0410 2652 Scan started
08:02:17.0410 2652 Mode: Manual;
08:02:17.0410 2652 ============================================================
08:02:17.0894 2652 ================ Scan system memory ========================
08:02:17.0894 2652 System memory - ok
08:02:17.0894 2652 ================ Scan services =============================
08:02:18.0003 2652 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
08:02:18.0003 2652 Aavmker4 - ok
08:02:18.0019 2652 Abiosdsk - ok
08:02:18.0019 2652 abp480n5 - ok
08:02:18.0066 2652 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:02:18.0066 2652 ACPI - ok
08:02:18.0082 2652 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:02:18.0097 2652 ACPIEC - ok
08:02:18.0097 2652 adpu160m - ok
08:02:18.0128 2652 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:02:18.0128 2652 aec - ok
08:02:18.0160 2652 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:02:18.0175 2652 AFD - ok
08:02:18.0175 2652 Aha154x - ok
08:02:18.0175 2652 aic78u2 - ok
08:02:18.0191 2652 aic78xx - ok
08:02:18.0238 2652 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:02:18.0238 2652 Alerter - ok
08:02:18.0253 2652 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
08:02:18.0253 2652 ALG - ok
08:02:18.0269 2652 AliIde - ok
08:02:18.0300 2652 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:02:18.0300 2652 AmdK8 - ok
08:02:18.0300 2652 amsint - ok
08:02:18.0332 2652 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
08:02:18.0332 2652 APPDRV - ok
08:02:18.0347 2652 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:02:18.0363 2652 AppMgmt - ok
08:02:18.0363 2652 asc - ok
08:02:18.0378 2652 asc3350p - ok
08:02:18.0378 2652 asc3550 - ok
08:02:18.0457 2652 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:02:18.0488 2652 aspnet_state - ok
08:02:18.0535 2652 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:02:18.0535 2652 aswFsBlk - ok
08:02:18.0550 2652 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
08:02:18.0550 2652 aswFW - ok
08:02:18.0597 2652 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
08:02:18.0597 2652 aswKbd - ok
08:02:18.0613 2652 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
08:02:18.0613 2652 aswMon2 - ok
08:02:18.0613 2652 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
08:02:18.0613 2652 aswNdis - ok
08:02:18.0628 2652 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
08:02:18.0628 2652 aswNdis2 - ok
08:02:18.0644 2652 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
08:02:18.0644 2652 aswRdr - ok
08:02:18.0675 2652 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
08:02:18.0691 2652 aswSnx - ok
08:02:18.0707 2652 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
08:02:18.0707 2652 aswSP - ok
08:02:18.0722 2652 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
08:02:18.0722 2652 aswTdi - ok
08:02:18.0769 2652 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:02:18.0769 2652 AsyncMac - ok
08:02:18.0769 2652 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:02:18.0769 2652 atapi - ok
08:02:18.0785 2652 Atdisk - ok
08:02:18.0832 2652 [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:02:18.0832 2652 Ati HotKey Poller - ok
08:02:18.0925 2652 [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:02:18.0941 2652 ati2mtag - ok
08:02:18.0957 2652 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:02:18.0957 2652 Atmarpc - ok
08:02:19.0003 2652 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:02:19.0003 2652 AudioSrv - ok
08:02:19.0035 2652 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:02:19.0035 2652 audstub - ok
08:02:19.0113 2652 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
08:02:19.0113 2652 avast! Antivirus - ok
08:02:19.0128 2652 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Programme\AVAST Software\Avast\afwServ.exe
08:02:19.0128 2652 avast! Firewall - ok
08:02:19.0191 2652 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:02:19.0191 2652 BCM43XX - ok
08:02:19.0238 2652 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
08:02:19.0238 2652 bcm4sbxp - ok
08:02:19.0269 2652 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:02:19.0269 2652 Beep - ok
08:02:19.0316 2652 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
08:02:19.0394 2652 BITS - ok
08:02:19.0441 2652 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
08:02:19.0457 2652 Browser - ok
08:02:19.0503 2652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:02:19.0503 2652 cbidf2k - ok
08:02:19.0519 2652 cd20xrnt - ok
08:02:19.0535 2652 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:02:19.0535 2652 Cdaudio - ok
08:02:19.0582 2652 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:02:19.0582 2652 Cdfs - ok
08:02:19.0613 2652 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:02:19.0613 2652 Cdrom - ok
08:02:19.0660 2652 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
08:02:19.0660 2652 cercsr6 - ok
08:02:19.0675 2652 Changer - ok
08:02:19.0722 2652 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:02:19.0722 2652 CiSvc - ok
08:02:19.0753 2652 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:02:19.0769 2652 ClipSrv - ok
08:02:19.0800 2652 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:02:19.0832 2652 clr_optimization_v2.0.50727_32 - ok
08:02:19.0894 2652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:02:19.0910 2652 clr_optimization_v4.0.30319_32 - ok
08:02:19.0941 2652 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:02:19.0941 2652 CmBatt - ok
08:02:19.0957 2652 CmdIde - ok
08:02:19.0972 2652 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:02:19.0972 2652 Compbatt - ok
08:02:19.0988 2652 COMSysApp - ok
08:02:20.0019 2652 Cpqarray - ok
08:02:20.0050 2652 [ 743C403D20A89DB5ED84C874768B7119 ] cpuz133 C:\WINDOWS\system32\drivers\cpuz133_x32.sys
08:02:20.0050 2652 cpuz133 - ok
08:02:20.0082 2652 [ 75FA19142531CBF490770C2988A7DB64 ] cpuz134 C:\WINDOWS\system32\drivers\cpuz134_x32.sys
08:02:20.0082 2652 cpuz134 - ok
08:02:20.0113 2652 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
08:02:20.0128 2652 cpuz135 - ok
08:02:20.0160 2652 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:02:20.0175 2652 CryptSvc - ok
08:02:20.0222 2652 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
08:02:20.0222 2652 CVirtA - ok
08:02:20.0332 2652 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
08:02:20.0410 2652 CVPND - ok
08:02:20.0472 2652 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
08:02:20.0472 2652 CVPNDRVA - ok
08:02:20.0488 2652 dac2w2k - ok
08:02:20.0503 2652 dac960nt - ok
08:02:20.0550 2652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:02:20.0582 2652 DcomLaunch - ok
08:02:20.0628 2652 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
08:02:20.0644 2652 dg_ssudbus - ok
08:02:20.0675 2652 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:02:20.0691 2652 Dhcp - ok
08:02:20.0738 2652 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:02:20.0738 2652 Disk - ok
08:02:20.0753 2652 dmadmin - ok
08:02:20.0816 2652 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:02:20.0847 2652 dmboot - ok
08:02:20.0863 2652 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:02:20.0863 2652 dmio - ok
08:02:20.0894 2652 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:02:20.0910 2652 dmload - ok
08:02:20.0941 2652 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:02:20.0941 2652 dmserver - ok
08:02:20.0988 2652 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:02:21.0003 2652 DMusic - ok
08:02:21.0035 2652 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
08:02:21.0050 2652 DNE - ok
08:02:21.0097 2652 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:02:21.0097 2652 Dnscache - ok
08:02:21.0128 2652 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:02:21.0160 2652 Dot3svc - ok
08:02:21.0175 2652 dpti2o - ok
08:02:21.0207 2652 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:02:21.0207 2652 drmkaud - ok
08:02:21.0269 2652 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
08:02:21.0269 2652 dvd43llh - ok
08:02:21.0300 2652 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:02:21.0316 2652 EapHost - ok
08:02:21.0347 2652 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
08:02:21.0363 2652 epmntdrv - ok
08:02:21.0378 2652 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:02:21.0394 2652 ERSvc - ok
08:02:21.0425 2652 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
08:02:21.0441 2652 EuGdiDrv - ok
08:02:21.0472 2652 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
08:02:21.0488 2652 Eventlog - ok
08:02:21.0535 2652 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
08:02:21.0550 2652 EventSystem - ok
08:02:21.0597 2652 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:02:21.0597 2652 Fastfat - ok
08:02:21.0628 2652 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:02:21.0660 2652 FastUserSwitchingCompatibility - ok
08:02:21.0675 2652 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
08:02:21.0675 2652 Fdc - ok
08:02:21.0691 2652 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:02:21.0691 2652 Fips - ok
08:02:21.0707 2652 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:02:21.0707 2652 Flpydisk - ok
08:02:21.0753 2652 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:02:21.0769 2652 FltMgr - ok
08:02:21.0832 2652 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:02:21.0832 2652 FontCache3.0.0.0 - ok
08:02:21.0878 2652 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
08:02:21.0878 2652 FsUsbExDisk - ok
08:02:21.0910 2652 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:02:21.0910 2652 Fs_Rec - ok
08:02:21.0941 2652 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:02:21.0941 2652 Ftdisk - ok
08:02:21.0972 2652 [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\WINDOWS\system32\DRIVERS\GigasetGenericUSB.sys
08:02:21.0972 2652 GigasetGenericUSB - ok
08:02:22.0003 2652 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:02:22.0003 2652 Gpc - ok
08:02:22.0035 2652 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
08:02:22.0035 2652 grmnusb - ok
08:02:22.0082 2652 gupdate - ok
08:02:22.0082 2652 gupdatem - ok
08:02:22.0113 2652 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:02:22.0128 2652 HDAudBus - ok
08:02:22.0222 2652 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:02:22.0238 2652 helpsvc - ok
08:02:22.0300 2652 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
08:02:22.0300 2652 HidServ - ok
08:02:22.0347 2652 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:02:22.0347 2652 HidUsb - ok
08:02:22.0394 2652 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:02:22.0394 2652 hkmsvc - ok
08:02:22.0410 2652 hpn - ok
08:02:22.0488 2652 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
08:02:22.0503 2652 HSF_DPV - ok
08:02:22.0550 2652 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
08:02:22.0550 2652 HSXHWAZL - ok
08:02:22.0597 2652 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:02:22.0613 2652 HTTP - ok
08:02:22.0644 2652 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:02:22.0660 2652 HTTPFilter - ok
08:02:22.0675 2652 i2omgmt - ok
08:02:22.0691 2652 i2omp - ok
08:02:22.0738 2652 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:02:22.0738 2652 i8042prt - ok
08:02:22.0816 2652 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:02:22.0847 2652 idsvc - ok
08:02:22.0878 2652 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:02:22.0878 2652 Imapi - ok
08:02:22.0941 2652 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
08:02:22.0957 2652 ImapiService - ok
08:02:22.0972 2652 ini910u - ok
08:02:22.0988 2652 IntelIde - ok
08:02:23.0035 2652 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:02:23.0035 2652 Ip6Fw - ok
08:02:23.0082 2652 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:02:23.0082 2652 IpFilterDriver - ok
08:02:23.0113 2652 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:02:23.0113 2652 IpInIp - ok
08:02:23.0128 2652 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:02:23.0144 2652 IpNat - ok
08:02:23.0160 2652 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:02:23.0160 2652 IPSec - ok
08:02:23.0175 2652 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:02:23.0191 2652 IRENUM - ok
08:02:23.0253 2652 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:02:23.0253 2652 isapnp - ok
08:02:23.0332 2652 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
08:02:23.0347 2652 JavaQuickStarterService - ok
08:02:23.0363 2652 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:02:23.0363 2652 Kbdclass - ok
08:02:23.0378 2652 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:02:23.0394 2652 kbdhid - ok
08:02:23.0410 2652 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:02:23.0410 2652 kmixer - ok
08:02:23.0441 2652 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:02:23.0457 2652 KSecDD - ok
08:02:23.0488 2652 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:02:23.0503 2652 lanmanserver - ok
08:02:23.0519 2652 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:02:23.0535 2652 lanmanworkstation - ok
08:02:23.0535 2652 lbrtfdc - ok
08:02:23.0582 2652 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:02:23.0582 2652 LmHosts - ok
08:02:23.0597 2652 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:02:23.0597 2652 mdmxsdk - ok
08:02:23.0628 2652 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:02:23.0644 2652 Messenger - ok
08:02:23.0660 2652 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:02:23.0675 2652 mnmdd - ok
08:02:23.0707 2652 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:02:23.0707 2652 mnmsrvc - ok
08:02:23.0738 2652 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:02:23.0738 2652 Modem - ok
08:02:23.0753 2652 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:02:23.0753 2652 Mouclass - ok
08:02:23.0785 2652 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:02:23.0785 2652 mouhid - ok
08:02:23.0832 2652 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:02:23.0832 2652 MountMgr - ok
08:02:23.0863 2652 MozillaMaintenance - ok
08:02:23.0863 2652 mraid35x - ok
08:02:23.0878 2652 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:02:23.0878 2652 MRxDAV - ok
08:02:23.0925 2652 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:02:23.0941 2652 MRxSmb - ok
08:02:23.0957 2652 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:02:23.0972 2652 MSDTC - ok
08:02:23.0988 2652 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:02:23.0988 2652 Msfs - ok
08:02:23.0988 2652 MSIServer - ok
08:02:24.0003 2652 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:02:24.0019 2652 MSKSSRV - ok
08:02:24.0035 2652 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:02:24.0035 2652 MSPCLOCK - ok
08:02:24.0035 2652 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:02:24.0035 2652 MSPQM - ok
08:02:24.0066 2652 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:02:24.0066 2652 mssmbios - ok
08:02:24.0113 2652 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:02:24.0113 2652 Mup - ok
08:02:24.0160 2652 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
08:02:24.0175 2652 napagent - ok
08:02:24.0222 2652 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:02:24.0222 2652 NDIS - ok
08:02:24.0269 2652 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:02:24.0269 2652 NdisTapi - ok
08:02:24.0285 2652 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:02:24.0285 2652 Ndisuio - ok
08:02:24.0316 2652 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:02:24.0316 2652 NdisWan - ok
08:02:24.0363 2652 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:02:24.0378 2652 NDProxy - ok
08:02:24.0394 2652 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:02:24.0394 2652 NetBIOS - ok
08:02:24.0394 2652 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:02:24.0410 2652 NetBT - ok
08:02:24.0441 2652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
08:02:24.0441 2652 NetDDE - ok
08:02:24.0457 2652 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:02:24.0457 2652 NetDDEdsdm - ok
08:02:24.0488 2652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:02:24.0488 2652 Netlogon - ok
08:02:24.0535 2652 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
08:02:24.0550 2652 Netman - ok
08:02:24.0582 2652 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:02:24.0582 2652 NetTcpPortSharing - ok
08:02:24.0613 2652 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
08:02:24.0628 2652 Nla - ok
08:02:24.0660 2652 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
08:02:24.0675 2652 NMSAccess - ok
08:02:24.0707 2652 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:02:24.0707 2652 Npfs - ok
08:02:24.0738 2652 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:02:24.0769 2652 Ntfs - ok
08:02:24.0769 2652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:02:24.0769 2652 NtLmSsp - ok
08:02:24.0816 2652 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:02:24.0832 2652 NtmsSvc - ok
08:02:24.0863 2652 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:02:24.0863 2652 Null - ok
08:02:24.0894 2652 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:02:24.0894 2652 NwlnkFlt - ok
08:02:24.0894 2652 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:02:24.0910 2652 NwlnkFwd - ok
08:02:24.0957 2652 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
08:02:24.0988 2652 odserv - ok
08:02:25.0019 2652 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
08:02:25.0019 2652 ose - ok
08:02:25.0066 2652 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
08:02:25.0066 2652 Parport - ok
08:02:25.0082 2652 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:02:25.0082 2652 PartMgr - ok
08:02:25.0113 2652 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:02:25.0113 2652 ParVdm - ok
08:02:25.0144 2652 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:02:25.0160 2652 PCI - ok
08:02:25.0160 2652 PCIDump - ok
08:02:25.0207 2652 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:02:25.0222 2652 PCIIde - ok
08:02:25.0238 2652 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:02:25.0238 2652 Pcmcia - ok
08:02:25.0238 2652 PDCOMP - ok
08:02:25.0253 2652 PDFRAME - ok
08:02:25.0253 2652 PDRELI - ok
08:02:25.0269 2652 PDRFRAME - ok
08:02:25.0269 2652 perc2 - ok
08:02:25.0285 2652 perc2hib - ok
08:02:25.0300 2652 pflt - ok
08:02:25.0316 2652 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
08:02:25.0332 2652 PlugPlay - ok
08:02:25.0347 2652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:02:25.0347 2652 PolicyAgent - ok
08:02:25.0378 2652 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:02:25.0378 2652 PptpMiniport - ok
08:02:25.0394 2652 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
08:02:25.0394 2652 Processor - ok
08:02:25.0410 2652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:02:25.0410 2652 ProtectedStorage - ok
08:02:25.0441 2652 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:02:25.0441 2652 Ptilink - ok
08:02:25.0457 2652 ql1080 - ok
08:02:25.0457 2652 Ql10wnt - ok
08:02:25.0472 2652 ql12160 - ok
08:02:25.0472 2652 ql1240 - ok
08:02:25.0488 2652 ql1280 - ok
08:02:25.0503 2652 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:02:25.0503 2652 RasAcd - ok
08:02:25.0535 2652 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:02:25.0550 2652 RasAuto - ok
08:02:25.0566 2652 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:02:25.0566 2652 Rasl2tp - ok
08:02:25.0597 2652 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:02:25.0613 2652 RasMan - ok
08:02:25.0613 2652 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:02:25.0613 2652 RasPppoe - ok
08:02:25.0628 2652 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:02:25.0628 2652 Raspti - ok
08:02:25.0644 2652 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:02:25.0644 2652 Rdbss - ok
08:02:25.0660 2652 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:02:25.0660 2652 RDPCDD - ok
08:02:25.0691 2652 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:02:25.0691 2652 rdpdr - ok
08:02:25.0722 2652 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:02:25.0738 2652 RDPWD - ok
08:02:25.0769 2652 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:02:25.0800 2652 RDSessMgr - ok
08:02:25.0832 2652 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:02:25.0832 2652 redbook - ok
08:02:25.0863 2652 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:02:25.0878 2652 RemoteAccess - ok
08:02:25.0910 2652 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:02:25.0910 2652 RemoteRegistry - ok
08:02:25.0941 2652 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
08:02:25.0941 2652 rimmptsk - ok
08:02:25.0988 2652 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
08:02:25.0988 2652 RpcLocator - ok
08:02:26.0019 2652 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:02:26.0035 2652 RpcSs - ok
08:02:26.0066 2652 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:02:26.0097 2652 RSVP - ok
08:02:26.0128 2652 [ DE7A2FC379671998865122A08FD9DB52 ] SaiHFFB5 C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys
08:02:26.0128 2652 SaiHFFB5 - ok
08:02:26.0160 2652 [ EC45AB6754E931E4335A99933DA133F5 ] SaiIFFB5 C:\WINDOWS\system32\DRIVERS\SaiIFFB5.sys
08:02:26.0160 2652 SaiIFFB5 - ok
08:02:26.0191 2652 [ A79FBDBC6A979259E38DEA7D29B57619 ] SaiMini C:\WINDOWS\system32\DRIVERS\SaiMini.sys
08:02:26.0191 2652 SaiMini - ok
08:02:26.0222 2652 [ BB20EBA89E0EF39697A1A8728C5685FE ] SaiNtBus C:\WINDOWS\system32\drivers\SaiBus.sys
08:02:26.0222 2652 SaiNtBus - ok
08:02:26.0238 2652 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
08:02:26.0238 2652 SamSs - ok
08:02:26.0269 2652 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:02:26.0285 2652 SCardSvr - ok
08:02:26.0332 2652 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:02:26.0332 2652 Schedule - ok
08:02:26.0378 2652 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
08:02:26.0378 2652 sdbus - ok
08:02:26.0425 2652 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:02:26.0425 2652 Secdrv - ok
08:02:26.0457 2652 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
08:02:26.0472 2652 seclogon - ok
08:02:26.0519 2652 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
08:02:26.0519 2652 SENS - ok
08:02:26.0535 2652 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
08:02:26.0535 2652 Serial - ok
08:02:26.0582 2652 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
08:02:26.0597 2652 sffdisk - ok
08:02:26.0613 2652 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
08:02:26.0613 2652 sffp_sd - ok
08:02:26.0628 2652 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:02:26.0644 2652 Sfloppy - ok
08:02:26.0675 2652 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:02:26.0691 2652 SharedAccess - ok
08:02:26.0722 2652 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:02:26.0722 2652 ShellHWDetection - ok
08:02:26.0738 2652 Simbad - ok
08:02:26.0785 2652 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
08:02:26.0785 2652 SkypeUpdate - ok
08:02:26.0800 2652 Sparrow - ok
08:02:26.0832 2652 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:02:26.0832 2652 splitter - ok
08:02:26.0878 2652 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:02:26.0878 2652 Spooler - ok
08:02:26.0925 2652 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
08:02:26.0941 2652 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
08:02:26.0941 2652 sptd ( LockedFile.Multi.Generic ) - warning
08:02:26.0941 2652 sptd - detected LockedFile.Multi.Generic (1)
08:02:26.0972 2652 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:02:26.0972 2652 sr - ok
08:02:27.0019 2652 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
08:02:27.0035 2652 srservice - ok
08:02:27.0050 2652 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:02:27.0066 2652 Srv - ok
08:02:27.0097 2652 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
08:02:27.0097 2652 sscebus - ok
08:02:27.0113 2652 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
08:02:27.0113 2652 sscemdfl - ok
08:02:27.0144 2652 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
08:02:27.0144 2652 sscemdm - ok
08:02:27.0160 2652 [ 60CD4AD33AA52E58FAAC3ABAD18CF8EF ] ssceserd C:\WINDOWS\system32\DRIVERS\ssceserd.sys
08:02:27.0175 2652 ssceserd - ok
08:02:27.0207 2652 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:02:27.0207 2652 SSDPSRV - ok
08:02:27.0253 2652 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
08:02:27.0269 2652 ssudmdm - ok
08:02:27.0285 2652 [ F1567D6CA46E2233AE626FB4FAABACEF ] ssudserd C:\WINDOWS\system32\DRIVERS\ssudserd.sys
08:02:27.0285 2652 ssudserd - ok
08:02:27.0332 2652 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
08:02:27.0332 2652 ss_bbus - ok
08:02:27.0363 2652 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
08:02:27.0363 2652 ss_bmdfl - ok
08:02:27.0378 2652 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
08:02:27.0378 2652 ss_bmdm - ok
08:02:27.0425 2652 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
08:02:27.0425 2652 StarOpen - ok
08:02:27.0488 2652 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
08:02:27.0488 2652 STHDA - ok
08:02:27.0535 2652 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:02:27.0550 2652 stisvc - ok
08:02:27.0582 2652 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:02:27.0597 2652 swenum - ok
08:02:27.0597 2652 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:02:27.0613 2652 swmidi - ok
08:02:27.0613 2652 SwPrv - ok
08:02:27.0628 2652 symc810 - ok
08:02:27.0628 2652 symc8xx - ok
08:02:27.0628 2652 sym_hi - ok
08:02:27.0644 2652 sym_u3 - ok
08:02:27.0691 2652 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
08:02:27.0691 2652 SynTP - ok
08:02:27.0707 2652 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:02:27.0707 2652 sysaudio - ok
08:02:27.0738 2652 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:02:27.0753 2652 SysmonLog - ok
08:02:27.0769 2652 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:02:27.0785 2652 TapiSrv - ok
08:02:27.0816 2652 [ 9333FBD7F56B6253AEA877663A0AFAC2 ] Tardis C:\WINDOWS\system32\tardisnt.exe
08:02:27.0832 2652 Tardis - ok
08:02:27.0847 2652 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:02:27.0863 2652 Tcpip - ok
08:02:27.0894 2652 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:02:27.0894 2652 TDPIPE - ok
08:02:27.0910 2652 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:02:27.0910 2652 TDTCP - ok
08:02:27.0925 2652 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:02:27.0925 2652 TermDD - ok
08:02:27.0957 2652 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
08:02:27.0972 2652 TermService - ok
08:02:27.0988 2652 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
08:02:27.0988 2652 Themes - ok
08:02:28.0035 2652 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:02:28.0035 2652 TlntSvr - ok
08:02:28.0050 2652 TosIde - ok
08:02:28.0066 2652 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:02:28.0082 2652 TrkWks - ok
08:02:28.0097 2652 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:02:28.0113 2652 Udfs - ok
08:02:28.0113 2652 UIUSys - ok
08:02:28.0128 2652 ultra - ok
08:02:28.0175 2652 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
08:02:28.0175 2652 UnlockerDriver5 - ok
08:02:28.0222 2652 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:02:28.0222 2652 Update - ok
08:02:28.0269 2652 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:02:28.0285 2652 upnphost - ok
08:02:28.0285 2652 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
08:02:28.0300 2652 UPS - ok
08:02:28.0332 2652 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:02:28.0332 2652 usbaudio - ok
08:02:28.0347 2652 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:02:28.0347 2652 usbccgp - ok
08:02:28.0363 2652 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:02:28.0363 2652 usbehci - ok
08:02:28.0410 2652 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:02:28.0410 2652 usbhub - ok
08:02:28.0425 2652 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:02:28.0425 2652 usbohci - ok
08:02:28.0457 2652 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:02:28.0472 2652 usbprint - ok
08:02:28.0488 2652 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:02:28.0488 2652 usbscan - ok
08:02:28.0519 2652 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:02:28.0519 2652 USBSTOR - ok
08:02:28.0550 2652 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:02:28.0550 2652 VgaSave - ok
08:02:28.0566 2652 ViaIde - ok
08:02:28.0566 2652 vnet - ok
08:02:28.0582 2652 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:02:28.0582 2652 VolSnap - ok
08:02:28.0628 2652 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
08:02:28.0644 2652 vsdatant - ok
08:02:28.0675 2652 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
08:02:28.0707 2652 VSS - ok
08:02:28.0738 2652 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
08:02:28.0753 2652 W32Time - ok
08:02:28.0769 2652 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:02:28.0769 2652 Wanarp - ok
08:02:28.0769 2652 WDICA - ok
08:02:28.0785 2652 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:02:28.0800 2652 wdmaud - ok
08:02:28.0832 2652 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:02:28.0847 2652 WebClient - ok
08:02:28.0894 2652 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
08:02:28.0894 2652 winachsf - ok
08:02:28.0972 2652 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:02:28.0972 2652 winmgmt - ok
08:02:28.0988 2652 wltrysvc - ok
08:02:29.0035 2652 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:02:29.0035 2652 WmdmPmSN - ok
08:02:29.0066 2652 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:02:29.0082 2652 Wmi - ok
08:02:29.0097 2652 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:02:29.0097 2652 WmiAcpi - ok
08:02:29.0128 2652 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:02:29.0144 2652 WmiApSrv - ok
08:02:29.0160 2652 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
08:02:29.0160 2652 WpdUsb - ok
08:02:29.0238 2652 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:02:29.0253 2652 WPFFontCache_v0400 - ok
08:02:29.0300 2652 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:02:29.0300 2652 wscsvc - ok
08:02:29.0332 2652 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:02:29.0347 2652 wuauserv - ok
08:02:29.0378 2652 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:02:29.0394 2652 WudfPf - ok
08:02:29.0394 2652 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:02:29.0410 2652 WudfRd - ok
08:02:29.0441 2652 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:02:29.0457 2652 WudfSvc - ok
08:02:29.0503 2652 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:02:29.0535 2652 WZCSVC - ok
08:02:29.0550 2652 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:02:29.0582 2652 xmlprov - ok
08:02:29.0613 2652 zlportio - ok
08:02:29.0628 2652 ================ Scan global ===============================
08:02:29.0660 2652 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
08:02:29.0691 2652 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
08:02:29.0738 2652 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
08:02:29.0753 2652 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
08:02:29.0769 2652 [Global] - ok
08:02:29.0769 2652 ================ Scan MBR ==================================
08:02:29.0785 2652 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
08:02:29.0988 2652 \Device\Harddisk0\DR0 - ok
08:02:29.0988 2652 [ 3A8C93796FC5CD0B5BEC2CDE9304F0A6 ] \Device\Harddisk1\DR4
08:02:35.0753 2652 \Device\Harddisk1\DR4 - ok
08:02:35.0753 2652 ================ Scan VBR ==================================
08:02:35.0753 2652 [ 7A8086188F83871B26213582D6426944 ] \Device\Harddisk0\DR0\Partition1
08:02:35.0753 2652 \Device\Harddisk0\DR0\Partition1 - ok
08:02:35.0816 2652 [ A305A269F10977DCA17986AC75F7C7B7 ] \Device\Harddisk0\DR0\Partition2
08:02:35.0816 2652 \Device\Harddisk0\DR0\Partition2 - ok
08:02:35.0832 2652 [ B32578388B37D2ADC336262215BCEBF9 ] \Device\Harddisk0\DR0\Partition3
08:02:35.0847 2652 \Device\Harddisk0\DR0\Partition3 - ok
08:02:35.0847 2652 [ 088C9739B12EBED5DF8900A53C995A51 ] \Device\Harddisk1\DR4\Partition1
08:02:35.0863 2652 \Device\Harddisk1\DR4\Partition1 - ok
08:02:35.0863 2652 ============================================================
08:02:35.0863 2652 Scan finished
08:02:35.0863 2652 ============================================================
08:02:35.0878 3272 Detected object count: 1
08:02:35.0878 3272 Actual detected object count: 1
08:04:35.0691 3272 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:04:35.0691 3272 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:04:39.0019 0952 Deinitialize success
Drittes Logfile als Anhang, da sonst zu viele Zeichen im Thread (da fand er aber auch nichts mehr). |
|
07.11.2012, 15:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.11.2012, 16:07
| #5 |
| | HDD Repair - nach Anleitung entfernt - weiterhin Probleme ASWmbr fragte nicht nach neuen Definitionen. Anscheinend hat er aber die meines installierten Avast übernommen?! Jedenfalls waren sie aktuell. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-07 15:55:08
-----------------------------
15:55:08.953 OS Version: Windows 5.1.2600 Service Pack 3
15:55:08.953 Number of processors: 2 586 0x4802
15:55:08.953 ComputerName: MURLAIN-LAPTOP UserName: Murlain
15:55:09.250 Initialize success
15:55:09.437 AVAST engine defs: 12110700
15:55:40.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:55:40.218 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
15:55:40.234 Disk 0 MBR read successfully
15:55:40.234 Disk 0 MBR scan
15:55:40.703 Disk 0 Windows XP default MBR code
15:55:40.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63
15:55:41.187 Disk 0 Partition - 00 0F Extended LBA 245234 MB offset 122881185
15:55:41.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39997 MB offset 122881248
15:55:41.234 Disk 0 Partition - 00 05 Extended 205236 MB offset 204796620
15:55:41.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 205236 MB offset 204796683
15:55:41.281 Disk 0 scanning sectors +625121280
15:55:41.593 Disk 0 scanning C:\WINDOWS\system32\drivers
15:55:59.578 Service scanning
15:56:13.953 Modules scanning
15:56:19.265 Disk 0 trace - called modules:
15:56:19.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:56:19.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89c23ab8]
15:56:19.281 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89c02b00]
15:56:19.593 AVAST engine scan C:\WINDOWS
15:56:27.203 AVAST engine scan C:\WINDOWS\system32
15:58:28.484 AVAST engine scan C:\WINDOWS\system32\drivers
15:58:40.968 AVAST engine scan C:\Dokumente und Einstellungen\Murlain
16:02:18.765 AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:03:50.234 Scan finished successfully
16:05:07.562 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Murlain\Desktop\MBR.dat"
16:05:07.562 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Murlain\Desktop\aswMBR.txt"
|
|
07.11.2012, 16:52
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> HDD Repair - nach Anleitung entfernt - weiterhin Probleme |
|
07.11.2012, 17:14
| #7 |
| | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Während ComboFix läuft, möchte ich mich bei dir für die schnellen Antworten bedanken und gebe schonmal virtuell ein Bier aus, um dem Problem in gemütlicher Runde weiter zu Leibe zu rücken  ComboFix ist inzwischen fertig, hier das Log: Code:
ATTFilter ComboFix 12-11-06.03 - Murlain 07.11.2012 17:02:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1790.1246 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Murlain\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-07 bis 2012-11-07 ))))))))))))))))))))))))))))))
.
.
2012-11-05 06:57 . 2012-11-05 06:57 177496 ----a-w- c:\windows\system32\drivers\02455266.sys
2012-11-05 06:56 . 2012-11-05 06:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\dokumente und einstellungen\Murlain\Anwendungsdaten\Malwarebytes
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-11-04 19:48 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-04 19:38 . 2012-11-04 19:38 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-04 19:32 . 2012-11-04 20:56 -------- d-----w- c:\programme\RelevantKnowledge(2)
2012-11-04 19:32 . 2012-11-04 19:32 -------- d-----w- c:\programme\MarkAny
2012-11-04 19:23 . 2012-11-04 19:34 -------- d-----w- c:\programme\Mozilla Thunderbird
2012-11-04 19:21 . 2012-11-04 19:21 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2012-11-04 19:21 . 2012-11-04 19:21 -------- d-----w- c:\programme\DVDVideoSoft
2012-10-14 17:23 . 2012-10-18 09:28 -------- d-----w- c:\dokumente und einstellungen\Murlain\Anwendungsdaten\.oit
2012-10-14 16:57 . 2012-10-14 16:57 -------- d-----w- c:\dokumente und einstellungen\Murlain\Lokale Einstellungen\Anwendungsdaten\GlobalGraphics
2012-10-14 16:39 . 2012-10-14 16:39 -------- d-----w- c:\dokumente und einstellungen\Murlain\Anwendungsdaten\Global Graphics
2012-10-14 16:33 . 2012-10-14 16:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Global Graphics
2012-10-14 16:03 . 2012-10-14 16:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Global Graphics
2012-10-14 16:02 . 2012-10-14 16:02 -------- d-----w- c:\programme\Global Graphics
2012-10-14 11:28 . 2012-10-14 11:28 -------- d-----w- C:\AllShare
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 15:05 . 2006-03-04 03:34 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-21 18:04 . 2012-04-09 17:16 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 18:04 . 2011-05-22 09:04 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2011-10-17 11:39 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-10-17 11:39 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-10-17 11:39 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-25 13:58 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13 . 2011-10-17 11:39 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-10-17 11:39 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2011-10-17 11:39 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-10-17 11:39 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-10-17 11:39 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-10-17 11:39 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2011-10-17 11:39 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-10-17 11:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-10-17 11:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-07 08:39 . 2012-09-07 08:38 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\dokumente und einstellungen\Murlain\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\dokumente und einstellungen\Murlain\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\dokumente und einstellungen\Murlain\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\dokumente und einstellungen\Murlain\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="c:\programme\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled
Logitech Media Server-Taskleisten-Tool.lnk - c:\programme\Squeezebox\SqueezeTray.exe [2012-10-3 3051619]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-12-14 6144]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Freespace 2\\FS2.exe"=
"d:\\Freespace\\FS.exe"=
"d:\\Freespace 2\\fs2_open_3_6_9.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
"c:\\Programme\\Free Download Manager\\fdmwi.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"123:UDP"= 123:UDP:NTP
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"9000:TCP"= 9000:TCP:Logitech Media Server 9000 tcp (UI)
"9001:TCP"= 9001:TCP:Logitech Media Server 9001 tcp (UI)
"9002:TCP"= 9002:TCP:Logitech Media Server 9002 tcp (UI)
"9003:TCP"= 9003:TCP:Logitech Media Server 9003 tcp (UI)
"9004:TCP"= 9004:TCP:Logitech Media Server 9004 tcp (UI)
"9005:TCP"= 9005:TCP:Logitech Media Server 9005 tcp (UI)
"9006:TCP"= 9006:TCP:Logitech Media Server 9006 tcp (UI)
"9007:TCP"= 9007:TCP:Logitech Media Server 9007 tcp (UI)
"9008:TCP"= 9008:TCP:Logitech Media Server 9008 tcp (UI)
"9009:TCP"= 9009:TCP:Logitech Media Server 9009 tcp (UI)
"9010:TCP"= 9010:TCP:Logitech Media Server 9010 tcp (UI)
"9100:TCP"= 9100:TCP:Logitech Media Server 9100 tcp (UI)
"8000:TCP"= 8000:TCP:Logitech Media Server 8000 tcp (UI)
"10000:TCP"= 10000:TCP:Logitech Media Server 10000 tcp (UI)
"9090:TCP"= 9090:TCP:Logitech Media Server 9090 tcp (UI)
"3483:UDP"= 3483:UDP:Logitech Media Server 3483 udp
"3483:TCP"= 3483:TCP:Logitech Media Server 3483 tcp
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [17.10.2011 12:38 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [17.10.2011 12:39 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [17.10.2011 12:39 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [25.02.2012 14:58 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.10.2011 12:39 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.10.2011 12:39 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.10.2011 12:39 21256]
R2 avast! Firewall;avast! Firewall;c:\programme\AVAST Software\Avast\afwServ.exe [17.10.2011 12:38 133912]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [30.07.2010 17:41 20072]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [30.07.2010 17:42 20328]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [22.09.2011 12:36 21992]
S2 Tardis;Tardis time service;c:\windows\system32\tardisnt.exe [26.08.2010 23:17 233472]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [29.05.2012 18:52 80824]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [22.08.2012 09:48 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [22.08.2012 09:48 8456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [03.12.2010 10:39 36608]
S3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\drivers\GigasetGenericUSB.sys [16.11.2011 15:34 44032]
S3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\DRIVERS\vfilter.sys --> c:\windows\system32\DRIVERS\vfilter.sys [?]
S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [01.05.2007 14:39 132232]
S3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\drivers\SaiIFFB5.sys [01.05.2007 14:39 16256]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [03.12.2010 10:39 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [03.12.2010 10:39 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [03.12.2010 10:39 123648]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [03.12.2010 10:39 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [03.12.2010 10:39 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [03.12.2010 10:39 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [03.12.2010 10:39 100352]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [29.05.2012 18:52 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [29.05.2012 18:52 181432]
S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys --> c:\windows\system32\DRIVERS\virtualnet.sys [?]
S3 zlportio;zlportio;\??\d:\ultrastar deluxe\zlportio.sys --> d:\ultrastar deluxe\zlportio.sys [?]
S4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.09.2010 09:55 691696]
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-01 09:12]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7916d2d472a.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-11-21 11:27]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\ICQ\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.gmx.net/tb/mff_startpage
FF - prefs.js: keyword.URL - hxxp://go.gmx.net/tb/mff_keyurl_search/?su=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.07); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NPSStartup - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-59387098.sys
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-07 17:09
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1352)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-11-07 17:11:21
ComboFix-quarantined-files.txt 2012-11-07 16:11
.
Vor Suchlauf: 9 Verzeichnis(se), 19.194.355.712 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 20.222.427.136 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 9307BABA98E341A9027F1182A8AA48AA
|
|
07.11.2012, 20:19
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Mach bitte einen CustomScan mit OTL . Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2012, 21:01
| #9 |
| | HDD Repair - nach Anleitung entfernt - weiterhin Probleme OTL ist auch durch. Hier das Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2012 20:43:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Murlain\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 73,45% Memory free 5,58 Gb Paging File | 5,22 Gb Available in Paging File | 93,44% Paging File free Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 18,87 Gb Free Space | 32,20% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 12,78 Gb Free Space | 32,73% Space Free | Partition Type: NTFS Drive E: | 200,43 Gb Total Space | 73,91 Gb Free Space | 36,87% Space Free | Partition Type: NTFS Drive H: | 982,70 Mb Total Space | 407,89 Mb Free Space | 41,51% Space Free | Partition Type: FAT Computer Name: MURLAIN-LAPTOP | User Name: Murlain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.07 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Murlain\Desktop\OTL.exe PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.21 10:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2010.07.26 01:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.14 13:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.05.10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe PRC - [2006.01.02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005.02.16 08:18:16 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\tardisnt.exe ========== Modules (No Company Name) ========== MOD - [2012.11.07 11:13:13 | 001,829,376 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12110700\algo.dll MOD - [2012.07.03 21:07:10 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.07.03 21:05:15 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.07.03 21:04:59 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.07.03 21:02:56 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.07.03 21:02:53 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.11 17:36:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.11 17:33:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.11 17:31:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.11 17:30:54 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010.07.30 18:04:12 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.30 18:04:10 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2007.05.14 13:24:00 | 000,098,304 | ---- | M] () -- C:\Programme\Dell\QuickSet\dadkeyb.dll MOD - [2007.03.16 17:10:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll MOD - [2007.03.16 17:10:38 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2005.10.13 12:53:36 | 000,090,223 | ---- | M] () -- C:\Programme\Dell\QuickSet\preflibcl.dll MOD - [2005.02.16 08:18:16 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\tardisnt.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance) SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.21 10:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.02.16 08:18:16 | 000,233,472 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\tardisnt.exe -- (Tardis) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Ultrastar Deluxe\zlportio.sys -- (zlportio) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Murlain\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.08.21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 10:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2012.08.21 10:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 10:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.08.21 10:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.08.21 10:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW) DRV - [2012.08.21 10:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.06.03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd) DRV - [2012.02.24 10:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.02.24 10:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.09.06 21:10:01 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis) DRV - [2011.07.29 12:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010.11.09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010.09.02 09:55:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.07.09 12:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.05.11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 03:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2010.04.27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.06.10 10:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2009.06.10 10:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini) DRV - [2009.02.20 19:09:16 | 000,044,032 | R--- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2007.05.10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007.05.01 14:39:00 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFFB5.sys -- (SaiHFFB5) DRV - [2007.05.01 14:39:00 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiIFFB5.sys -- (SaiIFFB5) DRV - [2007.03.16 17:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.21 03:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.10.11 20:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.07.01 22:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005.08.12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/tb/mff_startpage" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.6 FF - prefs.js..extensions.enabledItems: {01c29d60-f7f0-416c-844a-ec8b2e1841d0}:1.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.22 12:19:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.08.24 09:14:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.04 20:32:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.04 20:32:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.11.04 20:23:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.11.04 20:23:12 | 000,000,000 | ---D | M] [2010.07.30 15:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Extensions [2010.07.30 15:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.04 20:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions [2010.07.30 15:22:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.04 20:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.11.04 20:22:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2012.09.17 09:31:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\ich@maltegoetz.de [2012.10.14 18:13:53 | 000,005,490 | -H-- | M] () (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2012.07.25 08:05:52 | 000,741,958 | -H-- | M] () (No name found) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.23 17:13:33 | 000,000,933 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\11-suche.xml [2012.02.23 17:13:33 | 000,002,419 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\englische-ergebnisse.xml [2012.02.23 17:13:33 | 000,010,525 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\gmx-suche.xml [2011.07.02 13:30:54 | 000,002,492 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\ixquick-https.xml [2012.02.23 17:13:33 | 000,002,457 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\lastminute.xml [2012.02.23 17:13:33 | 000,005,508 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla\Firefox\Profiles\abcoi42p.default\searchplugins\webde-suche.xml [2012.11.04 20:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 20:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.30 10:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\updated\extensions [2012.11.04 20:23:32 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\updated\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.30 10:57:01 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.07 09:39:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2012.11.07 17:09:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2012.11.07 15:51:36 | 000,000,000 | -H-D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKU\S-1-5-21-1214440339-1606980848-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280507214531 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:AutorunsDisabled () - O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.29 18:31:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: AutorunsDisabled - Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.07 20:40:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Murlain\Desktop\OTL.exe [2012.11.07 19:21:05 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Murlain\Recent [2012.11.07 17:01:12 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.11.07 16:59:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.11.07 16:59:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.11.07 16:59:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.11.07 16:59:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.07 16:58:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.07 16:58:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Murlain\Startmenü\Programme\Verwaltung [2012.11.07 16:58:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.11.07 16:58:29 | 004,997,881 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Murlain\Desktop\ComboFix.exe [2012.11.07 15:54:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Murlain\Desktop\aswMBR.exe [2012.11.05 07:57:00 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\02455266.sys [2012.11.05 07:56:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.04 20:48:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Malwarebytes [2012.11.04 20:48:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.04 20:48:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.04 20:48:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.04 20:48:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.04 20:32:50 | 000,000,000 | ---D | C] -- C:\Programme\RelevantKnowledge(2) [2012.11.04 20:32:49 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2012.11.04 20:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.11.04 20:32:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Desktop\Fotos Handy [2012.11.04 20:32:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Desktop\Fahrtkostenabrechnung [2012.11.04 20:27:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLAC [2012.11.04 20:23:10 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.11.04 20:21:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft [2012.11.04 20:21:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft [2012.11.04 20:21:20 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2012.11.04 13:21:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft(2) [2012.11.04 13:21:01 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft(2) [2012.10.14 18:23:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\.oit [2012.10.14 17:57:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Anwendungsdaten\GlobalGraphics [2012.10.14 17:39:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Global Graphics [2012.10.14 17:33:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Global Graphics [2012.10.14 17:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Global Graphics [2012.10.14 17:02:10 | 000,000,000 | ---D | C] -- C:\Programme\Global Graphics [2012.10.14 12:29:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Murlain\Eigene Dateien\My Videos [2012.10.14 12:28:45 | 000,000,000 | ---D | C] -- C:\AllShare [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.07 20:41:00 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.07 20:38:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Murlain\Desktop\OTL.exe [2012.11.07 20:37:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.07 20:37:47 | 1876,996,096 | -HS- | M] () -- C:\hiberfil.sys [2012.11.07 17:09:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.07 17:01:16 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012.11.07 16:57:16 | 004,997,881 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Murlain\Desktop\ComboFix.exe [2012.11.07 16:05:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\MBR.dat [2012.11.07 15:47:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Murlain\Desktop\aswMBR.exe [2012.11.06 17:51:11 | 000,151,818 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\Noten W-Klassen Schaal.pdf [2012.11.05 09:56:46 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\defogger_reenable [2012.11.05 09:54:33 | 000,486,186 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.05 09:54:33 | 000,466,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.05 09:54:33 | 000,088,698 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.05 09:54:33 | 000,074,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.05 07:57:00 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\02455266.sys [2012.11.04 20:40:37 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.11.04 19:09:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.04 18:53:35 | 162,697,216 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2012.10.22 09:46:41 | 000,440,892 | -H-- | M] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\2011_01_01_aishe1000.jpg [2012.10.14 12:09:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.07 17:01:16 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012.11.07 17:01:14 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.11.07 16:59:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.11.07 16:59:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.11.07 16:59:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.11.07 16:59:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.11.07 16:59:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.11.07 16:05:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\MBR.dat [2012.11.06 17:44:40 | 000,151,818 | ---- | C] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\Noten W-Klassen Schaal.pdf [2012.11.05 09:56:36 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Murlain\defogger_reenable [2012.11.05 09:50:13 | 1876,996,096 | -HS- | C] () -- C:\hiberfil.sys [2012.10.22 09:46:41 | 000,440,892 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\Desktop\2011_01_01_aishe1000.jpg [2012.08.22 09:48:02 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2012.08.22 09:48:02 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2012.08.22 09:48:02 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2012.08.22 09:48:02 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2012.08.22 09:48:01 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2012.05.29 19:22:39 | 000,125,240 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.02.15 22:02:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.31 18:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.10.16 18:23:21 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2011.10.05 09:31:45 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\VISCDUN7.DLL [2011.10.05 09:31:45 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\VISCDUNR.DLL [2011.10.05 09:31:45 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\VISCDRTL.DLL [2011.10.05 09:31:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\VISCDUNA.DLL [2011.09.22 11:03:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011.09.22 11:03:41 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011.09.22 11:03:41 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011.09.22 11:03:40 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011.06.02 17:38:35 | 000,883,534 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1214440339-1606980848-1417001333-1003-0.dat [2011.06.02 17:38:34 | 000,254,806 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.12.03 10:39:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.12.03 10:39:10 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.12.03 10:39:05 | 000,002,528 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\$_hpcst$.hpc [2010.11.09 13:15:34 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.09.02 20:00:59 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Murlain\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.30 20:25:09 | 000,011,457 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\SCScrnShot_073010_212509.pcx [2010.07.29 18:44:25 | 003,407,872 | -H-- | C] () -- C:\Dokumente und Einstellungen\Murlain\NTUSER.bak ========== ZeroAccess Check ========== [2010.07.30 11:51:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 17:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.22 09:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular [2011.10.17 12:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2010.09.02 09:07:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.07.30 19:41:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.09.29 10:37:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP [2011.09.29 10:37:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2 [2010.09.02 09:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.05.08 12:37:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.08.08 09:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG [2012.08.17 12:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin [2011.11.16 15:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gigaset QuickSync [2012.10.14 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Global Graphics [2010.08.12 17:25:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Saitek [2012.02.16 19:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2012.10.03 20:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Squeezebox [2012.10.18 10:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\.oit [2010.09.02 09:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Canneverbe Limited [2012.06.10 17:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\CasaPortale.de [2011.10.17 10:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\DAEMON Tools Lite [2010.08.16 15:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\diginet [2012.06.10 18:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Dropbox [2012.11.04 20:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\DVDVideoSoft [2011.10.10 10:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\EAC [2012.08.16 09:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\elsterformular [2011.10.14 08:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Foxit Software [2012.11.04 14:25:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Free Download Manager [2012.08.17 12:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Garmin [2012.10.14 17:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Global Graphics [2011.01.12 22:38:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\GrabPro [2012.06.24 10:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\HandBrake [2011.01.28 22:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\JGoodies [2010.12.07 17:34:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\LolClient [2011.10.17 10:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Miranda Fusion [2012.11.02 11:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mp3tag [2010.07.31 12:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\OpenOffice.org [2011.01.12 22:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Orbit [2010.07.30 18:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\PersBackup5 [2011.01.12 22:38:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\ProgSense [2012.10.14 12:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung [2012.04.11 21:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Steganos [2010.08.19 11:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\TheLastRipper [2010.07.30 15:26:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Thunderbird ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.14 12:28:45 | 000,000,000 | ---D | M] -- C:\AllShare [2012.11.07 17:01:16 | 000,000,000 | RHSD | M] -- C:\cmdcons [2012.11.04 20:36:08 | 000,000,000 | ---D | M] -- C:\Config.Msi [2010.07.30 11:43:11 | 000,000,000 | ---D | M] -- C:\DELL [2012.08.22 09:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.09.02 10:53:16 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.11.07 17:08:49 | 000,000,000 | R--D | M] -- C:\Programme [2012.11.07 17:11:25 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.07.29 18:35:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.05 07:56:59 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2012.08.22 09:46:46 | 000,000,000 | ---D | M] -- C:\Temp [2012.10.03 20:10:19 | 000,000,000 | ---D | M] -- C:\updates [2012.11.07 20:38:00 | 000,000,000 | ---D | M] -- C:\WINDOWS < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.10.18 10:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\.oit [2012.10.27 12:34:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\AccurateRip [2010.07.30 17:32:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Adobe [2010.07.30 11:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\ATI [2010.09.02 09:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Canneverbe Limited [2012.06.10 17:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\CasaPortale.de [2011.10.17 10:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\DAEMON Tools Lite [2010.08.16 15:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\diginet [2012.06.10 18:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Dropbox [2012.11.04 20:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\DVDVideoSoft [2011.10.10 10:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\EAC [2012.08.16 09:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\elsterformular [2010.07.30 21:27:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\FastStone [2011.10.14 08:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Foxit Software [2012.11.04 14:25:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Free Download Manager [2012.08.17 12:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Garmin [2012.10.14 17:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Global Graphics [2010.11.21 12:29:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Google [2011.01.12 22:38:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\GrabPro [2012.06.24 10:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\HandBrake [2010.07.29 18:44:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Identities [2010.07.30 12:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\InstallShield [2011.01.28 22:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\JGoodies [2010.12.07 17:34:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\LolClient [2010.07.30 17:32:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Macromedia [2012.11.04 20:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Malwarebytes [2011.09.22 10:19:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Media Player Classic [2012.02.20 20:21:10 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Microsoft [2011.10.17 10:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Miranda Fusion [2010.07.30 15:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mozilla [2012.11.02 11:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Mp3tag [2010.07.31 12:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\OpenOffice.org [2011.01.12 22:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Orbit [2010.07.30 18:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\PersBackup5 [2011.01.12 22:38:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\ProgSense [2012.10.14 12:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung [2012.09.14 12:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Skype [2011.09.22 10:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\skypePM [2012.04.11 21:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Steganos [2010.08.20 10:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Sun [2010.08.19 11:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\TheLastRipper [2010.07.30 15:26:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Thunderbird [2012.04.15 22:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\vlc [2012.03.18 12:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Winamp [2010.07.30 15:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2012.06.07 03:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012.06.07 03:02:32 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Dropbox\bin\DropboxUpdateHelper.exe [2012.06.07 03:02:38 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Dropbox\bin\Uninstall.exe [2011.09.22 11:20:33 | 000,045,126 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe [2011.09.22 11:20:33 | 000,045,126 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe [2011.09.22 11:20:33 | 000,045,126 | R--- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe [2012.03.16 14:47:36 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe [2012.03.16 14:47:36 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe [2012.03.16 14:47:36 | 000,021,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe [2012.02.03 17:50:16 | 000,943,504 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\Kies.exe [2012.02.03 17:50:20 | 000,278,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2012.02.01 17:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2012.02.03 17:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2012.01.31 18:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2012.01.31 18:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2012.02.03 17:50:22 | 000,067,472 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2012.03.16 14:47:36 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2012.03.16 14:47:36 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2012.02.03 17:50:26 | 000,131,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.03.16 14:47:36 | 000,021,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2012.02.03 17:50:28 | 003,570,312 | ---- | M] (Freeware) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2012.01.31 18:15:38 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.02.03 17:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.05.04 06:37:12 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Murlain\Anwendungsdaten\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > [2010.07.29 20:13:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010.07.29 20:13:31 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010.07.29 20:13:31 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Geändert von Murlain (07.11.2012 um 21:08 Uhr) |
|
07.11.2012, 21:51
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Ok soweit adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 06:27
| #11 |
| | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Guten Morgen, hier das Log von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 08/11/2012 um 06:24:49 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Murlain - MURLAIN-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Murlain\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [687 octets] - [08/11/2012 06:24:49]
########## EOF - C:\AdwCleaner[R1].txt - [746 octets] ##########
|
|
08.11.2012, 13:36
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Repair - nach Anleitung entfernt - weiterhin Probleme adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 14:04
| #13 |
| | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Log nach der Säuberung: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 08/11/2012 um 13:46:56 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Murlain - MURLAIN-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Murlain\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [814 octets] - [08/11/2012 06:24:49]
AdwCleaner[S1].txt - [748 octets] - [08/11/2012 13:46:56]
########## EOF - C:\AdwCleaner[S1].txt - [807 octets] ##########
|
|
08.11.2012, 14:57
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HDD Repair - nach Anleitung entfernt - weiterhin Probleme Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 19:01
| #15 |
| | HDD Repair - nach Anleitung entfernt - weiterhin Probleme So, beide Scanner sind endlich durch MbAm: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.08.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Murlain :: MURLAIN-LAPTOP [Administrator] 08.11.2012 15:14:15 mbam-log-2012-11-08 (15-14-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211074 Laufzeit: 4 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f76e6680bf25f54db5ce493f45d4c8cd
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-08 02:33:43
# local_time=2012-11-08 03:33:43 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 4260 4260 0 0
# compatibility_mode=9217 16777214 0 54 33598176 51986115 0 0
# scanned=284
# found=0
# cleaned=0
# scan_time=20
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f76e6680bf25f54db5ce493f45d4c8cd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-08 05:12:29
# local_time=2012-11-08 06:12:29 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 4514 4514 0 0
# compatibility_mode=9217 16777214 0 54 33598430 51986369 0 0
# scanned=173925
# found=0
# cleaned=0
# scan_time=9291
|
|
| Themen zu HDD Repair - nach Anleitung entfernt - weiterhin Probleme |
| .dll, antivirus, application/pdf:, bho, blockiert, canon, cdburnerxp, desktop, entfernen, explorer, firefox, fontcache, free download, helper, home, kaspersky, logfile, mozilla, mp3, ntdll.dll, plug-in, problem, rootkit.boot.sst.a, scan, services.exe, software, super, svchost, svchost.exe, system, temp, trojan.foury, udp, win32k.sys, wuauclt.exe, ändern |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
