| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Virus/Trojaner auf Windows XP RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.02.2013, 14:40
| #1 |
 |  GVU Virus/Trojaner auf Windows XP Rechner Hallo liebe Trojaner-Boarf-Gemeinde, vor mir habe ich einen Windows XP Rechner der leider nicht mehr richtig startet. Es kommt nur eine Anzeige von der "GVU": "Ihr Computer ist gesperrt" liest man dort. Man soll innerhalb von 48 Stunden hundert euro Zahlen, etc... Ich habe bereits im Forum folgendes Thema gefunden: http://www.trojaner-board.de/128498-...ter-modus.html Das sieht genau so aus, wie es bei meinem Rechner der Fall ist. Ich habe nun eine OTLPE-CD erstellt und wie im obigen genannten Thema einen Scan durchgeführt. Folgendes Habe ich erhalten: OTL.TXT: Code:
ATTFilter OTL logfile created on: 2/3/2013 2:27:31 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,015.00 Mb Total Physical Memory | 756.00 Mb Available Physical Memory | 74.00% Memory free
903.00 Mb Paging File | 792.00 Mb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104.17 Gb Total Space | 9.29 Gb Free Space | 8.92% Space Free | Partition Type: NTFS
Drive D: | 7.61 Gb Total Space | 0.49 Gb Free Space | 6.47% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2013/02/02 16:55:47 | 000,229,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll -- (winmgmt)
SRV - [2012/01/05 10:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/07 15:35:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/13 12:57:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/06/20 14:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/03 17:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 17:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 14:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/01/28 14:12:53 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/09/05 14:18:33 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/07 15:35:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/07 15:35:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/24 07:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 07:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 09:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/05/21 08:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006/07/30 20:00:08 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/15 08:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/15 08:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/05 21:00:06 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/01/19 08:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/09/19 06:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 06:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 06:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\Windows\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/30 22:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/30 22:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/30 22:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/30 22:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/30 22:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/30 22:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/30 22:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\Windows\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 05:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\Windows\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 05:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\Windows\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/04/01 20:07:44 | 000,163,390 | R--- | M] (Roland Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rdwm1046.sys -- (RDID1046)
DRV - [2002/04/17 13:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
DRV - [2001/08/17 21:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}
IE - HKU\Administrator_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}"
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}&src=2&crg=3.1010000.10011&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/12 11:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/05/12 11:20:38 | 000,000,000 | ---D | M]
[2010/11/17 15:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Extensions
[2013/01/29 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\i3nx4lhy.default\extensions
[2011/09/05 17:45:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\i3nx4lhy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/29 15:06:56 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mozilla\Firefox\Profiles\i3nx4lhy.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2013/01/29 15:07:22 | 000,003,998 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\i3nx4lhy.default\searchplugins\sweetim.xml
[2010/11/17 15:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/09/18 16:04:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/18 16:04:55 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/18 16:04:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/18 16:04:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/18 16:04:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,820 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\Windows\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] C:\Programme\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\Windows\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Programme\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\Windows\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\Windows\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\Administrator_ON_C..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\Administrator_ON_C..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/29 15:06:36 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2013/01/29 15:06:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2013/01/29 15:06:26 | 000,000,000 | ---D | C] -- C:\Programme\sweetpacks bundle uninstaller
[2013/01/29 15:05:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PutLockerDownloader
[2013/01/29 15:04:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2013/01/29 15:04:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Movie2KDownloader.com
[2013/01/29 15:04:48 | 000,000,000 | ---D | C] -- C:\Programme\Movie2KDownloader.com
[2013/01/29 14:56:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\FOLDER01
[2013/01/28 16:00:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VST3 Presets
[2013/01/28 14:42:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\UA25_WinXPDrv203
[2013/01/28 14:38:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\VST3
[2013/01/28 14:34:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VST3 Presets
[2013/01/28 14:23:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Steinberg HALionOne
[2013/01/28 14:23:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Steinberg
[2013/01/28 14:23:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg
[2013/01/28 14:21:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Steinberg Cubase 5
[2013/01/28 14:15:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Alcohol 120%
[2013/01/28 14:15:18 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft
[2013/01/28 14:12:53 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/03 07:48:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/03 07:48:21 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2013/02/03 07:41:55 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/02 17:00:23 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/02 16:58:22 | 000,003,160 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js
[2013/02/02 16:58:20 | 000,000,802 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/02 16:10:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/31 11:00:32 | 000,002,235 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013/01/29 17:29:07 | 000,000,251 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ax_files.xml
[2013/01/29 15:04:49 | 000,000,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Movie2KDownloader.lnk
[2013/01/29 14:21:14 | 000,472,398 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/29 14:21:14 | 000,452,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/29 14:21:14 | 000,088,294 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/29 14:21:14 | 000,074,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/28 15:01:30 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2013/01/28 14:15:38 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk
[2013/01/28 14:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Alcohol 120%
[2013/01/17 19:10:21 | 000,001,795 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/16 16:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2013/01/16 16:17:15 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/02/02 16:58:22 | 000,003,160 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js
[2013/02/02 16:58:13 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/02 16:55:59 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2013/01/29 15:04:48 | 000,000,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Movie2KDownloader.lnk
[2013/01/28 14:40:20 | 000,000,251 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ax_files.xml
[2013/01/28 14:15:38 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk
[2011/10/14 15:18:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/07 18:42:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/10/07 17:08:20 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\String Comparison
[2011/10/07 17:08:20 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\StartupItems
[2011/10/07 17:08:20 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT
[2011/10/07 17:08:20 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Techno Kit
[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\String Ensemble
[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stingers
[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Static Library
[2011/10/07 17:07:36 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Standard Tool
[2011/10/07 17:07:36 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2011/10/07 17:07:36 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2011/10/07 17:07:36 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Textures
[2011/10/07 17:07:36 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SystemConfiguration
[2011/04/04 12:59:26 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
[2010/11/17 15:41:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/13 08:18:40 | 000,068,096 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 08:16:02 | 000,000,171 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI
[2010/10/29 10:55:20 | 000,038,401 | R--- | C] () -- C:\WINDOWS\System32\RdCi1046.dll
[2010/10/29 10:55:18 | 000,004,088 | R--- | C] () -- C:\WINDOWS\System32\Rd4t1046.DAT
[2010/10/16 11:47:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/10/16 11:47:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/10/16 11:47:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/10/16 11:47:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/10/16 11:47:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/10/16 11:47:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/20 13:53:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/20 13:52:31 | 000,030,064 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/20 13:40:11 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/02/15 09:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 01:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 01:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 01:04:28 | 000,472,398 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/07 01:04:28 | 000,452,178 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 01:04:28 | 000,088,294 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/07 01:04:28 | 000,074,352 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 01:02:10 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 00:57:28 | 000,110,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 00:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 00:49:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/01 04:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 05:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/06 21:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
========== LOP Check ==========
[2011/11/11 08:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Antares
[2011/02/24 14:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BSplayer
[2011/02/24 14:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BSplayer Pro
[2011/09/05 14:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2010/11/11 04:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro
[2010/12/16 12:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo
[2011/09/05 14:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2010/11/13 14:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NCH Swift Sound
[2011/10/07 17:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nikon
[2010/11/11 04:40:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenCandy
[2010/11/15 16:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit
[2011/11/11 08:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PACE Anti-Piracy
[2010/11/11 04:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ProgSense
[2010/11/25 12:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Replay Media Catcher 4
[2006/08/21 00:12:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2013/01/28 14:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Steinberg
[2013/01/28 16:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VST3 Presets
[2011/09/05 14:17:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/10/07 17:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2010/11/13 14:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2011/10/08 05:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2011/11/11 08:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy
[2010/11/11 04:40:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ReviverSoft
[2013/01/28 14:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg
[2013/01/30 19:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2013/01/29 15:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2010/11/13 09:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2011/10/07 17:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2013/01/28 14:34:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VST3 Presets
[2011/09/05 15:03:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}
[2011/09/05 15:00:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3EE98DDF-8EFF-4760-88EB-D666A839217F}
[2011/09/05 17:41:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
[2011/09/05 17:41:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}
[2011/09/05 14:59:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
[2011/09/05 15:10:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
[2011/09/05 15:02:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/09/05 14:48:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/11/20 17:34:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\expressShakeIcon.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 1275 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:KAJrxLoRHqktJTFrNu
@Alternate Data Stream - 1262 bytes -> C:\Programme\Outlook Express:ErxHQz6glKYYzzKjzYM7N1oY
@Alternate Data Stream - 1262 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:maX2ghsVETd1N7JXD5FH4dPYpLgc
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 2/3/2013 2:27:32 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,015.00 Mb Total Physical Memory | 756.00 Mb Available Physical Memory | 74.00% Memory free
903.00 Mb Paging File | 792.00 Mb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 104.17 Gb Total Space | 9.29 Gb Free Space | 8.92% Space Free | Partition Type: NTFS
Drive D: | 7.61 Gb Total Space | 0.49 Gb Free Space | 6.47% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22C28506-B1E0-4050-B0B7-B97AEB061381}" = HP User Guides 0029
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{96E2E493-C484-43E3-9B95-D62EE7D40D3A}" = Toolbar 4.7 by SweetPacks
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 C3
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BC27061D-FFCE-4931-A05F-AC964CC026CA}" = Registry Reviver
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D799CC16-F3B5-468D-AC67-6F77AAA98173}" = Native Instruments Komplete 6
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EE1D761D-5715-4F63-8027-A61881B71CA7}" = Replay Media Catcher 4
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASAPI Update" = ASAPI Update
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSPlayerf" = BS.Player FREE
"DAEMON Tools Lite" = DAEMON Tools Lite
"Express" = Express Dictate
"FinalData Enterprise 2.0" = FinalData Enterprise 2.0
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 6" = Native Instruments Komplete 6
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"RegistryReviver" = Registry Reviver
"Scribe" = Express Scribe
"Steinberg Cubase SX 3" = Steinberg Cubase SX 3
"Steinberg The Grand VSTi DXi_is1" = Steinberg The Grand VSTi DXi v2.1.0
"Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Transcribe!_is1" = Transcribe! 8.00
"Trilogy_is1" = Trilogy
"UndeletePlus_is1" = Undelete Plus 2.98
"VLC media player" = VLC media player 0.9.9
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
< End of report >
Vielen Dank Narf |
|
03.02.2013, 17:08
| #2 |
| /// Malware-holic   | GVU Virus/Trojaner auf Windows XP Rechner hi
__________________Wer illegale Quellen nutzt, wie movie2k, und das tut der besitzer laut movie2k downloader der instaliert ist, und dann nicht mal sein Windows + Programme aktuell hält, muss sich echt nicht wundern. auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/02/03 07:48:21 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2013/02/02 16:58:22 | 000,003,160 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js
:Files
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
03.02.2013, 18:37
| #3 |
| | GVU Virus/Trojaner auf Windows XP Rechner Vielen Dank für die Antwort. Du hast natürlich Recht mit dem illegalen Zeug + Windows SP 2, etc...
__________________Naja, das ist halt ein Rechner von meinem Nachbarn. Er hat mir nicht gesagt, wie er den Trojaner bekommen hat. Ich werde ihm das Teil, wenn der Trojaner besiegt ist, auf den neusten Stand setzten. UND IHM SAGEN, DASS ER REGELMÄßIG SEIN SYSTEM UPDATEN SOLL und kein illegalen Sch*** machen soll!! Also weiter geht's: Hier der Inhalt von der Datei, die jetzt nicht OTL.txt heißt sondern 02032013_175443.txt. Windows hat dies zum Systemstart mir angezeigt: Code:
ATTFilter ========== OTL ==========
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk moved successfully.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.js moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
->Temp folder emptied: 3303066429 bytes
->Temporary Internet Files folder emptied: 857576081 bytes
->FireFox cache emptied: 83200034 bytes
->Google Chrome cache emptied: 252639546 bytes
->Flash cache emptied: 6264 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33338 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33472 bytes
Total Flash Files Cleaned = 4,288.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28680559 bytes
Total Files Cleaned = 27.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 02032013_175443
Files\Folders moved on Reboot...
File\Folder X:\I386\SYSTEM32\RUNDLL32.EXE not found!
Registry entries deleted on Reboot...
Vielen Dank nochmal PS. ich habe die datei per Uploadchannel hochgeladen. Ich hoffe, ihr habt die datei erhalten. |
|
03.02.2013, 22:02
| #4 |
| /// Malware-holic | GVU Virus/Trojaner auf Windows XP Rechner danke download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.02.2013, 23:46
| #5 |
| | GVU Virus/Trojaner auf Windows XP Rechner So, scan ausgeführt. Hier die log: Code:
ATTFilter 23:41:20.0062 2576 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:41:20.0265 2576 ============================================================
23:41:20.0265 2576 Current date / time: 2013/02/03 23:41:20.0265
23:41:20.0265 2576 SystemInfo:
23:41:20.0265 2576
23:41:20.0265 2576 OS Version: 5.1.2600 ServicePack: 2.0
23:41:20.0265 2576 Product type: Workstation
23:41:20.0265 2576 ComputerName: PC834640339160
23:41:20.0265 2576 UserName: Administrator
23:41:20.0265 2576 Windows directory: C:\WINDOWS
23:41:20.0265 2576 System windows directory: C:\WINDOWS
23:41:20.0265 2576 Processor architecture: Intel x86
23:41:20.0265 2576 Number of processors: 2
23:41:20.0265 2576 Page size: 0x1000
23:41:20.0265 2576 Boot type: Normal boot
23:41:20.0265 2576 ============================================================
23:41:21.0296 2576 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
23:41:21.0296 2576 ============================================================
23:41:21.0296 2576 \Device\Harddisk0\DR0:
23:41:21.0296 2576 MBR partitions:
23:41:21.0296 2576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD0556C1
23:41:21.0296 2576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xD055700, BlocksNum 0xF3DD10
23:41:21.0296 2576 ============================================================
23:41:21.0343 2576 C: <-> \Device\Harddisk0\DR0\Partition1
23:41:21.0359 2576 D: <-> \Device\Harddisk0\DR0\Partition2
23:41:21.0359 2576 ============================================================
23:41:21.0359 2576 Initialize success
23:41:21.0359 2576 ============================================================
23:42:09.0109 3664 ============================================================
23:42:09.0109 3664 Scan started
23:42:09.0109 3664 Mode: Manual; SigCheck; TDLFS;
23:42:09.0109 3664 ============================================================
23:42:09.0218 3664 ================ Scan system memory ========================
23:42:09.0218 3664 System memory - ok
23:42:09.0218 3664 ================ Scan services =============================
23:42:09.0375 3664 Abiosdsk - ok
23:42:09.0375 3664 abp480n5 - ok
23:42:09.0421 3664 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:42:11.0000 3664 ACPI - ok
23:42:11.0046 3664 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:42:11.0171 3664 ACPIEC - ok
23:42:11.0187 3664 [ 761D5BBDB6A5867C9F8EBBB545AF7B34 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
23:42:11.0265 3664 ADIHdAudAddService - ok
23:42:11.0281 3664 adpu160m - ok
23:42:11.0296 3664 [ C984DE22ED71414ABC42C1E03D412E33 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
23:42:11.0359 3664 AEAudioService - ok
23:42:11.0375 3664 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:42:11.0484 3664 aec - ok
23:42:11.0531 3664 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:42:11.0578 3664 AFD - ok
23:42:11.0671 3664 [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:42:11.0843 3664 AgereSoftModem - ok
23:42:11.0859 3664 Aha154x - ok
23:42:11.0859 3664 aic78u2 - ok
23:42:11.0859 3664 aic78xx - ok
23:42:11.0906 3664 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:42:12.0062 3664 Alerter - ok
23:42:12.0078 3664 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
23:42:12.0218 3664 ALG - ok
23:42:12.0250 3664 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
23:42:12.0421 3664 AliIde - ok
23:42:12.0421 3664 amsint - ok
23:42:12.0578 3664 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
23:42:12.0625 3664 AntiVirSchedulerService - ok
23:42:12.0671 3664 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:42:12.0703 3664 AntiVirService - ok
23:42:12.0750 3664 [ 05EDA44C080EBAF758F8A318488FFD75 ] appliand C:\WINDOWS\system32\DRIVERS\appliand.sys
23:42:12.0781 3664 appliand - ok
23:42:12.0796 3664 [ 05EDA44C080EBAF758F8A318488FFD75 ] appliandMP C:\WINDOWS\system32\DRIVERS\appliand.sys
23:42:12.0796 3664 appliandMP - ok
23:42:12.0843 3664 [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:42:12.0937 3664 AppMgmt - ok
23:42:12.0984 3664 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:42:13.0156 3664 Arp1394 - ok
23:42:13.0203 3664 [ 875F9079CABEE679D34B49E466B61701 ] Asapi C:\WINDOWS\system32\drivers\Asapi.sys
23:42:13.0234 3664 Asapi ( UnsignedFile.Multi.Generic ) - warning
23:42:13.0234 3664 Asapi - detected UnsignedFile.Multi.Generic (1)
23:42:13.0234 3664 asc - ok
23:42:13.0234 3664 asc3350p - ok
23:42:13.0234 3664 asc3550 - ok
23:42:13.0328 3664 [ 47589CC135E28532AFC39394BBF87F0D ] ASChannel C:\Programme\HPQ\IAM\Bin\ASChnl.dll
23:42:13.0343 3664 ASChannel ( UnsignedFile.Multi.Generic ) - warning
23:42:13.0343 3664 ASChannel - detected UnsignedFile.Multi.Generic (1)
23:42:13.0484 3664 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:42:13.0500 3664 aspnet_state - ok
23:42:13.0531 3664 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:42:13.0640 3664 AsyncMac - ok
23:42:13.0703 3664 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:42:13.0875 3664 atapi - ok
23:42:13.0890 3664 Atdisk - ok
23:42:13.0906 3664 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:42:14.0031 3664 Atmarpc - ok
23:42:14.0062 3664 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:42:14.0171 3664 AudioSrv - ok
23:42:14.0187 3664 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:42:14.0296 3664 audstub - ok
23:42:14.0343 3664 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
23:42:14.0359 3664 avgio - ok
23:42:14.0359 3664 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:42:14.0375 3664 avgntflt - ok
23:42:14.0375 3664 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:42:14.0406 3664 avipbb - ok
23:42:14.0468 3664 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
23:42:14.0500 3664 AxAutoMntSrv - ok
23:42:14.0546 3664 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:42:14.0593 3664 bcm4sbxp - ok
23:42:14.0609 3664 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:42:14.0734 3664 Beep - ok
23:42:14.0781 3664 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
23:42:14.0953 3664 BITS - ok
23:42:15.0031 3664 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
23:42:15.0187 3664 Browser - ok
23:42:15.0250 3664 [ 6B6AD8CBF3984C3B39D4D06C38F52010 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:42:15.0343 3664 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
23:42:15.0343 3664 BTKRNL - detected UnsignedFile.Multi.Generic (1)
23:42:15.0453 3664 [ 8A03AAD8AFAA0E5DDEC3D319EC5029AA ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:42:15.0468 3664 btwdins ( UnsignedFile.Multi.Generic ) - warning
23:42:15.0468 3664 btwdins - detected UnsignedFile.Multi.Generic (1)
23:42:15.0484 3664 [ 00C8988DA469E4AC087539BD77420123 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
23:42:15.0515 3664 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
23:42:15.0515 3664 BTWUSB - detected UnsignedFile.Multi.Generic (1)
23:42:15.0546 3664 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:42:15.0734 3664 cbidf2k - ok
23:42:15.0750 3664 cd20xrnt - ok
23:42:15.0765 3664 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:42:15.0859 3664 Cdaudio - ok
23:42:15.0875 3664 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:42:15.0968 3664 Cdfs - ok
23:42:15.0984 3664 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:42:16.0093 3664 Cdrom - ok
23:42:16.0093 3664 Changer - ok
23:42:16.0140 3664 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:42:16.0250 3664 CiSvc - ok
23:42:16.0281 3664 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:42:16.0375 3664 ClipSrv - ok
23:42:16.0406 3664 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:42:16.0437 3664 clr_optimization_v2.0.50727_32 - ok
23:42:16.0437 3664 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:42:16.0562 3664 CmBatt - ok
23:42:16.0562 3664 CmdIde - ok
23:42:16.0562 3664 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:42:16.0656 3664 Compbatt - ok
23:42:16.0671 3664 COMSysApp - ok
23:42:16.0671 3664 Cpqarray - ok
23:42:16.0703 3664 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:42:16.0812 3664 CryptSvc - ok
23:42:16.0828 3664 dac2w2k - ok
23:42:16.0828 3664 dac960nt - ok
23:42:16.0875 3664 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:42:16.0984 3664 DcomLaunch - ok
23:42:17.0031 3664 [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:42:17.0125 3664 Dhcp - ok
23:42:17.0156 3664 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:42:17.0296 3664 Disk - ok
23:42:17.0343 3664 [ 244B6285B14E06A9BA81B3ED9B9A3B38 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
23:42:17.0359 3664 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0359 3664 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
23:42:17.0359 3664 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:42:17.0375 3664 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0375 3664 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
23:42:17.0390 3664 [ BE6FA594AA49EFA8D5EF032DFE0A678D ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
23:42:17.0406 3664 DLADResN ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0406 3664 DLADResN - detected UnsignedFile.Multi.Generic (1)
23:42:17.0421 3664 [ 46CDF41AB0F616168F2C03EDB590643A ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
23:42:17.0453 3664 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0453 3664 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
23:42:17.0468 3664 [ 94F39387819A9AE05C788CFD7EA4E16B ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
23:42:17.0500 3664 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0500 3664 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
23:42:17.0500 3664 [ F4DCC4DF6B27EE4E3D08258ECDDECB1F ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
23:42:17.0515 3664 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0515 3664 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
23:42:17.0515 3664 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
23:42:17.0531 3664 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0531 3664 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
23:42:17.0546 3664 [ BDE11A8C697C5E22AEDF34CA3FDB5940 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
23:42:17.0578 3664 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0578 3664 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
23:42:17.0578 3664 [ 069D67EED1CEC572DC28CB5582B5AA96 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
23:42:17.0609 3664 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
23:42:17.0609 3664 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
23:42:17.0609 3664 dmadmin - ok
23:42:17.0687 3664 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:42:17.0937 3664 dmboot - ok
23:42:17.0968 3664 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:42:18.0140 3664 dmio - ok
23:42:18.0171 3664 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:42:18.0359 3664 dmload - ok
23:42:18.0421 3664 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
23:42:18.0531 3664 dmserver - ok
23:42:18.0546 3664 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:42:18.0640 3664 DMusic - ok
23:42:18.0671 3664 [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:42:18.0781 3664 Dnscache - ok
23:42:18.0781 3664 dpti2o - ok
23:42:18.0796 3664 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:42:18.0906 3664 drmkaud - ok
23:42:18.0906 3664 [ FE923D5529144D47B907663D2838C032 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:42:18.0921 3664 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
23:42:18.0921 3664 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
23:42:18.0921 3664 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:42:18.0937 3664 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
23:42:18.0937 3664 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
23:42:18.0984 3664 [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
23:42:19.0015 3664 dtsoftbus01 - ok
23:42:19.0031 3664 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
23:42:19.0078 3664 eabfiltr - ok
23:42:19.0093 3664 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
23:42:19.0109 3664 eabusb - ok
23:42:19.0125 3664 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:42:19.0250 3664 ERSvc - ok
23:42:19.0296 3664 [ A07CA23EA361A01E627D911CF139B950 ] Eventlog C:\WINDOWS\system32\services.exe
23:42:19.0359 3664 Eventlog - ok
23:42:19.0406 3664 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll
23:42:19.0468 3664 EventSystem - ok
23:42:19.0500 3664 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:42:19.0625 3664 Fastfat - ok
23:42:19.0656 3664 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:42:19.0781 3664 FastUserSwitchingCompatibility - ok
23:42:19.0796 3664 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:42:19.0953 3664 Fdc - ok
23:42:19.0968 3664 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:42:20.0109 3664 Fips - ok
23:42:20.0125 3664 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:42:20.0234 3664 Flpydisk - ok
23:42:20.0250 3664 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:42:20.0359 3664 FltMgr - ok
23:42:20.0421 3664 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:42:20.0437 3664 FontCache3.0.0.0 - ok
23:42:20.0468 3664 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:42:20.0562 3664 Fs_Rec - ok
23:42:20.0562 3664 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:42:20.0671 3664 Ftdisk - ok
23:42:20.0703 3664 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:42:20.0812 3664 Gpc - ok
23:42:20.0890 3664 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
23:42:20.0921 3664 gupdate - ok
23:42:20.0921 3664 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
23:42:20.0937 3664 gupdatem - ok
23:42:20.0937 3664 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
23:42:20.0953 3664 HBtnKey - ok
23:42:20.0953 3664 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:42:21.0015 3664 HDAudBus - ok
23:42:21.0125 3664 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:42:21.0250 3664 helpsvc - ok
23:42:21.0265 3664 HidServ - ok
23:42:21.0296 3664 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:42:21.0437 3664 HidUsb - ok
23:42:21.0437 3664 hpn - ok
23:42:21.0484 3664 [ A56D9D6B31A648CD5D3ACE7E09757600 ] hpqwmiex C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
23:42:21.0531 3664 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
23:42:21.0531 3664 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
23:42:21.0578 3664 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:42:21.0656 3664 HTTP - ok
23:42:21.0671 3664 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:42:21.0843 3664 HTTPFilter - ok
23:42:21.0843 3664 i2omgmt - ok
23:42:21.0859 3664 i2omp - ok
23:42:21.0906 3664 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:42:22.0031 3664 i8042prt - ok
23:42:22.0078 3664 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:42:22.0203 3664 ialm - ok
23:42:22.0234 3664 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:42:22.0343 3664 iaStor - ok
23:42:22.0515 3664 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:42:22.0546 3664 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:42:22.0546 3664 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:42:22.0640 3664 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:42:22.0750 3664 idsvc - ok
23:42:22.0796 3664 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:42:22.0906 3664 Imapi - ok
23:42:22.0953 3664 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
23:42:23.0062 3664 ImapiService - ok
23:42:23.0078 3664 ini910u - ok
23:42:23.0109 3664 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:42:23.0203 3664 IntelIde - ok
23:42:23.0218 3664 [ AE7511ADA0D951D50CEF95D7ECBACE99 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:42:23.0468 3664 intelppm - ok
23:42:23.0515 3664 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:42:23.0625 3664 Ip6Fw - ok
23:42:23.0625 3664 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:42:23.0765 3664 IpFilterDriver - ok
23:42:23.0765 3664 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:42:23.0859 3664 IpInIp - ok
23:42:23.0890 3664 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:42:24.0156 3664 IpNat - ok
23:42:24.0171 3664 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:42:24.0265 3664 IPSec - ok
23:42:24.0281 3664 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:42:24.0343 3664 IRENUM - ok
23:42:24.0343 3664 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:42:24.0453 3664 isapnp - ok
23:42:24.0468 3664 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:42:24.0562 3664 Kbdclass - ok
23:42:24.0593 3664 [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:42:24.0687 3664 kbdhid - ok
23:42:24.0703 3664 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:42:24.0828 3664 kmixer - ok
23:42:24.0859 3664 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:42:24.0968 3664 KSecDD - ok
23:42:25.0015 3664 [ F8170AA51CD202BC062B8A0983F361B7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:42:25.0125 3664 lanmanserver - ok
23:42:25.0171 3664 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:42:25.0218 3664 lanmanworkstation - ok
23:42:25.0218 3664 lbrtfdc - ok
23:42:25.0265 3664 [ 5D4B38A8D8525356798F5E560C3A3090 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
23:42:25.0281 3664 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:42:25.0281 3664 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:42:25.0328 3664 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:42:25.0421 3664 LmHosts - ok
23:42:25.0453 3664 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:42:25.0562 3664 Messenger - ok
23:42:25.0609 3664 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:42:25.0703 3664 mnmdd - ok
23:42:25.0750 3664 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:42:25.0859 3664 mnmsrvc - ok
23:42:25.0875 3664 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:42:25.0968 3664 Modem - ok
23:42:25.0984 3664 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:42:26.0078 3664 Mouclass - ok
23:42:26.0140 3664 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:42:26.0218 3664 mouhid - ok
23:42:26.0234 3664 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:42:26.0343 3664 MountMgr - ok
23:42:26.0390 3664 [ EEE50BF24CAEEDB515A8F3B22756D3BB ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
23:42:26.0437 3664 MQAC - ok
23:42:26.0437 3664 mraid35x - ok
23:42:26.0453 3664 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:42:26.0562 3664 MRxDAV - ok
23:42:26.0625 3664 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:42:26.0703 3664 MRxSmb - ok
23:42:26.0734 3664 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:42:26.0843 3664 MSDTC - ok
23:42:26.0859 3664 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:42:26.0937 3664 Msfs - ok
23:42:26.0953 3664 MSIServer - ok
23:42:26.0968 3664 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:42:27.0078 3664 MSKSSRV - ok
23:42:27.0093 3664 [ E9B5F354AE80325283FD5C1C05217B01 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
23:42:27.0109 3664 MSMQ - ok
23:42:27.0125 3664 [ 10E6B9022B0A5C9C41E2DA6AEAE5D404 ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
23:42:27.0156 3664 MSMQTriggers - ok
23:42:27.0187 3664 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:42:27.0312 3664 MSPCLOCK - ok
23:42:27.0328 3664 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:42:27.0437 3664 MSPQM - ok
23:42:27.0437 3664 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:42:27.0562 3664 mssmbios - ok
23:42:27.0578 3664 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:42:27.0703 3664 Mup - ok
23:42:27.0734 3664 [ AA898F84D2B59129FB92E143A2C73434 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:42:28.0046 3664 NDIS - ok
23:42:28.0093 3664 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:42:28.0203 3664 NdisTapi - ok
23:42:28.0218 3664 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:42:28.0312 3664 Ndisuio - ok
23:42:28.0328 3664 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:42:28.0468 3664 NdisWan - ok
23:42:28.0515 3664 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:42:28.0609 3664 NDProxy - ok
23:42:28.0609 3664 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:42:28.0734 3664 NetBIOS - ok
23:42:28.0750 3664 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:42:28.0859 3664 NetBT - ok
23:42:28.0906 3664 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
23:42:29.0031 3664 NetDDE - ok
23:42:29.0046 3664 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:42:29.0125 3664 NetDDEdsdm - ok
23:42:29.0156 3664 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:42:29.0265 3664 Netlogon - ok
23:42:29.0281 3664 [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman C:\WINDOWS\System32\netman.dll
23:42:29.0375 3664 Netman - ok
23:42:29.0421 3664 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:42:29.0437 3664 NetTcpPortSharing - ok
23:42:29.0484 3664 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:42:29.0609 3664 NIC1394 - ok
23:42:29.0671 3664 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll
23:42:29.0718 3664 Nla - ok
23:42:29.0734 3664 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:42:29.0828 3664 Npfs - ok
23:42:29.0859 3664 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:30.0015 3664 Ntfs - ok
23:42:30.0046 3664 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:42:30.0171 3664 NtLmSsp - ok
23:42:30.0234 3664 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:42:30.0437 3664 NtmsSvc - ok
23:42:30.0468 3664 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:42:30.0640 3664 Null - ok
23:42:30.0656 3664 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:30.0812 3664 NwlnkFlt - ok
23:42:30.0828 3664 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:30.0968 3664 NwlnkFwd - ok
23:42:30.0984 3664 [ 197DDF60B254A84D8656850397B5F923 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:42:31.0328 3664 ohci1394 - ok
23:42:31.0343 3664 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:42:31.0437 3664 Parport - ok
23:42:31.0453 3664 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:31.0546 3664 PartMgr - ok
23:42:31.0578 3664 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:31.0703 3664 ParVdm - ok
23:42:31.0812 3664 [ 5EEB45F500E3E97153CB75723F8CA185 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
23:42:31.0843 3664 PCA ( UnsignedFile.Multi.Generic ) - warning
23:42:31.0843 3664 PCA - detected UnsignedFile.Multi.Generic (1)
23:42:31.0859 3664 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:31.0953 3664 PCI - ok
23:42:31.0953 3664 PCIDump - ok
23:42:31.0984 3664 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:42:32.0093 3664 PCIIde - ok
23:42:32.0093 3664 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:42:32.0234 3664 Pcmcia - ok
23:42:32.0234 3664 PDCOMP - ok
23:42:32.0234 3664 PDFRAME - ok
23:42:32.0234 3664 PDRELI - ok
23:42:32.0250 3664 PDRFRAME - ok
23:42:32.0250 3664 perc2 - ok
23:42:32.0250 3664 perc2hib - ok
23:42:32.0281 3664 [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay C:\WINDOWS\system32\services.exe
23:42:32.0328 3664 PlugPlay - ok
23:42:32.0343 3664 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:42:32.0421 3664 PolicyAgent - ok
23:42:32.0453 3664 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:32.0578 3664 PptpMiniport - ok
23:42:32.0578 3664 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:42:32.0671 3664 ProtectedStorage - ok
23:42:32.0671 3664 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:32.0796 3664 PSched - ok
23:42:32.0796 3664 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:32.0890 3664 Ptilink - ok
23:42:32.0937 3664 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:42:32.0953 3664 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
23:42:32.0953 3664 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
23:42:32.0953 3664 ql1080 - ok
23:42:32.0953 3664 Ql10wnt - ok
23:42:32.0968 3664 ql12160 - ok
23:42:32.0968 3664 ql1240 - ok
23:42:32.0968 3664 ql1280 - ok
23:42:32.0968 3664 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:33.0078 3664 RasAcd - ok
23:42:33.0125 3664 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:42:33.0250 3664 RasAuto - ok
23:42:33.0281 3664 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:42:33.0343 3664 Rasirda - ok
23:42:33.0359 3664 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:33.0453 3664 Rasl2tp - ok
23:42:33.0500 3664 [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:42:33.0609 3664 RasMan - ok
23:42:33.0640 3664 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:33.0765 3664 RasPppoe - ok
23:42:33.0796 3664 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:33.0906 3664 Raspti - ok
23:42:33.0937 3664 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:34.0062 3664 Rdbss - ok
23:42:34.0109 3664 [ 5192866EA2E156E7617E425E41E0D6F7 ] RDID1046 C:\WINDOWS\system32\Drivers\rdwm1046.sys
23:42:34.0156 3664 RDID1046 ( UnsignedFile.Multi.Generic ) - warning
23:42:34.0156 3664 RDID1046 - detected UnsignedFile.Multi.Generic (1)
23:42:34.0156 3664 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:34.0281 3664 RDPCDD - ok
23:42:34.0296 3664 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:42:34.0421 3664 rdpdr - ok
23:42:34.0453 3664 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:34.0562 3664 RDPWD - ok
23:42:34.0593 3664 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:42:34.0765 3664 RDSessMgr - ok
23:42:34.0796 3664 [ 0447ABB4D7CEFA12EF0D570226870B2E ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:35.0125 3664 redbook - ok
23:42:35.0171 3664 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:42:35.0296 3664 RemoteAccess - ok
23:42:35.0312 3664 [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:42:35.0406 3664 RemoteRegistry - ok
23:42:35.0468 3664 [ D18208ED6C768663B08C972EAA7A8B60 ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
23:42:35.0515 3664 RMCAST - ok
23:42:35.0546 3664 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
23:42:35.0656 3664 RpcLocator - ok
23:42:35.0703 3664 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:42:35.0750 3664 RpcSs - ok
23:42:35.0796 3664 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:42:35.0921 3664 RSVP - ok
23:42:35.0937 3664 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
23:42:36.0046 3664 SamSs - ok
23:42:36.0062 3664 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:42:36.0171 3664 SCardSvr - ok
23:42:36.0203 3664 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:42:36.0312 3664 Schedule - ok
23:42:36.0359 3664 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:36.0421 3664 Secdrv - ok
23:42:36.0437 3664 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
23:42:36.0562 3664 seclogon - ok
23:42:36.0562 3664 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
23:42:36.0687 3664 SENS - ok
23:42:36.0718 3664 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:42:36.0828 3664 serenum - ok
23:42:36.0843 3664 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:42:36.0953 3664 Serial - ok
23:42:36.0968 3664 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:37.0078 3664 Sfloppy - ok
23:42:37.0125 3664 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:42:37.0234 3664 SharedAccess - ok
23:42:37.0265 3664 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:42:37.0359 3664 ShellHWDetection - ok
23:42:37.0375 3664 Simbad - ok
23:42:37.0390 3664 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
23:42:37.0484 3664 SMCIRDA - ok
23:42:37.0484 3664 Sparrow - ok
23:42:37.0515 3664 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:42:37.0609 3664 splitter - ok
23:42:37.0656 3664 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:42:37.0968 3664 Spooler - ok
23:42:38.0046 3664 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
23:42:38.0093 3664 sptd - ok
23:42:38.0109 3664 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:38.0203 3664 sr - ok
23:42:38.0250 3664 [ E150E7618328562598F4CE0B5851B5CD ] srservice C:\WINDOWS\system32\srsvc.dll
23:42:38.0562 3664 srservice - ok
23:42:38.0609 3664 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:38.0656 3664 Srv - ok
23:42:38.0687 3664 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:42:38.0765 3664 SSDPSRV - ok
23:42:38.0828 3664 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:42:38.0843 3664 ssmdrv - ok
23:42:38.0906 3664 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:42:38.0968 3664 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
23:42:38.0968 3664 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
23:42:39.0031 3664 [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:42:39.0250 3664 stisvc - ok
23:42:39.0281 3664 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:39.0453 3664 swenum - ok
23:42:39.0468 3664 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:42:39.0562 3664 swmidi - ok
23:42:39.0578 3664 SwPrv - ok
23:42:39.0578 3664 symc810 - ok
23:42:39.0578 3664 symc8xx - ok
23:42:39.0578 3664 sym_hi - ok
23:42:39.0593 3664 sym_u3 - ok
23:42:39.0625 3664 [ FD5010A627D2A7BBD1C44A488E3A8FE5 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:42:39.0687 3664 SynTP - ok
23:42:39.0703 3664 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:39.0812 3664 sysaudio - ok
23:42:39.0859 3664 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:42:40.0000 3664 SysmonLog - ok
23:42:40.0046 3664 [ 4584E2A5FE662AB3E7C32936E1449043 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:42:40.0171 3664 TapiSrv - ok
23:42:40.0218 3664 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:40.0281 3664 Tcpip - ok
23:42:40.0312 3664 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:40.0421 3664 TDPIPE - ok
23:42:40.0437 3664 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:40.0546 3664 TDTCP - ok
23:42:40.0578 3664 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:40.0671 3664 TermDD - ok
23:42:40.0718 3664 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
23:42:40.0859 3664 TermService - ok
23:42:40.0875 3664 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:42:40.0968 3664 Themes - ok
23:42:40.0984 3664 [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:42:41.0078 3664 TlntSvr - ok
23:42:41.0078 3664 TosIde - ok
23:42:41.0125 3664 [ 5815AE5EF8519066F19E575D67F6F191 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
23:42:41.0171 3664 TPkd ( UnsignedFile.Multi.Generic ) - warning
23:42:41.0171 3664 TPkd - detected UnsignedFile.Multi.Generic (1)
23:42:41.0187 3664 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:42:41.0281 3664 TrkWks - ok
23:42:41.0312 3664 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:42:41.0406 3664 Udfs - ok
23:42:41.0421 3664 ultra - ok
23:42:41.0453 3664 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
23:42:41.0515 3664 UMWdf - ok
23:42:41.0562 3664 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:42:41.0656 3664 Update - ok
23:42:41.0703 3664 [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost C:\WINDOWS\System32\upnphost.dll
23:42:41.0781 3664 upnphost - ok
23:42:41.0796 3664 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
23:42:41.0906 3664 UPS - ok
23:42:41.0953 3664 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:42:42.0093 3664 usbaudio - ok
23:42:42.0125 3664 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:42.0281 3664 usbccgp - ok
23:42:42.0312 3664 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:42.0453 3664 usbehci - ok
23:42:42.0468 3664 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:42.0609 3664 usbhub - ok
23:42:42.0625 3664 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:42:42.0765 3664 usbprint - ok
23:42:42.0812 3664 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:42.0937 3664 USBSTOR - ok
23:42:42.0953 3664 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:43.0093 3664 usbuhci - ok
23:42:43.0109 3664 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:42:43.0234 3664 VgaSave - ok
23:42:43.0250 3664 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
23:42:43.0375 3664 ViaIde - ok
23:42:43.0375 3664 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:43.0468 3664 VolSnap - ok
23:42:43.0515 3664 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
23:42:43.0640 3664 VSS - ok
23:42:43.0671 3664 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
23:42:43.0781 3664 W32Time - ok
23:42:43.0859 3664 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
23:42:44.0093 3664 w39n51 - ok
23:42:44.0125 3664 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:44.0328 3664 Wanarp - ok
23:42:44.0328 3664 WDICA - ok
23:42:44.0359 3664 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:44.0468 3664 wdmaud - ok
23:42:44.0500 3664 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:42:44.0781 3664 WebClient - ok
23:42:44.0890 3664 winmgmt - ok
23:42:45.0000 3664 [ 20263DAFD033D30F151BB87568386769 ] WmcCds c:\programme\windows media connect\mswmccds.exe
23:42:45.0062 3664 WmcCds ( UnsignedFile.Multi.Generic ) - warning
23:42:45.0062 3664 WmcCds - detected UnsignedFile.Multi.Generic (1)
23:42:45.0093 3664 [ 1DD015A69235DCFAE18B5F98FB50BE23 ] WmcCdsLs C:\Programme\Windows Media Connect\mswmcls.exe
23:42:45.0109 3664 WmcCdsLs ( UnsignedFile.Multi.Generic ) - warning
23:42:45.0109 3664 WmcCdsLs - detected UnsignedFile.Multi.Generic (1)
23:42:45.0156 3664 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:42:45.0250 3664 WmdmPmSN - ok
23:42:45.0312 3664 [ C8FC9889A70E775B7C5A0BB297D6F845 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:42:45.0453 3664 Wmi - ok
23:42:45.0515 3664 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:42:45.0734 3664 WmiAcpi - ok
23:42:45.0843 3664 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:42:45.0953 3664 WmiApSrv - ok
23:42:46.0000 3664 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:42:46.0109 3664 wscsvc - ok
23:42:46.0125 3664 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:42:46.0250 3664 wuauserv - ok
23:42:46.0281 3664 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:42:46.0421 3664 WZCSVC - ok
23:42:46.0453 3664 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:42:46.0609 3664 xmlprov - ok
23:42:46.0609 3664 ================ Scan global ===============================
23:42:46.0640 3664 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
23:42:46.0734 3664 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
23:42:46.0781 3664 [ 6D4006EF6E45030BCA14CBFE8893E9B9 ] C:\WINDOWS\system32\winsrv.dll
23:42:46.0812 3664 [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
23:42:46.0812 3664 [Global] - ok
23:42:46.0812 3664 ================ Scan MBR ==================================
23:42:46.0843 3664 [ 14C6601BDCC8A8484143829F2700ED2C ] \Device\Harddisk0\DR0
23:42:47.0687 3664 \Device\Harddisk0\DR0 - ok
23:42:47.0687 3664 ================ Scan VBR ==================================
23:42:47.0703 3664 [ E6960B42172B40ED6066A84CC02EDFFA ] \Device\Harddisk0\DR0\Partition1
23:42:47.0703 3664 \Device\Harddisk0\DR0\Partition1 - ok
23:42:47.0703 3664 [ 43AE955F9ADDAC81E98C7B634F213872 ] \Device\Harddisk0\DR0\Partition2
23:42:47.0703 3664 \Device\Harddisk0\DR0\Partition2 - ok
23:42:47.0703 3664 ============================================================
23:42:47.0703 3664 Scan finished
23:42:47.0703 3664 ============================================================
23:42:47.0812 1936 Detected object count: 26
23:42:47.0812 1936 Actual detected object count: 26
23:43:06.0171 1936 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0171 1936 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0187 1936 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0187 1936 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0203 1936 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0203 1936 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0218 1936 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0218 1936 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0218 1936 RDID1046 ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0218 1936 RDID1046 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0218 1936 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0218 1936 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0218 1936 TPkd ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0218 1936 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0218 1936 WmcCds ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0218 1936 WmcCds ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:06.0218 1936 WmcCdsLs ( UnsignedFile.Multi.Generic ) - skipped by user
23:43:06.0218 1936 WmcCdsLs ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:43:16.0984 2460 Deinitialize success
OMG Vielen Dank |
|
04.02.2013, 10:46
| #6 | |
| /// Malware-holic | GVU Virus/Trojaner auf Windows XP Rechner hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> GVU Virus/Trojaner auf Windows XP Rechner |
|
04.02.2013, 16:53
| #7 |
| | GVU Virus/Trojaner auf Windows XP Rechner Hi, hier die logfile von combofix: Code:
ATTFilter ComboFix 13-02-03.03 - Administrator 04.02.2013 16:33:46.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system\Pncrt.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Asapi
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-04 bis 2013-02-04 ))))))))))))))))))))))))))))))
.
.
2013-02-04 15:27 . 2013-02-04 15:27 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
2013-02-04 15:27 . 2004-08-04 08:00 25600 ----a-w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2013-02-03 22:54 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2013-02-03 22:54 . 2013-02-03 17:35 -------- d-----w- C:\_OTL
2013-01-29 20:06 . 2013-02-03 22:51 -------- d-----w- c:\programme\SweetIM
2013-01-29 20:05 . 2013-01-29 20:05 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PutLockerDownloader
2013-01-29 20:04 . 2013-01-29 20:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer
2013-01-29 20:04 . 2013-01-29 20:04 -------- d-----w- c:\programme\Movie2KDownloader.com
2013-01-28 21:00 . 2013-01-28 21:00 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\VST3 Presets
2013-01-28 19:38 . 2013-01-28 19:38 -------- d-----w- c:\programme\Gemeinsame Dateien\VST3
2013-01-28 19:34 . 2013-01-28 19:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\VST3 Presets
2013-01-28 19:23 . 2013-01-28 19:23 -------- d-----w- c:\programme\Gemeinsame Dateien\Steinberg
2013-01-28 19:23 . 2013-01-28 19:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Steinberg
2013-01-28 19:15 . 2013-01-28 19:15 -------- d-----w- c:\programme\Alcohol Soft
2013-01-28 19:12 . 2013-01-28 19:12 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2007-05-07 23395368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"PTHOSTTR"="c:\programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"hpWirelessAssistant"="c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Nikon Message Center 2"="c:\programme\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
DVD Check.lnk - c:\programme\InterVideo\DVD Check\DVDCheck.exe [2010-10-16 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\programme\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=rddv1046.dll
"midi1"=rddv1046.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Windows\\system32\\msiexec.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [05.09.2011 20:18 232512]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.11.2010 22:21 136360]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24.06.2010 13:46 28256]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05.01.2012 16:42 75624]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24.06.2010 13:46 28256]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [29.10.2010 16:55 163390]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-03 22:58 1607120 ----a-w- c:\programme\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2010-11-20 c:\windows\Tasks\expressShakeIcon.job
- c:\programme\NCH Swift Sound\Express\express.exe [2010-11-13 19:16]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-07 19:51]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-07 19:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\i3nx4lhy.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={6471F80D-6A4F-11E2-93C1-0017A4CD3B4B}&src=2&crg=3.1010000.10011&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetPacks Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-04 16:40
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@?????XW??????(?@???????@
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2854527535-1575105176-2467903655-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,52,2e,1f,4f,41,60,40,be,7d,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,a5,23,2c,2f,5c,73,47,98,bb,e7,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1284)
c:\programme\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\msi.dll
.
- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\rddv1046.dll
.
- - - - - - - > 'explorer.exe'(1304)
c:\programme\HPQ\IAM\Bin\SFSShell.dll
c:\programme\HPQ\IAM\bin\ItMsg.dll
c:\programme\HPQ\IAM\bin\1031\SFSShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\DllHost.exe
c:\programme\HPQ\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\msdtc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\mqsvc.exe
c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\programme\Skype\Plugin Manager\skypePM.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-04 16:44:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-04 15:44
.
Vor Suchlauf: 23 Verzeichnis(se), 13.167.476.736 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 13.336.924.160 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A0BB030517BCDE8E4CBF550723BC4C21
|
|
04.02.2013, 17:05
| #8 |
| /// Malware-holic | GVU Virus/Trojaner auf Windows XP Rechner hi, 1. http://download.bleepingcomputer.com...xp/winmgmt.reg laden, doppelklicken, Nachfrage bestätigen, neustarten 2. - servicepack3: Download: Windows XP Service Pack 3-Netzwerkinstallationspaket für IT-Spezialisten und Entwickler - Microsoft Download Center - Download Details - automatische updates so konfigurieren, das sie automatisch geladen/instaliert werden: Konfigurieren und Verwenden des Features "Automatische Updates" in Windows melden, wenn fertig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 20:04
| #9 |
| | GVU Virus/Trojaner auf Windows XP Rechner Hi, vielen Dank für die Unterstützung und Anweisungen. Der Rechner funktioniert ganz gut. Ich sehe aber, dass bei Firefox noch eine Toolbar installiert ist. Ich denke aber, dass ich die auch wegbekomme. Soll ich noch irgendwelche Scans durchführen? Vielen Dank nochmal |
|
04.02.2013, 20:05
| #10 |
| /// Malware-holic | GVU Virus/Trojaner auf Windows XP Rechner sind die Anweisungen von oben ausgeführt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 20:09
| #11 |
| | GVU Virus/Trojaner auf Windows XP Rechner Ja, das sind sie. - reg-datei heruntergeladen und ausgeführt. - WIN XP SP3 installiert - automatische Updates eingestellt. Danke |
|
05.02.2013, 15:01
| #12 |
| /// Malware-holic | GVU Virus/Trojaner auf Windows XP Rechner sehr gut. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 23:02
| #13 |
| | GVU Virus/Trojaner auf Windows XP Rechner Hallo, hier die Logdatei von Malwarebytes Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: PC834640339160 [Administrator] 05.02.2013 16:50:09 mbam-log-2013-02-05 (16-50-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 342683 Laufzeit: 1 Stunde(n), 46 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\all stuff noch 7,7 GB\System Volume Information\_restore{B32AEE6A-215A-4A68-95FC-9CABBF245D43}\RP456\A0090418.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\02032013_175443\C_Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\wpbt0.dll (Trojan.Ransom.NUM) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
07.02.2013, 12:16
| #14 |
| /// Malware-holic | GVU Virus/Trojaner auf Windows XP Rechner hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 20:27
| #15 |
| | GVU Virus/Trojaner auf Windows XP Rechner Hi, wie schon erwähnt ist das nicht mein Rechner, sonder der Rechner von meinem Nachbarn. Ich weiß daher nicht, welche Programme wirklich notwendig sind und welche unnötig bzw. unbekannt. Ich habe es so weit es geht versucht zu benennen. Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.5.502.146 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.5.502.146 notwendig Adobe Reader XI (11.0.01) - Deutsch Adobe Systems Incorporated 07.02.2013 135,00MB 11.0.01 notwendig Agere Systems HDA Modem unbekannt Antares Auto-Tune Evo VST Antares Audio Technologies 11.11.2011 33,48MB 6.00.0009 notwendig Apple Application Support Apple Inc. 12.05.2012 62,92MB 2.1.5 notwendig Apple Software Update Apple Inc. 12.05.2012 2,38MB 2.1.3.127 notwendig Application Installer 4.00.B5 Hewlett-Packard Company 4.00.B5 notwendig ASAPI Update notwendig Avira Free Antivirus Avira 13.0.0.2890 notwendig BS.Player FREE Webteh, d.o.o. 2.57.1051 unnögig Camtasia Studio 7 TechSmith Corporation 13.11.2010 218,00MB 7.0.1 notwendig CCleaner Piriform 23.01.2013 3.27 notwendig DAEMON Tools Lite DT Soft Ltd 4.41.3.0173 unnötig Express Dictate NCH Software notwendig Express Scribe NCH Software notwendig FinalData Enterprise 2.0 notwendig Google Chrome Google Inc. 07.04.2011 24.0.1312.57 notwendig Google Earth Google 02.12.2011 92,77MB 6.1.0.5001 notwendig HP BIOS Configuration for ProtectTools 2.00 C3 Hewlett-Packard Company 2.00 C3 notwendig HP Credential Manager for ProtectTools Hewlett-Packard Development Company, L.P. 20.08.2006 20,86MB 1.5.0.631.36.E notwendig HP Help and Support HPQ 20.08.2006 4.2.0009 notwendig HP Integrated Module with Bluetooth wireless technology HP 16.10.2010 30,95MB 4.0.1.3301 notwendig HP Notebook Accessories Product Tour Hewlett-Packard 20.08.2006 12.00.0000 notwendig HP ProtectTools Security Manager 2.00 C3 Hewlett-Packard Company 20.08.2006 2.00 C3 notwendig HP Quick Launch Buttons 6.00 D2 Hewlett-Packard Company 20.08.2006 6.00 D2 notwendig HP Software Update Hewlett-Packard 20.08.2006 3,42MB 3.0.7.014 notwendig HP User Guides 0029 HP 20.08.2006 1.01.0001 notwendig HP Wireless Assistant 2.00 E1 Hewlett-Packard Company 2.00 E1 notwendig Intel(R) Graphics Media Accelerator Driver 6.14.10.4543 notwendig Interlok driver setup x32 PACE Anti-Piracy 11.11.2011 0,12MB 5.8.10 wahrscheinlich notwendig InterVideo DVD Check notwendig InterVideo WinDVD InterVideo Inc. 5.0-B11.676 notwendig J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 20.08.2006 152,00MB 1.5.0.60 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 05.02.2013 1.70.0.1100 notwendig Microsoft .NET Framework 1.1 24.10.2010 notwendig Microsoft .NET Framework 1.1 German Language Pack Microsoft 07.08.2004 3,02MB 1.1.4322 notwendig Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU Microsoft Corporation 15.11.2010 6,18MB 2.1.21022 notwendig Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 05.02.2013 185,00MB 2.2.30729 notwendig Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU Microsoft Corporation 15.11.2010 16,81MB 3.1.21022 notwendig Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 05.02.2013 251,00MB 3.2.30729 notwendig Microsoft .NET Framework 3.5 Language Pack - DEU Microsoft Corporation notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 05.02.2013 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.11.2010 10,19MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.02.2013 11,13MB 10.0.40219 notwendig Movie2KDownloader Movie2KDownloader.com 2.1 Build 26473 unnötig! Mozilla Firefox 18.0.2 (x86 de) Mozilla 18.0.2 notwendig Mozilla Maintenance Service Mozilla 18.0.2 wahrscheinlich notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 23.10.2011 1,42MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.10.2011 2,77MB 4.20.9876.0 unbekannt MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 17.11.2010 1,40MB 6.20.2003.0 unbekannt Native Instruments Absynth 5 Native Instruments 05.09.2011 notwendig Native Instruments FM8 Native Instruments 05.09.2011 notwendig Native Instruments Guitar Rig 4 Native Instruments 05.09.2011 notwendig Native Instruments Komplete 6 Native Instruments 06.09.2011 notwendig Native Instruments Kontakt 4 Native Instruments 06.09.2011 notwendig Native Instruments Massive Native Instruments 05.09.2011 notwendig Native Instruments Reaktor 5 Native Instruments 05.09.2011 notwendig Native Instruments Service Center Native Instruments 05.09.2011 notwendig Nikon Message Center 2 Nikon 08.10.2011 5,20MB 2.0.1 notwendig Nikon Movie Editor Nikon 08.10.2011 26,99MB 2.2.1 notwendig Picture Control Utility Nikon 08.10.2011 27,16MB 1.3.0 notwendig QuickTime Apple Inc. 12.05.2012 73,28MB 7.71.80.42 notwendig Registry Reviver ReviverSoft LLC. 11.11.2010 1.2.39 unnötig Replay Media Catcher 4 Applian Technologies 15.11.2010 25,19MB 4.0.4 notwendig Skype™ 3.2 Skype Technologies S.A. 19.10.2010 34,76MB 3.2.145 notwendig Sonic Audio Module Sonic Solutions 20.08.2006 17,02MB 2.0.4 notwendig Sonic Copy Module Sonic Solutions 20.08.2006 16,72MB 2.0.4 notwendig Sonic Data Module Sonic Solutions 20.08.2006 16,24MB 2.0.4 notwendig Sonic DLA Sonic Solutions 20.08.2006 2,77MB 5.2.0 notwendig Sonic Express Labeler Sonic Solutions 20.08.2006 13,29MB 2.0.0 notwendig Sonic MyDVD Plus Sonic Solutions 20.08.2006 266,00MB 6.2.0 notwendig Sonic Update Manager Sonic Solutions 20.08.2006 2,39MB 3.0.0 notwendig SoundMAX Analog Devices 20.08.2006 5.10.01.4321 notwendig ST Wiederherstellungs- & Sicherungsprogramme Hewlett-Packard Company 20.08.2006 2.1K notwendig Steinberg Cubase 5 Steinberg Media Technologies GmbH 28.01.2013 291,00MB 5.1.0 notwendig Steinberg Cubase SX 3 Steinberg Media Technologies GmbH notwendig Steinberg Drum Loop Expansion 01 Steinberg Media Technologies GmbH 28.01.2013 424,00MB 1.0.0.1 notwendig Steinberg Groove Agent ONE Content Steinberg Media Technologies GmbH 28.01.2013 142,00MB 1.0.0.003 notwendig Steinberg HALionOne Steinberg Media Technologies GmbH 28.01.2013 387,00MB 1.1.0.457 notwendig Steinberg HALionOne Additional Content Set 01 Steinberg Media Technologies GmbH 28.01.2013 940,00MB 1.0.0.001 notwendig Steinberg HALionOne Expression Set Steinberg Media Technologies GmbH 28.01.2013 231,00MB 1.0.1.0 notwendig Steinberg HALionOne GM Drum Set Steinberg Media Technologies GmbH 28.01.2013 23,95MB 1.0.1.457 notwendig Steinberg HALionOne GM Set Steinberg Media Technologies GmbH 28.01.2013 63,62MB 1.0.1.457 notwendig Steinberg HALionOne Pro Set Steinberg Media Technologies GmbH 28.01.2013 123,00MB 1.0.1.457 notwendig Steinberg HALionOne Studio Drum Set Steinberg Media Technologies GmbH 28.01.2013 48,07MB 1.0.1.457 notwendig Steinberg HALionOne Studio Set Steinberg Media Technologies GmbH 28.01.2013 112,00MB 1.0.1.457 notwendig Steinberg LoopMash Content Steinberg Media Technologies GmbH 28.01.2013 612,00MB 1.0.0.005 notwendig Steinberg REVerence Content 01 Steinberg Media Technologies GmbH 28.01.2013 169,00MB 1.0.0.006 notwendig Steinberg The Grand VSTi DXi v2.1.0 10.08.2011 notwendig Steinberg WaveLab 5.01b notwendig Synaptics Pointing Device Driver Synaptics 8.2.4.0 Transcribe! 8.00 Seventh String Software 20.11.2010 8.00 notwendig Trilogy Spectrasonics, Inc. notwendig Undelete Plus 2.98 Copyright © 2008 Phoenix Technologies • All Rights Reserved 24.10.2010 notwendig ViewNX 2 Nikon 08.10.2011 51,63MB 2.2.1 notwendig VLC media player 0.9.9 VideoLAN Team 0.9.9 notwendig Windows Internet Explorer 8 Microsoft Corporation 22.02.2011 20090308.140743 notwendig Windows Media Connect 20.08.2006 notwendig Windows XP Service Pack 3 Microsoft Corporation 04.02.2013 20080414.031514 notwendig WinRAR 4.01 (32-Bit) win.rar GmbH 4.01.0notwendig Wisdom-soft Set up ASR 3.1 Free Wisdom Software Inc. notwendig |
|
| Themen zu GVU Virus/Trojaner auf Windows XP Rechner |
| 1clickdownload, antivir, avira, bho, computer, cubase, desktop, einstellungen, error, euro, explorer, firefox, flash player, format, gesperrt, gvu trojaner, launch, logfile, plug-in, registry, rundll, scan, security, senden, software, sweetpacks, tarma, tcp, temp, udp, windows, windows internet, windows xp |
Linear-Darstellung
