| |
| |||||||
Log-Analyse und Auswertung: Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.04.2013, 13:08
| #1 |
 |  Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Guten Tag, nach dem Booten erscheint die Windowsoberfläche. ALLES OK. Doppel-click auf irgendeine Anwendung. Das Programm startet ca erst nach 2 min., obwohl der Leerlaufprozess bei ca 95% liegt. Die Festplatte ist am arbeiten (hörbares Rattern). Wenn die Anwendung dann endlich startet, ist sie deutlich verlangsamt. Dateien öffnen Zeit versetzt. Nach ca 30 min habe ich das Gefühl der Rechner hat sich normalisiert. System: Windows XP mit SP3; Norton 360 und Spyboot. haben nichts verdächtiges gefunden. Wer hat eine Idee? OTL logfile created on: 26.03.2013 19:28:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MS\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 48,86% Memory free 2,98 Gb Paging File | 2,52 Gb Available in Paging File | 84,54% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,25 Gb Total Space | 19,11 Gb Free Space | 51,31% Space Free | Partition Type: NTFS Drive D: | 34,35 Gb Total Space | 5,02 Gb Free Space | 14,61% Space Free | Partition Type: NTFS Drive E: | 2,92 Gb Total Space | 1,56 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Computer Name: MS-PC | User Name: MS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.26 19:23:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\5.2.2.3\ccsvchst.exe PRC - [2011.01.05 06:03:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\PerfectDisk_11_Pro\PDAgent.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.03.16 18:57:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 16:18:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011.01.05 06:03:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Programme\PerfectDisk_11_Pro\PDAgent.exe -- (PDAgent) SRV - [2011.01.05 06:02:50 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Programme\PerfectDisk_11_Pro\PDEngine.exe -- (PDEngine) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009.07.13 13:51:46 | 000,160,768 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\soft Xpansion\SXDS10.exe -- (SXDS10) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS -- (PROCEXP150) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.01.16 18:32:12 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130325.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 18:32:10 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130325.004\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.09.01 01:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130322.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.08.18 14:42:35 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.18 14:42:35 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2011.09.29 20:17:01 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.04.21 02:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI) DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2010.11.16 02:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2010.08.11 07:10:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001.08.17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes\{FB909426-9B52-425D-8336-755FB1C8F597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/search?client=firefox-a&rls=org.mozilla%3Ade%3Aofficial&channel=s&hl=de&source=hp&q=schwarzes+Brett+Bremen&meta=&btnG=Google-Suche" FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.11 13:17:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013.03.26 19:08:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.10.01 18:25:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.01.05 18:47:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.08 16:18:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.08 16:18:30 | 000,000,000 | ---D | M] [2010.09.07 18:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Extensions [2013.02.24 19:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions [2011.01.28 18:49:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.08 21:45:50 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} [2012.11.21 20:06:45 | 000,000,000 | ---D | M] (Clippings) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2011.10.23 18:03:08 | 000,000,000 | ---D | M] (toolplugin) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\welcome@toolmin.com [2012.11.21 20:06:42 | 000,284,001 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\compatibility@addons.mozilla.org.xpi [2012.11.21 20:06:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\toolbar@web.de.xpi [2013.02.24 19:40:24 | 000,115,869 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.02.16 16:18:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\searchplugins\conduit.xml [2013.03.08 16:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 16:18:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 16:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2013.03.08 16:18:09 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2013.03.08 16:18:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.01.19 19:07:45 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.19 19:07:45 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.01.19 19:07:45 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.01.19 19:07:45 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.12 20:28:08 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011.10.23 18:03:09 | 000,000,158 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search the web.src [2013.01.19 19:07:45 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.19 19:07:45 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.02 22:03:55 | 000,444,763 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15275 more lines... O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357406469017 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C94311B-E53A-4875-BFA2-CDC8B70F1F17}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.07 12:59:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.26 19:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.20 07:12:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\MS\Recent [2013.03.19 21:56:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Desktop\Klavier [2013.03.09 18:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Eigene Dateien\Steuer-Sparbuch [2013.03.09 17:20:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\Buhl [2013.03.09 17:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Buhl Data Service [2013.03.09 17:17:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service [2013.03.09 17:15:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WISO Steuer-Sparbuch 2013 [2013.03.09 17:11:19 | 000,000,000 | ---D | C] -- C:\Programme\WISO [2013.03.09 17:10:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2013.03.08 16:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.26 19:24:46 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\gmer_2.1.19155.exe [2013.03.26 19:23:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.26 19:22:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.26 19:07:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.26 19:07:43 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2013.03.25 19:38:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.03.20 20:47:26 | 000,640,927 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\Stutz-Flügel.odt [2013.03.20 17:11:03 | 000,002,224 | ---- | M] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 17:07:27 | 000,002,672 | ---- | M] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.18 20:56:33 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.03.09 19:43:34 | 000,000,537 | ---- | M] () -- C:\WINDOWS\wiso.ini [2013.03.09 17:19:36 | 000,001,700 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2013.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.26 19:24:45 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\gmer_2.1.19155.exe [2013.03.26 19:22:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.20 17:11:01 | 000,002,224 | ---- | C] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 17:07:27 | 000,002,672 | ---- | C] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.19 22:16:22 | 000,640,927 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\Stutz-Flügel.odt [2013.03.09 17:20:33 | 000,000,537 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.03.09 17:19:36 | 000,001,700 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.02.02 16:50:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2013.02.02 16:50:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2013.02.02 16:49:57 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2013.02.02 16:48:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT [2013.02.02 16:48:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012.02.24 18:20:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.28 17:09:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini [2011.12.28 17:09:28 | 000,182,528 | ---- | C] () -- C:\WINDOWS\PI.EXE [2011.11.23 22:04:09 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011.11.09 20:17:20 | 002,681,344 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2011.09.27 17:42:28 | 000,000,457 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\clipdat2.rdf [2011.01.26 18:41:04 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.26 18:35:58 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.07.07 13:10:10 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.01.12 20:17:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.11 18:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2013.03.09 17:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.09.07 19:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.11.03 10:40:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.10.01 18:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.01.29 13:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.11.30 20:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.09.05 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.09.29 19:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2011.09.07 18:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft Xpansion [2013.01.05 18:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\APP_NAME_NON_STRING [2011.04.08 19:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Auslogics [2013.03.09 17:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Buhl Data Service [2010.09.07 19:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Canneverbe Limited [2011.08.18 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\EurekaLog [2010.09.07 21:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\eXPert PDF Editor [2011.01.12 20:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Greenshot [2011.12.05 19:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\IObit [2012.01.29 13:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Lexware [2011.11.23 22:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\MAGIX [2012.05.05 19:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Nokia [2010.07.09 21:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\OpenOffice.org [2012.05.05 19:52:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\PC Suite [2013.01.08 18:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\PDF Architect [2011.11.28 20:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\streamWriter [2011.11.09 20:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Tobit [2012.06.18 18:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\wtxpcom [2012.01.06 21:11:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\XnView ========== Purity Check ========== < End of report > OTL logfile created on: 26.03.2013 19:28:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MS\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 48,86% Memory free 2,98 Gb Paging File | 2,52 Gb Available in Paging File | 84,54% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,25 Gb Total Space | 19,11 Gb Free Space | 51,31% Space Free | Partition Type: NTFS Drive D: | 34,35 Gb Total Space | 5,02 Gb Free Space | 14,61% Space Free | Partition Type: NTFS Drive E: | 2,92 Gb Total Space | 1,56 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Computer Name: MS-PC | User Name: MS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.26 19:23:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\5.2.2.3\ccsvchst.exe PRC - [2011.01.05 06:03:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\PerfectDisk_11_Pro\PDAgent.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.03.16 18:57:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 16:18:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011.01.05 06:03:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Programme\PerfectDisk_11_Pro\PDAgent.exe -- (PDAgent) SRV - [2011.01.05 06:02:50 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Programme\PerfectDisk_11_Pro\PDEngine.exe -- (PDEngine) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009.07.13 13:51:46 | 000,160,768 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\soft Xpansion\SXDS10.exe -- (SXDS10) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS -- (PROCEXP150) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.01.16 18:32:12 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130325.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 18:32:10 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130325.004\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.09.01 01:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130322.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.08.18 14:42:35 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.18 14:42:35 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2011.09.29 20:17:01 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.04.21 02:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI) DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2010.11.16 02:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2010.08.11 07:10:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001.08.17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes\{FB909426-9B52-425D-8336-755FB1C8F597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/search?client=firefox-a&rls=org.mozilla%3Ade%3Aofficial&channel=s&hl=de&source=hp&q=schwarzes+Brett+Bremen&meta=&btnG=Google-Suche" FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.11 13:17:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013.03.26 19:08:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.10.01 18:25:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.01.05 18:47:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.08 16:18:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.08 16:18:30 | 000,000,000 | ---D | M] [2010.09.07 18:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Extensions [2013.02.24 19:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions [2011.01.28 18:49:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.08 21:45:50 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} [2012.11.21 20:06:45 | 000,000,000 | ---D | M] (Clippings) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2011.10.23 18:03:08 | 000,000,000 | ---D | M] (toolplugin) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\welcome@toolmin.com [2012.11.21 20:06:42 | 000,284,001 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\compatibility@addons.mozilla.org.xpi [2012.11.21 20:06:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\toolbar@web.de.xpi [2013.02.24 19:40:24 | 000,115,869 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.02.16 16:18:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\searchplugins\conduit.xml [2013.03.08 16:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 16:18:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 16:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2013.03.08 16:18:09 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2013.03.08 16:18:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.01.19 19:07:45 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.19 19:07:45 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.01.19 19:07:45 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.01.19 19:07:45 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.12 20:28:08 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011.10.23 18:03:09 | 000,000,158 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search the web.src [2013.01.19 19:07:45 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.19 19:07:45 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.02 22:03:55 | 000,444,763 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15275 more lines... O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357406469017 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C94311B-E53A-4875-BFA2-CDC8B70F1F17}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.07 12:59:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.26 19:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.20 07:12:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\MS\Recent [2013.03.19 21:56:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Desktop\Klavier [2013.03.09 18:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Eigene Dateien\Steuer-Sparbuch [2013.03.09 17:20:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\Buhl [2013.03.09 17:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Buhl Data Service [2013.03.09 17:17:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service [2013.03.09 17:15:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WISO Steuer-Sparbuch 2013 [2013.03.09 17:11:19 | 000,000,000 | ---D | C] -- C:\Programme\WISO [2013.03.09 17:10:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2013.03.08 16:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.26 19:24:46 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\gmer_2.1.19155.exe [2013.03.26 19:23:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.26 19:22:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.26 19:07:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.26 19:07:43 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2013.03.25 19:38:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.03.20 20:47:26 | 000,640,927 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\Stutz-Flügel.odt [2013.03.20 17:11:03 | 000,002,224 | ---- | M] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 17:07:27 | 000,002,672 | ---- | M] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.18 20:56:33 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.03.09 19:43:34 | 000,000,537 | ---- | M] () -- C:\WINDOWS\wiso.ini [2013.03.09 17:19:36 | 000,001,700 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2013.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.26 19:24:45 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\gmer_2.1.19155.exe [2013.03.26 19:22:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.20 17:11:01 | 000,002,224 | ---- | C] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 17:07:27 | 000,002,672 | ---- | C] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.19 22:16:22 | 000,640,927 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\Stutz-Flügel.odt [2013.03.09 17:20:33 | 000,000,537 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.03.09 17:19:36 | 000,001,700 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.02.02 16:50:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2013.02.02 16:50:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2013.02.02 16:49:57 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2013.02.02 16:48:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT [2013.02.02 16:48:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012.02.24 18:20:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.28 17:09:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini [2011.12.28 17:09:28 | 000,182,528 | ---- | C] () -- C:\WINDOWS\PI.EXE [2011.11.23 22:04:09 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011.11.09 20:17:20 | 002,681,344 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2011.09.27 17:42:28 | 000,000,457 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\clipdat2.rdf [2011.01.26 18:41:04 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.26 18:35:58 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.07.07 13:10:10 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.01.12 20:17:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.11 18:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2013.03.09 17:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.09.07 19:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.11.03 10:40:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.10.01 18:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.01.29 13:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.11.30 20:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.09.05 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.09.29 19:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2011.09.07 18:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft Xpansion [2013.01.05 18:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\APP_NAME_NON_STRING [2011.04.08 19:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Auslogics [2013.03.09 17:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Buhl Data Service [2010.09.07 19:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Canneverbe Limited [2011.08.18 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\EurekaLog [2010.09.07 21:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\eXPert PDF Editor [2011.01.12 20:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Greenshot [2011.12.05 19:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\IObit [2012.01.29 13:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Lexware [2011.11.23 22:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\MAGIX [2012.05.05 19:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Nokia [2010.07.09 21:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\OpenOffice.org [2012.05.05 19:52:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\PC Suite [2013.01.08 18:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\PDF Architect [2011.11.28 20:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\streamWriter [2011.11.09 20:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Tobit [2012.06.18 18:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\wtxpcom [2012.01.06 21:11:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\XnView ========== Purity Check ========== < End of report > GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-26 22:51:29 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380020A rev.3.39 74,53GB Running: gmer_2.1.19155.exe; Driver: C:\DOKUME~1\MS\LOKALE~1\Temp\pxtdypoc.sys ---- System - GMER 2.1 ---- SSDT 894D4A18 ZwAlertResumeThread SSDT 894D49E0 ZwAlertThread SSDT 894431F0 ZwAllocateVirtualMemory SSDT 89455A20 ZwAssignProcessToJobObject SSDT 892AA948 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xB8824710] SSDT 8929D480 ZwCreateMutant SSDT 894B0688 ZwCreateSymbolicLinkObject SSDT 89737CF0 ZwCreateThread SSDT 894534C0 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xB8824990] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xB8824EF0] SSDT 892E61F0 ZwDuplicateObject SSDT 89213A30 ZwFreeVirtualMemory SSDT 894C8240 ZwImpersonateAnonymousToken SSDT 894A6600 ZwImpersonateThread SSDT 89404B98 ZwLoadDriver SSDT 894D0130 ZwMapViewOfSection SSDT 8949C1C0 ZwOpenEvent SSDT 892F54D8 ZwOpenProcess SSDT 89451370 ZwOpenProcessToken SSDT 89482C20 ZwOpenSection SSDT 894761F0 ZwOpenThread SSDT 894B01A0 ZwProtectVirtualMemory SSDT 894D2BC8 ZwResumeThread SSDT 8944F148 ZwSetContextThread SSDT 893D0240 ZwSetInformationProcess SSDT 894556C0 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xB8825140] SSDT 894788A0 ZwSuspendProcess SSDT 89721160 ZwSuspendThread SSDT 8945B190 ZwTerminateProcess SSDT 89401DE0 ZwTerminateThread SSDT 89404E08 ZwUnmapViewOfSection SSDT 890E71F8 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- ? SYMDS.SYS Das System kann die angegebene Datei nicht finden. ! ? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ---- |
|
02.04.2013, 12:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.04.2013, 20:12
| #3 |
| | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo Cosinus,
__________________besten Dank für die antwort. Ich habe Malwarebytes und OTL und GMER laufen lassen. Ich hoffe ich habe die LOG-files nun richtig eingefügt. Grüße aus dem Norden Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.31.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 MS :: MS-PC [Administrator] Schutz: Aktiviert 31.03.2013 13:24:31 mbam-log-2013-03-31 (13-24-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 253266 Laufzeit: 4 Stunde(n), 1 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.03.2013 19:28:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MS\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 48,86% Memory free 2,98 Gb Paging File | 2,52 Gb Available in Paging File | 84,54% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,25 Gb Total Space | 19,11 Gb Free Space | 51,31% Space Free | Partition Type: NTFS Drive D: | 34,35 Gb Total Space | 5,02 Gb Free Space | 14,61% Space Free | Partition Type: NTFS Drive E: | 2,92 Gb Total Space | 1,56 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Computer Name: MS-PC | User Name: MS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.26 19:23:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\5.2.2.3\ccsvchst.exe PRC - [2011.01.05 06:03:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\PerfectDisk_11_Pro\PDAgent.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.03.16 18:57:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 16:18:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011.01.05 06:03:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Programme\PerfectDisk_11_Pro\PDAgent.exe -- (PDAgent) SRV - [2011.01.05 06:02:50 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Programme\PerfectDisk_11_Pro\PDEngine.exe -- (PDEngine) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009.07.13 13:51:46 | 000,160,768 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\soft Xpansion\SXDS10.exe -- (SXDS10) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS -- (PROCEXP150) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.01.16 18:32:12 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130325.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 18:32:10 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130325.004\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.09.01 01:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130322.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.08.18 14:42:35 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.18 14:42:35 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2011.09.29 20:17:01 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.04.21 02:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI) DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2010.11.16 02:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2010.08.11 07:10:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001.08.17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes\{FB909426-9B52-425D-8336-755FB1C8F597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/search?client=firefox-a&rls=org.mozilla%3Ade%3Aofficial&channel=s&hl=de&source=hp&q=schwarzes+Brett+Bremen&meta=&btnG=Google-Suche" FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.11 13:17:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013.03.26 19:08:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.10.01 18:25:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.01.05 18:47:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.08 16:18:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.08 16:18:30 | 000,000,000 | ---D | M] [2010.09.07 18:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Extensions [2013.02.24 19:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions [2011.01.28 18:49:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.08 21:45:50 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} [2012.11.21 20:06:45 | 000,000,000 | ---D | M] (Clippings) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2011.10.23 18:03:08 | 000,000,000 | ---D | M] (toolplugin) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\welcome@toolmin.com [2012.11.21 20:06:42 | 000,284,001 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\compatibility@addons.mozilla.org.xpi [2012.11.21 20:06:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\toolbar@web.de.xpi [2013.02.24 19:40:24 | 000,115,869 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.02.16 16:18:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\searchplugins\conduit.xml [2013.03.08 16:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 16:18:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 16:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2013.03.08 16:18:09 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2013.03.08 16:18:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.01.19 19:07:45 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.19 19:07:45 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.01.19 19:07:45 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.01.19 19:07:45 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.12 20:28:08 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011.10.23 18:03:09 | 000,000,158 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search the web.src [2013.01.19 19:07:45 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.19 19:07:45 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.02 22:03:55 | 000,444,763 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15275 more lines... O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357406469017 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C94311B-E53A-4875-BFA2-CDC8B70F1F17}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.07 12:59:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.26 19:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.20 07:12:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\MS\Recent [2013.03.19 21:56:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Desktop\Klavier [2013.03.09 18:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Eigene Dateien\Steuer-Sparbuch [2013.03.09 17:20:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\Buhl [2013.03.09 17:17:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Buhl Data Service [2013.03.09 17:17:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service [2013.03.09 17:15:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WISO Steuer-Sparbuch 2013 [2013.03.09 17:11:19 | 000,000,000 | ---D | C] -- C:\Programme\WISO [2013.03.09 17:10:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2013.03.08 16:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.26 19:24:46 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\gmer_2.1.19155.exe [2013.03.26 19:23:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.26 19:22:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.26 19:07:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.26 19:07:43 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2013.03.25 19:38:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.03.20 20:47:26 | 000,640,927 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\Stutz-Flügel.odt [2013.03.20 17:11:03 | 000,002,224 | ---- | M] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 17:07:27 | 000,002,672 | ---- | M] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.18 20:56:33 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.03.09 19:43:34 | 000,000,537 | ---- | M] () -- C:\WINDOWS\wiso.ini [2013.03.09 17:19:36 | 000,001,700 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2013.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.26 19:24:45 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\gmer_2.1.19155.exe [2013.03.26 19:22:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.20 17:11:01 | 000,002,224 | ---- | C] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 17:07:27 | 000,002,672 | ---- | C] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.19 22:16:22 | 000,640,927 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\Stutz-Flügel.odt [2013.03.09 17:20:33 | 000,000,537 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.03.09 17:19:36 | 000,001,700 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.02.02 16:50:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2013.02.02 16:50:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2013.02.02 16:49:57 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2013.02.02 16:48:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT [2013.02.02 16:48:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012.02.24 18:20:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.28 17:09:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini [2011.12.28 17:09:28 | 000,182,528 | ---- | C] () -- C:\WINDOWS\PI.EXE [2011.11.23 22:04:09 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011.11.09 20:17:20 | 002,681,344 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2011.09.27 17:42:28 | 000,000,457 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\clipdat2.rdf [2011.01.26 18:41:04 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.26 18:35:58 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.07.07 13:10:10 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.01.12 20:17:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.11 18:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2013.03.09 17:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.09.07 19:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.11.03 10:40:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.10.01 18:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.01.29 13:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.11.30 20:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.09.05 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.09.29 19:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2011.09.07 18:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft Xpansion [2013.01.05 18:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\APP_NAME_NON_STRING [2011.04.08 19:10:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Auslogics [2013.03.09 17:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Buhl Data Service [2010.09.07 19:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Canneverbe Limited [2011.08.18 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\EurekaLog [2010.09.07 21:07:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\eXPert PDF Editor [2011.01.12 20:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Greenshot [2011.12.05 19:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\IObit [2012.01.29 13:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Lexware [2011.11.23 22:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\MAGIX [2012.05.05 19:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Nokia [2010.07.09 21:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\OpenOffice.org [2012.05.05 19:52:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\PC Suite [2013.01.08 18:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\PDF Architect [2011.11.28 20:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\streamWriter [2011.11.09 20:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Tobit [2012.06.18 18:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\wtxpcom [2012.01.06 21:11:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\XnView ========== Purity Check ========== < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.03.2013 19:28:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,25 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 48,86% Memory free
2,98 Gb Paging File | 2,52 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,25 Gb Total Space | 19,11 Gb Free Space | 51,31% Space Free | Partition Type: NTFS
Drive D: | 34,35 Gb Total Space | 5,02 Gb Free Space | 14,61% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 1,56 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
Computer Name: MS-PC | User Name: MS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Tobit Radio.fx\Server\rfx-server.exe" = C:\Programme\Tobit Radio.fx\Server\rfx-server.exe:*:Enabled:Radio.fx Server
"C:\Programme\Tobit Radio.fx\Client\rfx-client.exe" = C:\Programme\Tobit Radio.fx\Client\rfx-client.exe:*:Enabled:Radio.fx Client
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1FD1567B-0129-4FA0-914C-F3E02833F77B}" = soft Xpansion Perfect PDF 5 Premium
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E281D5E-A6AE-41AB-8514-C3FB0ED6CAF9}_is1" = PC-WELT Sicherheits-Check 1.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J220
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FreeCommander_is1" = FreeCommander 2009.02a
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Greenshot_is1" = Greenshot
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Nokia PC Suite" = Nokia PC Suite
"Speccy" = Speccy
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"XnView_is1" = XnView 1.98.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.01.2012 14:49:49 | Computer Name = MS-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 11.02.2012 05:47:44 | Computer Name = MS-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 24.02.2012 15:53:49 | Computer Name = MS-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 18.03.2012 15:06:43 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FreeCommander.exe, Version 2009.2.0.410, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2012 11:08:34 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.1.4421, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2012 11:08:35 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.1.4421, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2012 11:16:59 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.1.4421, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 16.02.2013 11:40:01 | Computer Name = MS-PC | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 17.02.2013 06:40:53 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst N360.
< End of report >
[/CODE] Code:
ATTFilter GMER Logfile: |
|
02.04.2013, 20:20
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.04.2013, 22:38
| #5 |
| | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo Cosinus, Malwarebytes Anti-Rootkit ist problemlos durchgelaufen. Die anderen beiden Programme starte ich am Mittwoch. Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.02.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MS :: MS-PC [administrator]
02.04.2013 23:21:05
mbar-log-2013-04-02 (23-21-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 24921
Time elapsed: 1 hour(s), 10 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
alle 3 Programme sind ohne Probleme gestartet und durchgelaufen. Kein Programm hat etwas gefunden. Anbei alle 3 Log files. Grüße Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.02.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MS :: MS-PC [administrator]
02.04.2013 23:21:05
mbar-log-2013-04-02 (23-21-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 24921
Time elapsed: 1 hour(s), 10 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-03 08:07:05
-----------------------------
08:07:05.312 OS Version: Windows 5.1.2600 Service Pack 3
08:07:05.312 Number of processors: 1 586 0x102
08:07:05.328 ComputerName: MS-PC UserName: MS
08:07:14.046 Initialize success
08:18:23.140 AVAST engine defs: 13040201
08:26:34.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:26:34.906 Disk 0 Vendor: ST380020A 3.39 Size: 76319MB BusType: 3
08:26:35.218 Disk 0 MBR read successfully
08:26:35.218 Disk 0 MBR scan
08:26:35.468 Disk 0 Windows XP default MBR code
08:26:35.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
08:26:35.500 Disk 0 Partition - 00 0F Extended LBA 38170 MB offset 78124095
08:26:35.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 35173 MB offset 78124158
08:26:35.546 Disk 0 Partition - 00 05 Extended 2996 MB offset 150159555
08:26:35.578 Disk 0 Partition 3 00 0B FAT32 MSDOS5.0 2996 MB offset 150159618
08:26:35.593 Disk 0 scanning sectors +156296385
08:26:36.000 Disk 0 scanning C:\WINDOWS\system32\drivers
08:27:23.578 Service scanning
08:28:53.156 Modules scanning
08:29:42.718 Disk 0 trace - called modules:
08:29:42.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
08:29:42.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8974bab8]
08:29:42.734 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8974ef18]
08:29:42.734 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89789940]
08:29:44.453 AVAST engine scan C:\WINDOWS
08:29:55.093 AVAST engine scan C:\WINDOWS\system32
08:43:58.937 AVAST engine scan C:\WINDOWS\system32\drivers
08:44:38.437 AVAST engine scan C:\Dokumente und Einstellungen\MS
08:48:09.890 AVAST engine scan C:\Dokumente und Einstellungen\All Users
08:52:41.140 Scan finished successfully
08:55:00.296 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\MS\Desktop\MBR.dat"
08:55:00.312 The log file has been saved successfully to "C:\Dokumente und Einstellungen\MS\Desktop\aswMBR.txt"
Code:
ATTFilter
13:37:44.0265 2924 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:37:46.0265 2924 ============================================================
13:37:46.0265 2924 Current date / time: 2013/04/03 13:37:46.0265
13:37:46.0265 2924 SystemInfo:
13:37:46.0265 2924
13:37:46.0265 2924 OS Version: 5.1.2600 ServicePack: 3.0
13:37:46.0265 2924 Product type: Workstation
13:37:46.0265 2924 ComputerName: MS-PC
13:37:46.0265 2924 UserName: MS
13:37:46.0265 2924 Windows directory: C:\WINDOWS
13:37:46.0265 2924 System windows directory: C:\WINDOWS
13:37:46.0265 2924 Processor architecture: Intel x86
13:37:46.0265 2924 Number of processors: 1
13:37:46.0265 2924 Page size: 0x1000
13:37:46.0265 2924 Boot type: Normal boot
13:37:46.0265 2924 ============================================================
13:37:52.0234 2924 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:37:52.0281 2924 ============================================================
13:37:52.0281 2924 \Device\Harddisk0\DR0:
13:37:52.0281 2924 MBR partitions:
13:37:52.0281 2924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
13:37:52.0296 2924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A8147E, BlocksNum 0x44B2C45
13:37:52.0328 2924 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x8F34102, BlocksNum 0x5DA3BF
13:37:52.0328 2924 ============================================================
13:37:52.0359 2924 D: <-> \Device\Harddisk0\DR0\Partition2
13:37:52.0359 2924 E: <-> \Device\Harddisk0\DR0\Partition3
13:37:52.0421 2924 C: <-> \Device\Harddisk0\DR0\Partition1
13:37:52.0421 2924 ============================================================
13:37:52.0421 2924 Initialize success
13:37:52.0421 2924 ============================================================
13:38:06.0875 2504 ============================================================
13:38:06.0875 2504 Scan started
13:38:06.0875 2504 Mode: Manual;
13:38:06.0875 2504 ============================================================
13:38:07.0453 2504 ================ Scan system memory ========================
13:38:07.0453 2504 System memory - ok
13:38:07.0453 2504 ================ Scan services =============================
13:38:07.0718 2504 Abiosdsk - ok
13:38:07.0750 2504 abp480n5 - ok
13:38:07.0828 2504 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
13:38:07.0859 2504 ac97intc - ok
13:38:07.0968 2504 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:38:08.0000 2504 ACPI - ok
13:38:08.0046 2504 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:38:08.0062 2504 ACPIEC - ok
13:38:08.0328 2504 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:38:08.0421 2504 AdobeFlashPlayerUpdateSvc - ok
13:38:08.0437 2504 adpu160m - ok
13:38:08.0531 2504 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:38:08.0562 2504 aec - ok
13:38:08.0671 2504 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:38:08.0718 2504 AFD - ok
13:38:08.0781 2504 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:38:08.0781 2504 agp440 - ok
13:38:08.0796 2504 Aha154x - ok
13:38:08.0812 2504 aic78u2 - ok
13:38:08.0843 2504 aic78xx - ok
13:38:08.0906 2504 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:38:08.0906 2504 Alerter - ok
13:38:08.0953 2504 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
13:38:08.0968 2504 ALG - ok
13:38:08.0984 2504 AliIde - ok
13:38:09.0000 2504 amsint - ok
13:38:09.0015 2504 AppMgmt - ok
13:38:09.0031 2504 asc - ok
13:38:09.0046 2504 asc3350p - ok
13:38:09.0062 2504 asc3550 - ok
13:38:09.0296 2504 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:38:09.0359 2504 aspnet_state - ok
13:38:09.0421 2504 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:38:09.0421 2504 AsyncMac - ok
13:38:09.0500 2504 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:38:09.0500 2504 atapi - ok
13:38:09.0515 2504 Atdisk - ok
13:38:09.0562 2504 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:38:09.0593 2504 Atmarpc - ok
13:38:09.0656 2504 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:38:09.0671 2504 AudioSrv - ok
13:38:09.0718 2504 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:38:09.0734 2504 audstub - ok
13:38:09.0796 2504 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:38:09.0796 2504 Beep - ok
13:38:10.0390 2504 [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
13:38:10.0703 2504 BHDrvx86 - ok
13:38:10.0875 2504 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
13:38:11.0015 2504 BITS - ok
13:38:11.0093 2504 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
13:38:11.0125 2504 Browser - ok
13:38:11.0171 2504 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
13:38:11.0187 2504 BrScnUsb - ok
13:38:11.0484 2504 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Programme\Browny02\BrYNSvc.exe
13:38:11.0578 2504 BrYNSvc - ok
13:38:11.0625 2504 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:38:11.0640 2504 cbidf2k - ok
13:38:11.0656 2504 cd20xrnt - ok
13:38:11.0718 2504 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:38:11.0718 2504 Cdaudio - ok
13:38:11.0765 2504 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:38:11.0781 2504 Cdfs - ok
13:38:11.0859 2504 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:38:11.0875 2504 Cdrom - ok
13:38:11.0890 2504 Changer - ok
13:38:11.0953 2504 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc C:\WINDOWS\System32\cisvc.exe
13:38:11.0953 2504 cisvc - ok
13:38:11.0984 2504 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:38:12.0000 2504 ClipSrv - ok
13:38:12.0109 2504 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:38:12.0156 2504 clr_optimization_v2.0.50727_32 - ok
13:38:12.0234 2504 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:38:12.0437 2504 clr_optimization_v4.0.30319_32 - ok
13:38:12.0453 2504 CmdIde - ok
13:38:12.0468 2504 COMSysApp - ok
13:38:12.0515 2504 Cpqarray - ok
13:38:12.0578 2504 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:38:12.0593 2504 CryptSvc - ok
13:38:12.0609 2504 dac2w2k - ok
13:38:12.0625 2504 dac960nt - ok
13:38:12.0812 2504 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:38:12.0937 2504 DcomLaunch - ok
13:38:13.0031 2504 [ 4BB22F61E7257ED353A39130B3ED2461 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
13:38:13.0046 2504 DefragFS - ok
13:38:13.0140 2504 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:38:13.0187 2504 Dhcp - ok
13:38:13.0218 2504 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:38:13.0218 2504 Disk - ok
13:38:13.0234 2504 dmadmin - ok
13:38:13.0656 2504 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:38:13.0906 2504 dmboot - ok
13:38:13.0984 2504 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:38:14.0031 2504 dmio - ok
13:38:14.0062 2504 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:38:14.0078 2504 dmload - ok
13:38:14.0125 2504 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:38:14.0125 2504 dmserver - ok
13:38:14.0171 2504 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:38:14.0187 2504 DMusic - ok
13:38:14.0265 2504 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:38:14.0281 2504 Dnscache - ok
13:38:14.0468 2504 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:38:14.0515 2504 Dot3svc - ok
13:38:14.0531 2504 dpti2o - ok
13:38:14.0578 2504 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:38:14.0578 2504 drmkaud - ok
13:38:14.0625 2504 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:38:14.0640 2504 EapHost - ok
13:38:14.0843 2504 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
13:38:14.0968 2504 eeCtrl - ok
13:38:15.0031 2504 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:38:15.0062 2504 EraserUtilRebootDrv - ok
13:38:15.0109 2504 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:38:15.0125 2504 ERSvc - ok
13:38:15.0203 2504 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
13:38:15.0250 2504 Eventlog - ok
13:38:15.0421 2504 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
13:38:15.0562 2504 EventSystem - ok
13:38:15.0640 2504 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:38:15.0656 2504 Fastfat - ok
13:38:15.0765 2504 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:38:15.0796 2504 FastUserSwitchingCompatibility - ok
13:38:15.0859 2504 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:38:15.0875 2504 Fdc - ok
13:38:15.0906 2504 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:38:15.0921 2504 Fips - ok
13:38:15.0953 2504 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:38:15.0953 2504 Flpydisk - ok
13:38:16.0046 2504 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:38:16.0078 2504 FltMgr - ok
13:38:16.0187 2504 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:38:16.0203 2504 FontCache3.0.0.0 - ok
13:38:16.0250 2504 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:38:16.0250 2504 Fs_Rec - ok
13:38:16.0312 2504 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:38:16.0328 2504 Ftdisk - ok
13:38:16.0359 2504 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:38:16.0359 2504 gameenum - ok
13:38:16.0531 2504 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:38:16.0531 2504 GEARAspiWDM - ok
13:38:16.0593 2504 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:38:16.0609 2504 Gpc - ok
13:38:16.0718 2504 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:38:16.0734 2504 helpsvc - ok
13:38:16.0750 2504 HidServ - ok
13:38:16.0828 2504 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:38:16.0843 2504 hkmsvc - ok
13:38:16.0859 2504 hpn - ok
13:38:16.0875 2504 hpt3xx - ok
13:38:17.0000 2504 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:38:17.0109 2504 HTTP - ok
13:38:17.0171 2504 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:38:17.0187 2504 HTTPFilter - ok
13:38:17.0203 2504 i2omgmt - ok
13:38:17.0218 2504 i2omp - ok
13:38:17.0281 2504 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:38:17.0296 2504 i8042prt - ok
13:38:17.0796 2504 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:38:18.0078 2504 idsvc - ok
13:38:18.0296 2504 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130402.001\IDSxpx86.sys
13:38:18.0406 2504 IDSxpx86 - ok
13:38:18.0562 2504 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:38:18.0578 2504 Imapi - ok
13:38:18.0781 2504 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
13:38:18.0859 2504 ImapiService - ok
13:38:18.0890 2504 ini910u - ok
13:38:19.0046 2504 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:38:19.0078 2504 IntelIde - ok
13:38:19.0203 2504 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:38:19.0296 2504 ip6fw - ok
13:38:19.0531 2504 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:38:19.0687 2504 IpFilterDriver - ok
13:38:19.0765 2504 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:38:19.0828 2504 IpInIp - ok
13:38:19.0921 2504 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:38:20.0015 2504 IpNat - ok
13:38:20.0062 2504 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:38:20.0125 2504 IPSec - ok
13:38:20.0296 2504 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:38:20.0390 2504 IRENUM - ok
13:38:20.0453 2504 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:38:20.0640 2504 isapnp - ok
13:38:21.0687 2504 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
13:38:21.0734 2504 JavaQuickStarterService - ok
13:38:21.0796 2504 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:38:21.0875 2504 Kbdclass - ok
13:38:22.0031 2504 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:38:22.0093 2504 kmixer - ok
13:38:22.0281 2504 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:38:22.0375 2504 KSecDD - ok
13:38:22.0656 2504 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:38:22.0687 2504 lanmanserver - ok
13:38:22.0906 2504 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:38:22.0953 2504 lanmanworkstation - ok
13:38:22.0968 2504 lbrtfdc - ok
13:38:23.0078 2504 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:38:23.0140 2504 LmHosts - ok
13:38:23.0296 2504 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:38:23.0312 2504 MBAMProtector - ok
13:38:23.0890 2504 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:38:24.0046 2504 MBAMScheduler - ok
13:38:24.0562 2504 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
13:38:25.0421 2504 MBAMService - ok
13:38:26.0015 2504 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:38:26.0109 2504 Messenger - ok
13:38:26.0203 2504 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:38:26.0234 2504 mnmdd - ok
13:38:26.0328 2504 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
13:38:26.0375 2504 mnmsrvc - ok
13:38:26.0531 2504 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:38:26.0718 2504 Modem - ok
13:38:26.0796 2504 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:38:26.0875 2504 Mouclass - ok
13:38:26.0921 2504 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:38:26.0921 2504 MountMgr - ok
13:38:27.0078 2504 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:38:27.0187 2504 MozillaMaintenance - ok
13:38:27.0203 2504 mraid35x - ok
13:38:27.0375 2504 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:38:27.0421 2504 MRxDAV - ok
13:38:27.0937 2504 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:38:28.0203 2504 MRxSmb - ok
13:38:28.0375 2504 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:38:28.0468 2504 MSDTC - ok
13:38:28.0531 2504 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:38:28.0546 2504 Msfs - ok
13:38:28.0562 2504 MSIServer - ok
13:38:28.0593 2504 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:38:28.0609 2504 MSKSSRV - ok
13:38:28.0625 2504 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:38:28.0640 2504 MSPCLOCK - ok
13:38:28.0812 2504 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:38:28.0812 2504 MSPQM - ok
13:38:28.0859 2504 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:38:28.0859 2504 mssmbios - ok
13:38:28.0921 2504 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
13:38:28.0921 2504 ms_mpu401 - ok
13:38:29.0015 2504 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:38:29.0031 2504 Mup - ok
13:38:29.0203 2504 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
13:38:29.0203 2504 N360 - ok
13:38:29.0343 2504 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
13:38:29.0453 2504 napagent - ok
13:38:29.0562 2504 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130402.025\NAVENG.SYS
13:38:29.0578 2504 NAVENG - ok
13:38:30.0312 2504 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130402.025\NAVEX15.SYS
13:38:30.0921 2504 NAVEX15 - ok
13:38:31.0015 2504 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:38:31.0046 2504 NDIS - ok
13:38:31.0109 2504 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:38:31.0109 2504 NdisTapi - ok
13:38:31.0187 2504 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:38:31.0187 2504 Ndisuio - ok
13:38:31.0234 2504 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:38:31.0265 2504 NdisWan - ok
13:38:31.0328 2504 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:38:31.0343 2504 NDProxy - ok
13:38:31.0390 2504 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:38:31.0406 2504 NetBIOS - ok
13:38:31.0500 2504 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:38:31.0546 2504 NetBT - ok
13:38:31.0625 2504 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
13:38:31.0671 2504 NetDDE - ok
13:38:31.0718 2504 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:38:31.0718 2504 NetDDEdsdm - ok
13:38:31.0921 2504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
13:38:31.0921 2504 Netlogon - ok
13:38:32.0015 2504 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
13:38:32.0078 2504 Netman - ok
13:38:32.0156 2504 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:38:32.0218 2504 NetTcpPortSharing - ok
13:38:32.0343 2504 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:38:32.0406 2504 Nla - ok
13:38:32.0500 2504 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
13:38:32.0515 2504 NMSAccess - ok
13:38:32.0562 2504 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:38:32.0562 2504 Npfs - ok
13:38:32.0875 2504 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:38:33.0031 2504 Ntfs - ok
13:38:33.0062 2504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
13:38:33.0062 2504 NtLmSsp - ok
13:38:33.0234 2504 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:38:33.0375 2504 NtmsSvc - ok
13:38:33.0421 2504 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:38:33.0421 2504 Null - ok
13:38:34.0187 2504 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:38:34.0765 2504 nv - ok
13:38:35.0140 2504 [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4 C:\WINDOWS\system32\DRIVERS\nv4.sys
13:38:35.0375 2504 nv4 - ok
13:38:35.0437 2504 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:38:35.0437 2504 NwlnkFlt - ok
13:38:35.0484 2504 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:38:35.0500 2504 NwlnkFwd - ok
13:38:35.0546 2504 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:38:35.0578 2504 Parport - ok
13:38:35.0640 2504 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:38:35.0640 2504 PartMgr - ok
13:38:35.0703 2504 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:38:35.0703 2504 ParVdm - ok
13:38:35.0765 2504 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:38:35.0765 2504 pccsmcfd - ok
13:38:35.0812 2504 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:38:35.0828 2504 PCI - ok
13:38:35.0953 2504 PCIDump - ok
13:38:35.0968 2504 PCIIde - ok
13:38:36.0031 2504 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:38:36.0078 2504 Pcmcia - ok
13:38:36.0593 2504 [ 5F422A3DBF7E7E791F182ACA06D8FD0F ] PDAgent C:\Programme\PerfectDisk_11_Pro\PDAgent.exe
13:38:37.0171 2504 PDAgent - ok
13:38:37.0187 2504 PDCOMP - ok
13:38:37.0656 2504 [ C88664DC38694D2F39C0F39F426CBF77 ] PDEngine C:\Programme\PerfectDisk_11_Pro\PDEngine.exe
13:38:38.0218 2504 PDEngine - ok
13:38:38.0234 2504 PDFRAME - ok
13:38:38.0250 2504 PDRELI - ok
13:38:38.0265 2504 PDRFRAME - ok
13:38:38.0281 2504 perc2 - ok
13:38:38.0296 2504 perc2hib - ok
13:38:38.0390 2504 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
13:38:38.0406 2504 PlugPlay - ok
13:38:38.0421 2504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
13:38:38.0421 2504 PolicyAgent - ok
13:38:38.0500 2504 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:38:38.0515 2504 PptpMiniport - ok
13:38:38.0531 2504 PROCEXP150 - ok
13:38:38.0562 2504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:38:38.0562 2504 ProtectedStorage - ok
13:38:38.0609 2504 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:38:38.0625 2504 PSched - ok
13:38:38.0703 2504 [ D7DBFBC453B645111E6D21142305E80B ] ptakljjcjkuh C:\WINDOWS\system32\drivers\ptakljjcjkuh.sys
13:38:38.0734 2504 ptakljjcjkuh - ok
13:38:38.0765 2504 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:38:38.0781 2504 Ptilink - ok
13:38:38.0796 2504 ql1080 - ok
13:38:38.0812 2504 Ql10wnt - ok
13:38:38.0828 2504 ql12160 - ok
13:38:38.0843 2504 ql1240 - ok
13:38:38.0859 2504 ql1280 - ok
13:38:39.0046 2504 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:38:39.0062 2504 RasAcd - ok
13:38:39.0125 2504 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:38:39.0156 2504 RasAuto - ok
13:38:39.0203 2504 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:38:39.0218 2504 Rasl2tp - ok
13:38:39.0328 2504 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:38:39.0390 2504 RasMan - ok
13:38:39.0421 2504 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:38:39.0437 2504 RasPppoe - ok
13:38:39.0468 2504 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:38:39.0468 2504 Raspti - ok
13:38:39.0546 2504 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:38:39.0593 2504 Rdbss - ok
13:38:39.0625 2504 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:38:39.0625 2504 RDPCDD - ok
13:38:39.0718 2504 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:38:39.0765 2504 RDPWD - ok
13:38:39.0843 2504 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:38:40.0000 2504 RDSessMgr - ok
13:38:40.0078 2504 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:38:40.0093 2504 redbook - ok
13:38:40.0156 2504 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:38:40.0171 2504 RemoteAccess - ok
13:38:40.0218 2504 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
13:38:40.0250 2504 RpcLocator - ok
13:38:40.0406 2504 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:38:40.0421 2504 RpcSs - ok
13:38:40.0500 2504 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
13:38:40.0546 2504 RSVP - ok
13:38:40.0593 2504 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:38:40.0609 2504 rtl8139 - ok
13:38:40.0625 2504 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:38:40.0625 2504 SamSs - ok
13:38:40.0703 2504 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:38:40.0750 2504 SCardSvr - ok
13:38:40.0843 2504 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:38:41.0015 2504 Schedule - ok
13:38:41.0062 2504 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:38:41.0062 2504 Secdrv - ok
13:38:41.0125 2504 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
13:38:41.0140 2504 seclogon - ok
13:38:41.0171 2504 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
13:38:41.0187 2504 SENS - ok
13:38:41.0218 2504 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:38:41.0234 2504 serenum - ok
13:38:41.0265 2504 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:38:41.0296 2504 Serial - ok
13:38:41.0562 2504 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
13:38:41.0578 2504 ServiceLayer - ok
13:38:41.0671 2504 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:38:41.0687 2504 Sfloppy - ok
13:38:41.0828 2504 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:38:42.0046 2504 SharedAccess - ok
13:38:42.0125 2504 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:38:42.0125 2504 ShellHWDetection - ok
13:38:42.0140 2504 Simbad - ok
13:38:42.0171 2504 Sparrow - ok
13:38:42.0203 2504 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:38:42.0203 2504 splitter - ok
13:38:42.0281 2504 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:38:42.0296 2504 Spooler - ok
13:38:42.0343 2504 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:38:42.0359 2504 sr - ok
13:38:42.0468 2504 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
13:38:42.0531 2504 srservice - ok
13:38:42.0765 2504 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
13:38:43.0062 2504 SRTSP - ok
13:38:43.0109 2504 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
13:38:43.0140 2504 SRTSPX - ok
13:38:43.0437 2504 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:38:43.0531 2504 Srv - ok
13:38:43.0609 2504 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:38:43.0671 2504 SSDPSRV - ok
13:38:43.0703 2504 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
13:38:43.0703 2504 StarOpen - ok
13:38:43.0875 2504 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:38:44.0218 2504 stisvc - ok
13:38:44.0437 2504 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:38:44.0437 2504 swenum - ok
13:38:44.0484 2504 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:38:44.0500 2504 swmidi - ok
13:38:44.0515 2504 SwPrv - ok
13:38:44.0640 2504 [ DAEC63566C399E59B91F8993A491D5DB ] SXDS10 C:\Programme\Gemeinsame Dateien\soft Xpansion\SXDS10.exe
13:38:44.0687 2504 SXDS10 - ok
13:38:44.0703 2504 symc810 - ok
13:38:44.0718 2504 symc8xx - ok
13:38:44.0859 2504 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
13:38:44.0968 2504 SymDS - ok
13:38:45.0343 2504 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
13:38:45.0578 2504 SymEFA - ok
13:38:45.0671 2504 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:38:45.0718 2504 SymEvent - ok
13:38:45.0812 2504 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
13:38:45.0859 2504 SymIRON - ok
13:38:46.0062 2504 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
13:38:46.0359 2504 SYMTDI - ok
13:38:46.0390 2504 sym_hi - ok
13:38:46.0406 2504 sym_u3 - ok
13:38:46.0484 2504 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:38:46.0500 2504 sysaudio - ok
13:38:46.0578 2504 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:38:46.0609 2504 SysmonLog - ok
13:38:46.0718 2504 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:38:46.0796 2504 TapiSrv - ok
13:38:46.0968 2504 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:38:47.0187 2504 Tcpip - ok
13:38:47.0234 2504 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:38:47.0234 2504 TDPIPE - ok
13:38:47.0265 2504 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:38:47.0281 2504 TDTCP - ok
13:38:47.0328 2504 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:38:47.0343 2504 TermDD - ok
13:38:47.0484 2504 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:38:47.0578 2504 TermService - ok
13:38:47.0656 2504 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:38:47.0656 2504 Themes - ok
13:38:47.0671 2504 TosIde - ok
13:38:47.0718 2504 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:38:47.0750 2504 TrkWks - ok
13:38:47.0812 2504 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:38:47.0843 2504 Udfs - ok
13:38:47.0859 2504 ultra - ok
13:38:48.0031 2504 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:38:48.0328 2504 Update - ok
13:38:48.0437 2504 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:38:48.0500 2504 upnphost - ok
13:38:48.0546 2504 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
13:38:48.0546 2504 UPS - ok
13:38:48.0609 2504 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:38:48.0625 2504 usbccgp - ok
13:38:48.0687 2504 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:38:48.0718 2504 usbhub - ok
13:38:48.0765 2504 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:38:48.0781 2504 usbprint - ok
13:38:48.0843 2504 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
13:38:48.0859 2504 usbser - ok
13:38:48.0890 2504 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:38:48.0906 2504 USBSTOR - ok
13:38:48.0953 2504 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:38:48.0953 2504 usbuhci - ok
13:38:49.0000 2504 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:38:49.0000 2504 VgaSave - ok
13:38:49.0015 2504 ViaIde - ok
13:38:49.0250 2504 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:38:49.0250 2504 VolSnap - ok
13:38:49.0390 2504 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:38:49.0484 2504 VSS - ok
13:38:49.0562 2504 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
13:38:49.0625 2504 W32Time - ok
13:38:49.0671 2504 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:38:49.0671 2504 Wanarp - ok
13:38:49.0875 2504 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:38:50.0015 2504 Wdf01000 - ok
13:38:50.0031 2504 WDICA - ok
13:38:50.0281 2504 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:38:50.0312 2504 wdmaud - ok
13:38:50.0390 2504 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:38:50.0421 2504 WebClient - ok
13:38:50.0578 2504 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:38:50.0625 2504 winmgmt - ok
13:38:50.0718 2504 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:38:50.0734 2504 WmdmPmSN - ok
13:38:50.0828 2504 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:38:50.0875 2504 WmiApSrv - ok
13:38:51.0281 2504 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:38:51.0515 2504 WPFFontCache_v0400 - ok
13:38:51.0593 2504 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:38:51.0625 2504 wscsvc - ok
13:38:51.0656 2504 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:38:51.0656 2504 wuauserv - ok
13:38:51.0859 2504 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:38:52.0015 2504 WZCSVC - ok
13:38:52.0109 2504 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:38:52.0156 2504 xmlprov - ok
13:38:52.0156 2504 ================ Scan global ===============================
13:38:52.0218 2504 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
13:38:52.0359 2504 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:38:52.0578 2504 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:38:52.0625 2504 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
13:38:52.0640 2504 [Global] - ok
13:38:52.0640 2504 ================ Scan MBR ==================================
13:38:52.0671 2504 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
13:38:52.0937 2504 \Device\Harddisk0\DR0 - ok
13:38:52.0953 2504 ================ Scan VBR ==================================
13:38:52.0953 2504 [ 9A345D0CA7625E8B638D31A135AB55E1 ] \Device\Harddisk0\DR0\Partition1
13:38:52.0968 2504 \Device\Harddisk0\DR0\Partition1 - ok
13:38:53.0000 2504 [ 73E3C56B81359A0D4D2EE35BEE3A0353 ] \Device\Harddisk0\DR0\Partition2
13:38:53.0015 2504 \Device\Harddisk0\DR0\Partition2 - ok
13:38:53.0046 2504 [ 33A235EA645E417CD8AE45D90E701DEF ] \Device\Harddisk0\DR0\Partition3
13:38:53.0046 2504 \Device\Harddisk0\DR0\Partition3 - ok
13:38:53.0046 2504 ============================================================
13:38:53.0046 2504 Scan finished
13:38:53.0046 2504 ============================================================
13:38:53.0078 1140 Detected object count: 0
13:38:53.0078 1140 Actual detected object count: 0
|
|
03.04.2013, 14:51
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten.Zitat:
__________________ --> Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. |
|
03.04.2013, 18:56
| #7 |
| | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo Cosinus, besten Dank für Deine Aufmerksamkeit. Mit den richtigen Einstellungen wurden auch 4 Threats gefunden. Alle 4 waren auf SKIP. Ich habe CONTINUE gedruckt. Einen erneuten Start SCAN habe ich noch nicht gemacht. Ich warte auf Anweisungen von dir. Besten Dank. Grüße Code:
ATTFilter
19:41:21.0093 3820 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:41:21.0437 3820 ============================================================
19:41:21.0437 3820 Current date / time: 2013/04/03 19:41:21.0437
19:41:21.0437 3820 SystemInfo:
19:41:21.0437 3820
19:41:21.0437 3820 OS Version: 5.1.2600 ServicePack: 3.0
19:41:21.0437 3820 Product type: Workstation
19:41:21.0437 3820 ComputerName: MS-PC
19:41:21.0437 3820 UserName: MS
19:41:21.0437 3820 Windows directory: C:\WINDOWS
19:41:21.0437 3820 System windows directory: C:\WINDOWS
19:41:21.0437 3820 Processor architecture: Intel x86
19:41:21.0437 3820 Number of processors: 1
19:41:21.0437 3820 Page size: 0x1000
19:41:21.0437 3820 Boot type: Normal boot
19:41:21.0437 3820 ============================================================
19:41:25.0781 3820 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:41:25.0796 3820 ============================================================
19:41:25.0796 3820 \Device\Harddisk0\DR0:
19:41:25.0796 3820 MBR partitions:
19:41:25.0796 3820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
19:41:25.0812 3820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A8147E, BlocksNum 0x44B2C45
19:41:25.0843 3820 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x8F34102, BlocksNum 0x5DA3BF
19:41:25.0843 3820 ============================================================
19:41:25.0937 3820 D: <-> \Device\Harddisk0\DR0\Partition2
19:41:25.0937 3820 E: <-> \Device\Harddisk0\DR0\Partition3
19:41:26.0031 3820 C: <-> \Device\Harddisk0\DR0\Partition1
19:41:26.0031 3820 ============================================================
19:41:26.0031 3820 Initialize success
19:41:26.0031 3820 ============================================================
19:41:57.0781 2468 ============================================================
19:41:57.0781 2468 Scan started
19:41:57.0781 2468 Mode: Manual; SigCheck; TDLFS;
19:41:57.0781 2468 ============================================================
19:41:58.0406 2468 ================ Scan system memory ========================
19:41:58.0421 2468 System memory - ok
19:41:58.0421 2468 ================ Scan services =============================
19:41:58.0687 2468 Abiosdsk - ok
19:41:58.0703 2468 abp480n5 - ok
19:41:58.0781 2468 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
19:42:04.0718 2468 ac97intc - ok
19:42:04.0828 2468 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:42:05.0234 2468 ACPI - ok
19:42:05.0296 2468 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:42:05.0593 2468 ACPIEC - ok
19:42:05.0750 2468 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:42:05.0906 2468 AdobeFlashPlayerUpdateSvc - ok
19:42:05.0906 2468 adpu160m - ok
19:42:06.0031 2468 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:42:06.0359 2468 aec - ok
19:42:06.0453 2468 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:42:06.0593 2468 AFD - ok
19:42:06.0671 2468 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:42:07.0000 2468 agp440 - ok
19:42:07.0015 2468 Aha154x - ok
19:42:07.0031 2468 aic78u2 - ok
19:42:07.0046 2468 aic78xx - ok
19:42:07.0093 2468 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:42:07.0375 2468 Alerter - ok
19:42:07.0421 2468 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:42:07.0687 2468 ALG - ok
19:42:07.0703 2468 AliIde - ok
19:42:07.0734 2468 amsint - ok
19:42:07.0750 2468 AppMgmt - ok
19:42:07.0781 2468 asc - ok
19:42:07.0796 2468 asc3350p - ok
19:42:07.0812 2468 asc3550 - ok
19:42:07.0968 2468 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:42:08.0031 2468 aspnet_state - ok
19:42:08.0078 2468 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:42:08.0328 2468 AsyncMac - ok
19:42:08.0390 2468 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:42:08.0656 2468 atapi - ok
19:42:08.0687 2468 Atdisk - ok
19:42:08.0750 2468 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:42:09.0062 2468 Atmarpc - ok
19:42:09.0125 2468 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:42:09.0390 2468 AudioSrv - ok
19:42:09.0437 2468 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:42:09.0703 2468 audstub - ok
19:42:09.0750 2468 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:42:10.0046 2468 Beep - ok
19:42:10.0640 2468 [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
19:42:11.0062 2468 BHDrvx86 - ok
19:42:11.0234 2468 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:42:11.0703 2468 BITS - ok
19:42:11.0781 2468 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
19:42:11.0953 2468 Browser - ok
19:42:12.0000 2468 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:42:12.0125 2468 BrScnUsb - ok
19:42:12.0312 2468 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Programme\Browny02\BrYNSvc.exe
19:42:12.0453 2468 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
19:42:12.0453 2468 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
19:42:12.0515 2468 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:42:12.0796 2468 cbidf2k - ok
19:42:12.0812 2468 cd20xrnt - ok
19:42:12.0875 2468 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:42:13.0171 2468 Cdaudio - ok
19:42:13.0218 2468 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:42:13.0500 2468 Cdfs - ok
19:42:13.0562 2468 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:42:13.0859 2468 Cdrom - ok
19:42:13.0875 2468 Changer - ok
19:42:13.0921 2468 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc C:\WINDOWS\System32\cisvc.exe
19:42:14.0187 2468 cisvc - ok
19:42:14.0218 2468 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:42:14.0468 2468 ClipSrv - ok
19:42:14.0578 2468 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:42:14.0796 2468 clr_optimization_v2.0.50727_32 - ok
19:42:14.0875 2468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:42:15.0046 2468 clr_optimization_v4.0.30319_32 - ok
19:42:15.0062 2468 CmdIde - ok
19:42:15.0078 2468 COMSysApp - ok
19:42:15.0109 2468 Cpqarray - ok
19:42:15.0187 2468 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:42:15.0468 2468 CryptSvc - ok
19:42:15.0484 2468 dac2w2k - ok
19:42:15.0500 2468 dac960nt - ok
19:42:15.0671 2468 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:42:15.0890 2468 DcomLaunch - ok
19:42:16.0015 2468 [ 4BB22F61E7257ED353A39130B3ED2461 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
19:42:16.0046 2468 DefragFS - ok
19:42:16.0187 2468 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:42:16.0437 2468 Dhcp - ok
19:42:16.0468 2468 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:42:16.0750 2468 Disk - ok
19:42:16.0765 2468 dmadmin - ok
19:42:17.0062 2468 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:42:17.0734 2468 dmboot - ok
19:42:17.0812 2468 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:42:18.0140 2468 dmio - ok
19:42:18.0203 2468 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:42:18.0468 2468 dmload - ok
19:42:18.0531 2468 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:42:18.0781 2468 dmserver - ok
19:42:18.0843 2468 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:42:19.0125 2468 DMusic - ok
19:42:19.0187 2468 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:42:19.0359 2468 Dnscache - ok
19:42:19.0437 2468 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:42:19.0734 2468 Dot3svc - ok
19:42:19.0734 2468 dpti2o - ok
19:42:19.0796 2468 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:42:20.0062 2468 drmkaud - ok
19:42:20.0109 2468 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:42:20.0375 2468 EapHost - ok
19:42:20.0578 2468 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
19:42:20.0734 2468 eeCtrl - ok
19:42:20.0781 2468 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:42:21.0062 2468 ERSvc - ok
19:42:21.0140 2468 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:42:21.0265 2468 Eventlog - ok
19:42:21.0375 2468 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
19:42:21.0531 2468 EventSystem - ok
19:42:21.0609 2468 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:42:21.0890 2468 Fastfat - ok
19:42:22.0000 2468 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:42:22.0125 2468 FastUserSwitchingCompatibility - ok
19:42:22.0187 2468 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:42:22.0453 2468 Fdc - ok
19:42:22.0500 2468 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:42:22.0750 2468 Fips - ok
19:42:22.0781 2468 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:42:23.0062 2468 Flpydisk - ok
19:42:23.0156 2468 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:42:23.0453 2468 FltMgr - ok
19:42:23.0546 2468 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:42:23.0625 2468 FontCache3.0.0.0 - ok
19:42:23.0687 2468 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:42:23.0953 2468 Fs_Rec - ok
19:42:24.0015 2468 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:42:24.0312 2468 Ftdisk - ok
19:42:24.0343 2468 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:42:24.0609 2468 gameenum - ok
19:42:24.0656 2468 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:42:24.0687 2468 GEARAspiWDM - ok
19:42:24.0750 2468 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:42:25.0046 2468 Gpc - ok
19:42:25.0250 2468 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:42:25.0484 2468 helpsvc - ok
19:42:25.0515 2468 HidServ - ok
19:42:25.0578 2468 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:42:25.0843 2468 hkmsvc - ok
19:42:25.0859 2468 hpn - ok
19:42:25.0875 2468 hpt3xx - ok
19:42:26.0015 2468 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:42:26.0125 2468 HTTP - ok
19:42:26.0203 2468 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:42:26.0453 2468 HTTPFilter - ok
19:42:26.0468 2468 i2omgmt - ok
19:42:26.0484 2468 i2omp - ok
19:42:26.0562 2468 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:42:26.0812 2468 i8042prt - ok
19:42:27.0140 2468 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:42:27.0703 2468 idsvc - ok
19:42:27.0984 2468 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130402.001\IDSxpx86.sys
19:42:28.0093 2468 IDSxpx86 - ok
19:42:28.0140 2468 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:42:28.0390 2468 Imapi - ok
19:42:28.0500 2468 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
19:42:28.0750 2468 ImapiService - ok
19:42:28.0765 2468 ini910u - ok
19:42:28.0828 2468 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:42:29.0140 2468 IntelIde - ok
19:42:29.0328 2468 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:42:29.0609 2468 ip6fw - ok
19:42:29.0734 2468 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:42:30.0015 2468 IpFilterDriver - ok
19:42:30.0046 2468 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:42:30.0296 2468 IpInIp - ok
19:42:30.0375 2468 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:42:30.0656 2468 IpNat - ok
19:42:30.0718 2468 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:42:31.0015 2468 IPSec - ok
19:42:31.0046 2468 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:42:31.0312 2468 IRENUM - ok
19:42:31.0359 2468 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:42:31.0625 2468 isapnp - ok
19:42:31.0781 2468 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
19:42:31.0843 2468 JavaQuickStarterService - ok
19:42:31.0890 2468 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:42:32.0171 2468 Kbdclass - ok
19:42:32.0250 2468 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:42:32.0562 2468 kmixer - ok
19:42:32.0640 2468 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:42:32.0765 2468 KSecDD - ok
19:42:32.0843 2468 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:42:32.0984 2468 lanmanserver - ok
19:42:33.0078 2468 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:42:33.0203 2468 lanmanworkstation - ok
19:42:33.0218 2468 lbrtfdc - ok
19:42:33.0296 2468 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:42:33.0531 2468 LmHosts - ok
19:42:33.0593 2468 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:42:33.0609 2468 MBAMProtector - ok
19:42:33.0890 2468 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:42:34.0187 2468 MBAMScheduler - ok
19:42:34.0406 2468 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:42:34.0796 2468 MBAMService - ok
19:42:34.0953 2468 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:42:35.0187 2468 Messenger - ok
19:42:35.0250 2468 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:42:35.0515 2468 mnmdd - ok
19:42:35.0562 2468 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:42:35.0812 2468 mnmsrvc - ok
19:42:35.0859 2468 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:42:36.0156 2468 Modem - ok
19:42:36.0203 2468 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:42:36.0453 2468 Mouclass - ok
19:42:36.0500 2468 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:42:36.0750 2468 MountMgr - ok
19:42:36.0843 2468 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:42:36.0921 2468 MozillaMaintenance - ok
19:42:36.0937 2468 mraid35x - ok
19:42:37.0031 2468 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:42:37.0328 2468 MRxDAV - ok
19:42:37.0500 2468 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:42:37.0859 2468 MRxSmb - ok
19:42:37.0890 2468 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:42:38.0171 2468 MSDTC - ok
19:42:38.0218 2468 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:42:38.0453 2468 Msfs - ok
19:42:38.0484 2468 MSIServer - ok
19:42:38.0515 2468 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:42:38.0750 2468 MSKSSRV - ok
19:42:38.0781 2468 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:42:39.0031 2468 MSPCLOCK - ok
19:42:39.0078 2468 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:42:39.0312 2468 MSPQM - ok
19:42:39.0359 2468 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:42:39.0593 2468 mssmbios - ok
19:42:39.0640 2468 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
19:42:39.0890 2468 ms_mpu401 - ok
19:42:39.0984 2468 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:42:40.0140 2468 Mup - ok
19:42:40.0296 2468 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
19:42:40.0375 2468 N360 - ok
19:42:40.0500 2468 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:42:40.0843 2468 napagent - ok
19:42:40.0984 2468 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130402.025\NAVENG.SYS
19:42:41.0015 2468 NAVENG - ok
19:42:41.0562 2468 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130402.025\NAVEX15.SYS
19:42:42.0078 2468 NAVEX15 - ok
19:42:42.0187 2468 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:42:42.0484 2468 NDIS - ok
19:42:42.0531 2468 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:42:42.0656 2468 NdisTapi - ok
19:42:42.0703 2468 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:42:42.0968 2468 Ndisuio - ok
19:42:43.0031 2468 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:42:43.0296 2468 NdisWan - ok
19:42:43.0343 2468 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:42:43.0468 2468 NDProxy - ok
19:42:43.0515 2468 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:42:43.0750 2468 NetBIOS - ok
19:42:43.0843 2468 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:42:44.0171 2468 NetBT - ok
19:42:44.0250 2468 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:42:44.0500 2468 NetDDE - ok
19:42:44.0546 2468 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:42:44.0765 2468 NetDDEdsdm - ok
19:42:44.0812 2468 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
19:42:45.0062 2468 Netlogon - ok
19:42:45.0171 2468 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:42:45.0406 2468 Netman - ok
19:42:45.0468 2468 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:45.0562 2468 NetTcpPortSharing - ok
19:42:45.0703 2468 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:42:45.0765 2468 Nla - ok
19:42:45.0859 2468 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
19:42:45.0875 2468 NMSAccess - ok
19:42:45.0937 2468 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:42:46.0171 2468 Npfs - ok
19:42:46.0390 2468 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:42:46.0890 2468 Ntfs - ok
19:42:46.0921 2468 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:42:47.0156 2468 NtLmSsp - ok
19:42:47.0328 2468 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:42:47.0875 2468 NtmsSvc - ok
19:42:47.0906 2468 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:42:48.0187 2468 Null - ok
19:42:48.0781 2468 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:42:50.0078 2468 nv - ok
19:42:50.0328 2468 [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4 C:\WINDOWS\system32\DRIVERS\nv4.sys
19:42:51.0078 2468 nv4 - ok
19:42:51.0125 2468 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:42:51.0437 2468 NwlnkFlt - ok
19:42:51.0468 2468 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:42:51.0765 2468 NwlnkFwd - ok
19:42:51.0828 2468 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:42:52.0093 2468 Parport - ok
19:42:52.0171 2468 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:42:52.0421 2468 PartMgr - ok
19:42:52.0468 2468 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:42:52.0750 2468 ParVdm - ok
19:42:52.0796 2468 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:42:52.0937 2468 pccsmcfd - ok
19:42:53.0046 2468 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:42:53.0312 2468 PCI - ok
19:42:53.0312 2468 PCIDump - ok
19:42:53.0343 2468 PCIIde - ok
19:42:53.0406 2468 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:42:53.0671 2468 Pcmcia - ok
19:42:54.0265 2468 [ 5F422A3DBF7E7E791F182ACA06D8FD0F ] PDAgent C:\Programme\PerfectDisk_11_Pro\PDAgent.exe
19:42:55.0125 2468 PDAgent - ok
19:42:55.0140 2468 PDCOMP - ok
19:42:55.0609 2468 [ C88664DC38694D2F39C0F39F426CBF77 ] PDEngine C:\Programme\PerfectDisk_11_Pro\PDEngine.exe
19:42:56.0015 2468 PDEngine - ok
19:42:56.0031 2468 PDFRAME - ok
19:42:56.0062 2468 PDRELI - ok
19:42:56.0078 2468 PDRFRAME - ok
19:42:56.0093 2468 perc2 - ok
19:42:56.0109 2468 perc2hib - ok
19:42:56.0218 2468 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:42:56.0281 2468 PlugPlay - ok
19:42:56.0312 2468 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
19:42:56.0531 2468 PolicyAgent - ok
19:42:56.0593 2468 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:42:56.0828 2468 PptpMiniport - ok
19:42:56.0843 2468 PROCEXP150 - ok
19:42:56.0875 2468 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:42:57.0109 2468 ProtectedStorage - ok
19:42:57.0140 2468 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:42:57.0390 2468 PSched - ok
19:42:57.0437 2468 [ D7DBFBC453B645111E6D21142305E80B ] ptakljjcjkuh C:\WINDOWS\system32\drivers\ptakljjcjkuh.sys
19:42:57.0500 2468 ptakljjcjkuh ( UnsignedFile.Multi.Generic ) - warning
19:42:57.0500 2468 ptakljjcjkuh - detected UnsignedFile.Multi.Generic (1)
19:42:57.0546 2468 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:42:57.0828 2468 Ptilink - ok
19:42:57.0843 2468 ql1080 - ok
19:42:57.0859 2468 Ql10wnt - ok
19:42:57.0890 2468 ql12160 - ok
19:42:57.0906 2468 ql1240 - ok
19:42:57.0937 2468 ql1280 - ok
19:42:57.0984 2468 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:42:58.0265 2468 RasAcd - ok
19:42:58.0328 2468 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:42:58.0578 2468 RasAuto - ok
19:42:58.0625 2468 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:42:58.0859 2468 Rasl2tp - ok
19:42:59.0015 2468 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:42:59.0250 2468 RasMan - ok
19:42:59.0296 2468 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:42:59.0546 2468 RasPppoe - ok
19:42:59.0593 2468 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:42:59.0859 2468 Raspti - ok
19:42:59.0937 2468 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:43:00.0234 2468 Rdbss - ok
19:43:00.0281 2468 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:43:00.0531 2468 RDPCDD - ok
19:43:00.0640 2468 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:43:00.0781 2468 RDPWD - ok
19:43:00.0875 2468 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:43:01.0171 2468 RDSessMgr - ok
19:43:01.0234 2468 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:43:01.0484 2468 redbook - ok
19:43:01.0546 2468 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:43:01.0781 2468 RemoteAccess - ok
19:43:01.0828 2468 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
19:43:02.0109 2468 RpcLocator - ok
19:43:02.0265 2468 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:43:02.0437 2468 RpcSs - ok
19:43:02.0515 2468 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:43:02.0828 2468 RSVP - ok
19:43:02.0875 2468 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:43:03.0109 2468 rtl8139 - ok
19:43:03.0140 2468 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:43:03.0375 2468 SamSs - ok
19:43:03.0437 2468 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:43:03.0703 2468 SCardSvr - ok
19:43:03.0796 2468 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:43:04.0109 2468 Schedule - ok
19:43:04.0171 2468 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:43:04.0421 2468 Secdrv - ok
19:43:04.0468 2468 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:43:04.0734 2468 seclogon - ok
19:43:04.0781 2468 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:43:05.0046 2468 SENS - ok
19:43:05.0093 2468 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:43:05.0328 2468 serenum - ok
19:43:05.0359 2468 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:43:05.0609 2468 Serial - ok
19:43:05.0875 2468 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
19:43:06.0390 2468 ServiceLayer - ok
19:43:06.0484 2468 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:43:06.0718 2468 Sfloppy - ok
19:43:06.0859 2468 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:43:07.0265 2468 SharedAccess - ok
19:43:07.0343 2468 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:43:07.0390 2468 ShellHWDetection - ok
19:43:07.0421 2468 Simbad - ok
19:43:07.0453 2468 Sparrow - ok
19:43:07.0500 2468 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:43:07.0734 2468 splitter - ok
19:43:07.0812 2468 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:43:07.0921 2468 Spooler - ok
19:43:07.0968 2468 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:43:08.0218 2468 sr - ok
19:43:08.0328 2468 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
19:43:08.0609 2468 srservice - ok
19:43:08.0859 2468 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
19:43:08.0968 2468 SRTSP - ok
19:43:09.0015 2468 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
19:43:09.0062 2468 SRTSPX - ok
19:43:09.0203 2468 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:43:09.0515 2468 Srv - ok
19:43:09.0562 2468 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:43:09.0812 2468 SSDPSRV - ok
19:43:09.0859 2468 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
19:43:09.0890 2468 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:43:09.0890 2468 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:43:10.0062 2468 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:43:10.0484 2468 stisvc - ok
19:43:10.0531 2468 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:43:10.0750 2468 swenum - ok
19:43:10.0812 2468 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:43:11.0093 2468 swmidi - ok
19:43:11.0109 2468 SwPrv - ok
19:43:11.0218 2468 [ DAEC63566C399E59B91F8993A491D5DB ] SXDS10 C:\Programme\Gemeinsame Dateien\soft Xpansion\SXDS10.exe
19:43:11.0328 2468 SXDS10 ( UnsignedFile.Multi.Generic ) - warning
19:43:11.0328 2468 SXDS10 - detected UnsignedFile.Multi.Generic (1)
19:43:11.0343 2468 symc810 - ok
19:43:11.0359 2468 symc8xx - ok
19:43:11.0500 2468 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
19:43:11.0718 2468 SymDS - ok
19:43:12.0109 2468 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
19:43:12.0546 2468 SymEFA - ok
19:43:12.0625 2468 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:43:12.0656 2468 SymEvent - ok
19:43:12.0750 2468 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
19:43:12.0781 2468 SymIRON - ok
19:43:12.0937 2468 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
19:43:13.0062 2468 SYMTDI - ok
19:43:13.0093 2468 sym_hi - ok
19:43:13.0109 2468 sym_u3 - ok
19:43:13.0187 2468 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:43:13.0437 2468 sysaudio - ok
19:43:13.0500 2468 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:43:13.0765 2468 SysmonLog - ok
19:43:13.0875 2468 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:43:14.0171 2468 TapiSrv - ok
19:43:14.0328 2468 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:43:14.0562 2468 Tcpip - ok
19:43:14.0609 2468 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:43:14.0843 2468 TDPIPE - ok
19:43:14.0890 2468 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:43:15.0125 2468 TDTCP - ok
19:43:15.0187 2468 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:43:15.0437 2468 TermDD - ok
19:43:15.0562 2468 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:43:15.0796 2468 TermService - ok
19:43:15.0890 2468 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:43:15.0921 2468 Themes - ok
19:43:15.0937 2468 TosIde - ok
19:43:15.0984 2468 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:43:16.0281 2468 TrkWks - ok
19:43:16.0343 2468 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:43:16.0609 2468 Udfs - ok
19:43:16.0625 2468 ultra - ok
19:43:16.0796 2468 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:43:17.0234 2468 Update - ok
19:43:17.0328 2468 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:43:17.0625 2468 upnphost - ok
19:43:17.0656 2468 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:43:17.0906 2468 UPS - ok
19:43:17.0953 2468 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:43:18.0218 2468 usbccgp - ok
19:43:18.0281 2468 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:43:18.0531 2468 usbhub - ok
19:43:18.0562 2468 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:43:18.0812 2468 usbprint - ok
19:43:18.0843 2468 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
19:43:19.0109 2468 usbser - ok
19:43:19.0140 2468 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:43:19.0375 2468 USBSTOR - ok
19:43:19.0437 2468 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:43:19.0671 2468 usbuhci - ok
19:43:19.0718 2468 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:43:19.0937 2468 VgaSave - ok
19:43:19.0968 2468 ViaIde - ok
19:43:20.0140 2468 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:43:20.0390 2468 VolSnap - ok
19:43:20.0515 2468 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:43:20.0828 2468 VSS - ok
19:43:20.0906 2468 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
19:43:21.0265 2468 W32Time - ok
19:43:21.0312 2468 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:43:21.0562 2468 Wanarp - ok
19:43:21.0953 2468 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:43:22.0234 2468 Wdf01000 - ok
19:43:22.0250 2468 WDICA - ok
19:43:22.0328 2468 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:43:22.0593 2468 wdmaud - ok
19:43:22.0656 2468 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:43:22.0906 2468 WebClient - ok
19:43:23.0078 2468 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:43:23.0593 2468 winmgmt - ok
19:43:23.0734 2468 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:43:24.0015 2468 WmdmPmSN - ok
19:43:24.0125 2468 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:43:24.0437 2468 WmiApSrv - ok
19:43:24.0796 2468 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:43:25.0484 2468 WPFFontCache_v0400 - ok
19:43:25.0562 2468 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:43:25.0859 2468 wscsvc - ok
19:43:25.0890 2468 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:43:26.0250 2468 wuauserv - ok
19:43:26.0437 2468 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:43:26.0750 2468 WZCSVC - ok
19:43:26.0828 2468 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:43:27.0140 2468 xmlprov - ok
19:43:27.0156 2468 ================ Scan global ===============================
19:43:27.0218 2468 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:43:27.0375 2468 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:43:27.0562 2468 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:43:27.0625 2468 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:43:27.0640 2468 [Global] - ok
19:43:27.0640 2468 ================ Scan MBR ==================================
19:43:27.0687 2468 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:43:28.0140 2468 \Device\Harddisk0\DR0 - ok
19:43:28.0140 2468 ================ Scan VBR ==================================
19:43:28.0156 2468 [ 9A345D0CA7625E8B638D31A135AB55E1 ] \Device\Harddisk0\DR0\Partition1
19:43:28.0156 2468 \Device\Harddisk0\DR0\Partition1 - ok
19:43:28.0171 2468 [ 73E3C56B81359A0D4D2EE35BEE3A0353 ] \Device\Harddisk0\DR0\Partition2
19:43:28.0171 2468 \Device\Harddisk0\DR0\Partition2 - ok
19:43:28.0203 2468 [ FD0F487814F347E848C8681238D3127A ] \Device\Harddisk0\DR0\Partition3
19:43:28.0203 2468 \Device\Harddisk0\DR0\Partition3 - ok
19:43:28.0203 2468 ============================================================
19:43:28.0203 2468 Scan finished
19:43:28.0203 2468 ============================================================
19:43:28.0359 2460 Detected object count: 4
19:43:28.0359 2460 Actual detected object count: 4
19:46:42.0078 2460 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:42.0078 2460 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:42.0078 2460 ptakljjcjkuh ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:42.0078 2460 ptakljjcjkuh ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:42.0078 2460 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:42.0078 2460 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:42.0078 2460 SXDS10 ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:42.0078 2460 SXDS10 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.04.2013, 20:54
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten.Zitat:
Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2013, 17:50
| #9 |
| | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo Cosinus, sind sind es nur noch 3 threats. Vorgang DELETE ging ohne Probleme. Der anschließende SCAN war auch problemlos. Warte auf weitere Anweisung. Grüße Code:
ATTFilter
18:29:52.0140 0996 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:29:54.0218 0996 ============================================================
18:29:54.0218 0996 Current date / time: 2013/04/04 18:29:54.0218
18:29:54.0218 0996 SystemInfo:
18:29:54.0218 0996
18:29:54.0218 0996 OS Version: 5.1.2600 ServicePack: 3.0
18:29:54.0218 0996 Product type: Workstation
18:29:54.0218 0996 ComputerName: MS-PC
18:29:54.0234 0996 UserName: MS
18:29:54.0234 0996 Windows directory: C:\WINDOWS
18:29:54.0234 0996 System windows directory: C:\WINDOWS
18:29:54.0234 0996 Processor architecture: Intel x86
18:29:54.0234 0996 Number of processors: 1
18:29:54.0234 0996 Page size: 0x1000
18:29:54.0234 0996 Boot type: Normal boot
18:29:54.0234 0996 ============================================================
18:30:01.0625 0996 BG loaded
18:30:03.0250 0996 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:30:03.0328 0996 ============================================================
18:30:03.0328 0996 \Device\Harddisk0\DR0:
18:30:03.0343 0996 MBR partitions:
18:30:03.0343 0996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
18:30:03.0359 0996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A8147E, BlocksNum 0x44B2C45
18:30:03.0390 0996 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x8F34102, BlocksNum 0x5DA3BF
18:30:03.0390 0996 ============================================================
18:30:03.0437 0996 D: <-> \Device\Harddisk0\DR0\Partition2
18:30:03.0468 0996 E: <-> \Device\Harddisk0\DR0\Partition3
18:30:03.0531 0996 C: <-> \Device\Harddisk0\DR0\Partition1
18:30:03.0625 0996 ============================================================
18:30:03.0625 0996 Initialize success
18:30:03.0625 0996 ============================================================
18:30:58.0171 2508 ============================================================
18:30:58.0171 2508 Scan started
18:30:58.0171 2508 Mode: Manual; SigCheck; TDLFS;
18:30:58.0171 2508 ============================================================
18:30:58.0828 2508 ================ Scan system memory ========================
18:30:58.0828 2508 System memory - ok
18:30:58.0828 2508 ================ Scan services =============================
18:30:59.0390 2508 Abiosdsk - ok
18:30:59.0437 2508 abp480n5 - ok
18:30:59.0531 2508 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
18:31:13.0750 2508 ac97intc - ok
18:31:13.0875 2508 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:31:15.0921 2508 ACPI - ok
18:31:15.0968 2508 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:31:16.0546 2508 ACPIEC - ok
18:31:16.0734 2508 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:31:16.0953 2508 AdobeFlashPlayerUpdateSvc - ok
18:31:16.0953 2508 adpu160m - ok
18:31:17.0078 2508 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:31:17.0734 2508 aec - ok
18:31:17.0890 2508 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:31:18.0156 2508 AFD - ok
18:31:18.0250 2508 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:31:18.0937 2508 agp440 - ok
18:31:18.0953 2508 Aha154x - ok
18:31:19.0046 2508 aic78u2 - ok
18:31:19.0125 2508 aic78xx - ok
18:31:19.0250 2508 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:31:19.0984 2508 Alerter - ok
18:31:20.0109 2508 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
18:31:20.0640 2508 ALG - ok
18:31:20.0656 2508 AliIde - ok
18:31:20.0718 2508 amsint - ok
18:31:20.0750 2508 AppMgmt - ok
18:31:20.0828 2508 asc - ok
18:31:20.0890 2508 asc3350p - ok
18:31:20.0953 2508 asc3550 - ok
18:31:21.0281 2508 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:31:21.0406 2508 aspnet_state - ok
18:31:21.0500 2508 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:31:22.0171 2508 AsyncMac - ok
18:31:22.0218 2508 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:31:22.0734 2508 atapi - ok
18:31:22.0750 2508 Atdisk - ok
18:31:22.0875 2508 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:31:24.0640 2508 Atmarpc - ok
18:31:24.0718 2508 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:31:25.0265 2508 AudioSrv - ok
18:31:25.0343 2508 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:31:25.0968 2508 audstub - ok
18:31:26.0031 2508 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:31:26.0500 2508 Beep - ok
18:31:27.0046 2508 [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
18:31:28.0906 2508 BHDrvx86 - ok
18:31:29.0078 2508 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
18:31:29.0875 2508 BITS - ok
18:31:29.0953 2508 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
18:31:30.0296 2508 Browser - ok
18:31:30.0359 2508 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
18:31:30.0500 2508 BrScnUsb - ok
18:31:30.0687 2508 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Programme\Browny02\BrYNSvc.exe
18:31:30.0984 2508 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
18:31:30.0984 2508 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
18:31:31.0296 2508 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:31:31.0890 2508 cbidf2k - ok
18:31:31.0906 2508 cd20xrnt - ok
18:31:32.0015 2508 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:31:32.0562 2508 Cdaudio - ok
18:31:32.0625 2508 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:31:33.0218 2508 Cdfs - ok
18:31:33.0328 2508 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:31:33.0796 2508 Cdrom - ok
18:31:33.0812 2508 Changer - ok
18:31:33.0921 2508 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc C:\WINDOWS\System32\cisvc.exe
18:31:34.0484 2508 cisvc - ok
18:31:34.0531 2508 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:31:35.0046 2508 ClipSrv - ok
18:31:35.0218 2508 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:35.0500 2508 clr_optimization_v2.0.50727_32 - ok
18:31:35.0593 2508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:35.0890 2508 clr_optimization_v4.0.30319_32 - ok
18:31:35.0906 2508 CmdIde - ok
18:31:35.0921 2508 COMSysApp - ok
18:31:35.0953 2508 Cpqarray - ok
18:31:36.0046 2508 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:31:36.0625 2508 CryptSvc - ok
18:31:36.0671 2508 dac2w2k - ok
18:31:36.0687 2508 dac960nt - ok
18:31:36.0890 2508 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:31:37.0359 2508 DcomLaunch - ok
18:31:37.0453 2508 [ 4BB22F61E7257ED353A39130B3ED2461 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
18:31:37.0593 2508 DefragFS - ok
18:31:37.0687 2508 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:31:38.0218 2508 Dhcp - ok
18:31:38.0296 2508 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:31:38.0859 2508 Disk - ok
18:31:38.0875 2508 dmadmin - ok
18:31:39.0203 2508 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:31:40.0203 2508 dmboot - ok
18:31:40.0296 2508 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:31:40.0906 2508 dmio - ok
18:31:40.0984 2508 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:31:41.0640 2508 dmload - ok
18:31:41.0687 2508 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:31:42.0312 2508 dmserver - ok
18:31:42.0359 2508 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:31:42.0921 2508 DMusic - ok
18:31:42.0984 2508 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:31:43.0296 2508 Dnscache - ok
18:31:43.0390 2508 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:31:43.0984 2508 Dot3svc - ok
18:31:44.0015 2508 dpti2o - ok
18:31:44.0078 2508 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:31:44.0687 2508 drmkaud - ok
18:31:44.0734 2508 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:31:45.0390 2508 EapHost - ok
18:31:45.0578 2508 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
18:31:45.0828 2508 eeCtrl - ok
18:31:45.0906 2508 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:31:45.0953 2508 EraserUtilRebootDrv - ok
18:31:46.0000 2508 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:31:46.0453 2508 ERSvc - ok
18:31:46.0531 2508 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
18:31:46.0765 2508 Eventlog - ok
18:31:46.0890 2508 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
18:31:47.0171 2508 EventSystem - ok
18:31:47.0250 2508 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:31:48.0703 2508 Fastfat - ok
18:31:48.0796 2508 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:31:49.0031 2508 FastUserSwitchingCompatibility - ok
18:31:49.0125 2508 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:31:49.0640 2508 Fdc - ok
18:31:49.0687 2508 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:31:50.0250 2508 Fips - ok
18:31:50.0312 2508 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:31:50.0796 2508 Flpydisk - ok
18:31:50.0875 2508 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:31:51.0437 2508 FltMgr - ok
18:31:51.0562 2508 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:31:52.0015 2508 FontCache3.0.0.0 - ok
18:31:52.0062 2508 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:31:52.0718 2508 Fs_Rec - ok
18:31:52.0781 2508 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:31:53.0453 2508 Ftdisk - ok
18:31:53.0484 2508 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:31:54.0000 2508 gameenum - ok
18:31:54.0046 2508 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:31:54.0140 2508 GEARAspiWDM - ok
18:31:54.0203 2508 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:31:55.0140 2508 Gpc - ok
18:31:55.0250 2508 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:31:55.0843 2508 helpsvc - ok
18:31:55.0875 2508 HidServ - ok
18:31:55.0921 2508 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:31:56.0500 2508 hkmsvc - ok
18:31:56.0515 2508 hpn - ok
18:31:56.0531 2508 hpt3xx - ok
18:31:56.0718 2508 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:31:56.0921 2508 HTTP - ok
18:31:57.0031 2508 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:31:57.0765 2508 HTTPFilter - ok
18:31:57.0781 2508 i2omgmt - ok
18:31:57.0875 2508 i2omp - ok
18:31:57.0984 2508 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:31:58.0562 2508 i8042prt - ok
18:31:59.0015 2508 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:31:59.0812 2508 idsvc - ok
18:32:00.0093 2508 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130403.001\IDSxpx86.sys
18:32:00.0328 2508 IDSxpx86 - ok
18:32:00.0375 2508 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:32:00.0906 2508 Imapi - ok
18:32:01.0015 2508 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
18:32:01.0625 2508 ImapiService - ok
18:32:01.0671 2508 ini910u - ok
18:32:01.0781 2508 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:32:02.0296 2508 IntelIde - ok
18:32:02.0359 2508 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:32:02.0937 2508 ip6fw - ok
18:32:03.0000 2508 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:32:03.0578 2508 IpFilterDriver - ok
18:32:03.0625 2508 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:32:04.0140 2508 IpInIp - ok
18:32:04.0265 2508 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:32:04.0843 2508 IpNat - ok
18:32:04.0906 2508 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:32:05.0484 2508 IPSec - ok
18:32:05.0546 2508 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:32:05.0968 2508 IRENUM - ok
18:32:06.0031 2508 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:32:06.0500 2508 isapnp - ok
18:32:06.0656 2508 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
18:32:06.0718 2508 JavaQuickStarterService - ok
18:32:06.0750 2508 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:32:07.0250 2508 Kbdclass - ok
18:32:07.0328 2508 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:32:07.0828 2508 kmixer - ok
18:32:07.0906 2508 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:32:08.0250 2508 KSecDD - ok
18:32:08.0328 2508 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:32:08.0546 2508 lanmanserver - ok
18:32:08.0640 2508 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:32:08.0921 2508 lanmanworkstation - ok
18:32:08.0937 2508 lbrtfdc - ok
18:32:09.0062 2508 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:32:09.0531 2508 LmHosts - ok
18:32:09.0625 2508 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:32:09.0703 2508 MBAMProtector - ok
18:32:09.0890 2508 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:32:10.0031 2508 MBAMScheduler - ok
18:32:10.0375 2508 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
18:32:10.0796 2508 MBAMService - ok
18:32:10.0843 2508 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:32:11.0406 2508 Messenger - ok
18:32:11.0468 2508 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:32:11.0968 2508 mnmdd - ok
18:32:12.0015 2508 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:32:13.0859 2508 mnmsrvc - ok
18:32:13.0937 2508 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:32:14.0484 2508 Modem - ok
18:32:14.0531 2508 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:32:15.0093 2508 Mouclass - ok
18:32:15.0140 2508 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:32:15.0609 2508 MountMgr - ok
18:32:15.0703 2508 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:32:15.0859 2508 MozillaMaintenance - ok
18:32:15.0875 2508 mraid35x - ok
18:32:15.0984 2508 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:32:16.0546 2508 MRxDAV - ok
18:32:16.0734 2508 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:32:18.0000 2508 MRxSmb - ok
18:32:18.0062 2508 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:32:18.0562 2508 MSDTC - ok
18:32:18.0625 2508 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:32:19.0109 2508 Msfs - ok
18:32:19.0125 2508 MSIServer - ok
18:32:19.0187 2508 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:32:19.0609 2508 MSKSSRV - ok
18:32:19.0640 2508 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:32:20.0156 2508 MSPCLOCK - ok
18:32:20.0203 2508 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:32:20.0687 2508 MSPQM - ok
18:32:20.0718 2508 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:32:21.0234 2508 mssmbios - ok
18:32:21.0343 2508 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
18:32:21.0859 2508 ms_mpu401 - ok
18:32:21.0937 2508 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:32:22.0171 2508 Mup - ok
18:32:22.0375 2508 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
18:32:22.0468 2508 N360 - ok
18:32:22.0609 2508 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
18:32:23.0265 2508 napagent - ok
18:32:23.0437 2508 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130404.003\NAVENG.SYS
18:32:23.0609 2508 NAVENG - ok
18:32:24.0156 2508 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130404.003\NAVEX15.SYS
18:32:25.0171 2508 NAVEX15 - ok
18:32:25.0250 2508 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:32:25.0796 2508 NDIS - ok
18:32:25.0843 2508 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:32:26.0109 2508 NdisTapi - ok
18:32:26.0171 2508 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:32:26.0671 2508 Ndisuio - ok
18:32:26.0734 2508 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:32:27.0187 2508 NdisWan - ok
18:32:27.0265 2508 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:32:27.0484 2508 NDProxy - ok
18:32:27.0531 2508 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:32:28.0062 2508 NetBIOS - ok
18:32:28.0203 2508 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:32:28.0734 2508 NetBT - ok
18:32:28.0812 2508 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
18:32:29.0375 2508 NetDDE - ok
18:32:29.0421 2508 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:32:29.0953 2508 NetDDEdsdm - ok
18:32:30.0031 2508 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
18:32:30.0546 2508 Netlogon - ok
18:32:30.0656 2508 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
18:32:31.0156 2508 Netman - ok
18:32:31.0250 2508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:32:31.0437 2508 NetTcpPortSharing - ok
18:32:31.0593 2508 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
18:32:31.0859 2508 Nla - ok
18:32:31.0937 2508 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
18:32:32.0000 2508 NMSAccess - ok
18:32:32.0093 2508 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:32:32.0562 2508 Npfs - ok
18:32:32.0937 2508 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:32:33.0796 2508 Ntfs - ok
18:32:33.0843 2508 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:32:34.0390 2508 NtLmSsp - ok
18:32:34.0609 2508 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:32:35.0593 2508 NtmsSvc - ok
18:32:35.0656 2508 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:32:36.0156 2508 Null - ok
18:32:36.0921 2508 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:32:38.0125 2508 nv - ok
18:32:38.0656 2508 [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4 C:\WINDOWS\system32\DRIVERS\nv4.sys
18:32:39.0843 2508 nv4 - ok
18:32:39.0890 2508 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:32:40.0500 2508 NwlnkFlt - ok
18:32:40.0671 2508 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:32:41.0437 2508 NwlnkFwd - ok
18:32:41.0484 2508 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:32:41.0984 2508 Parport - ok
18:32:42.0062 2508 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:32:42.0531 2508 PartMgr - ok
18:32:42.0593 2508 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:32:43.0171 2508 ParVdm - ok
18:32:43.0234 2508 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:32:43.0468 2508 pccsmcfd - ok
18:32:43.0531 2508 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:32:44.0078 2508 PCI - ok
18:32:44.0093 2508 PCIDump - ok
18:32:44.0093 2508 PCIIde - ok
18:32:44.0218 2508 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:32:44.0750 2508 Pcmcia - ok
18:32:45.0265 2508 [ 5F422A3DBF7E7E791F182ACA06D8FD0F ] PDAgent C:\Programme\PerfectDisk_11_Pro\PDAgent.exe
18:32:45.0765 2508 PDAgent - ok
18:32:45.0812 2508 PDCOMP - ok
18:32:46.0312 2508 [ C88664DC38694D2F39C0F39F426CBF77 ] PDEngine C:\Programme\PerfectDisk_11_Pro\PDEngine.exe
18:32:46.0812 2508 PDEngine - ok
18:32:46.0828 2508 PDFRAME - ok
18:32:46.0843 2508 PDRELI - ok
18:32:46.0859 2508 PDRFRAME - ok
18:32:46.0875 2508 perc2 - ok
18:32:46.0937 2508 perc2hib - ok
18:32:47.0046 2508 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
18:32:47.0328 2508 PlugPlay - ok
18:32:47.0375 2508 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
18:32:47.0859 2508 PolicyAgent - ok
18:32:47.0921 2508 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:32:48.0390 2508 PptpMiniport - ok
18:32:48.0406 2508 PROCEXP150 - ok
18:32:48.0515 2508 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:32:48.0968 2508 ProtectedStorage - ok
18:32:49.0000 2508 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:32:49.0515 2508 PSched - ok
18:32:49.0546 2508 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:32:50.0171 2508 Ptilink - ok
18:32:50.0187 2508 ql1080 - ok
18:32:50.0250 2508 Ql10wnt - ok
18:32:50.0281 2508 ql12160 - ok
18:32:50.0359 2508 ql1240 - ok
18:32:50.0437 2508 ql1280 - ok
18:32:50.0515 2508 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:32:51.0109 2508 RasAcd - ok
18:32:51.0187 2508 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:32:51.0765 2508 RasAuto - ok
18:32:51.0843 2508 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:32:52.0546 2508 Rasl2tp - ok
18:32:52.0687 2508 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:32:53.0203 2508 RasMan - ok
18:32:53.0281 2508 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:32:53.0828 2508 RasPppoe - ok
18:32:53.0859 2508 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:32:54.0484 2508 Raspti - ok
18:32:54.0562 2508 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:32:55.0125 2508 Rdbss - ok
18:32:55.0187 2508 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:32:55.0734 2508 RDPCDD - ok
18:32:55.0875 2508 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:32:56.0203 2508 RDPWD - ok
18:32:56.0296 2508 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:32:56.0843 2508 RDSessMgr - ok
18:32:56.0906 2508 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:32:57.0437 2508 redbook - ok
18:32:57.0484 2508 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:32:57.0984 2508 RemoteAccess - ok
18:32:58.0031 2508 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
18:32:58.0593 2508 RpcLocator - ok
18:32:58.0750 2508 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:32:59.0046 2508 RpcSs - ok
18:32:59.0125 2508 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:32:59.0734 2508 RSVP - ok
18:32:59.0812 2508 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:33:00.0234 2508 rtl8139 - ok
18:33:00.0265 2508 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
18:33:00.0765 2508 SamSs - ok
18:33:00.0875 2508 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:33:01.0500 2508 SCardSvr - ok
18:33:01.0609 2508 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:33:02.0078 2508 Schedule - ok
18:33:02.0125 2508 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:33:02.0625 2508 Secdrv - ok
18:33:02.0687 2508 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
18:33:03.0296 2508 seclogon - ok
18:33:03.0343 2508 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
18:33:03.0843 2508 SENS - ok
18:33:03.0875 2508 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:33:04.0453 2508 serenum - ok
18:33:04.0484 2508 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:33:04.0968 2508 Serial - ok
18:33:05.0265 2508 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
18:33:05.0781 2508 ServiceLayer - ok
18:33:05.0921 2508 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:33:06.0375 2508 Sfloppy - ok
18:33:06.0515 2508 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:33:07.0156 2508 SharedAccess - ok
18:33:07.0218 2508 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:33:07.0421 2508 ShellHWDetection - ok
18:33:07.0421 2508 Simbad - ok
18:33:07.0531 2508 Sparrow - ok
18:33:07.0593 2508 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:33:08.0093 2508 splitter - ok
18:33:08.0156 2508 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:33:08.0437 2508 Spooler - ok
18:33:08.0484 2508 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:33:09.0031 2508 sr - ok
18:33:09.0125 2508 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
18:33:09.0671 2508 srservice - ok
18:33:09.0953 2508 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
18:33:10.0734 2508 SRTSP - ok
18:33:10.0781 2508 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
18:33:10.0843 2508 SRTSPX - ok
18:33:11.0015 2508 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:33:11.0437 2508 Srv - ok
18:33:11.0515 2508 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:33:11.0984 2508 SSDPSRV - ok
18:33:12.0093 2508 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
18:33:12.0218 2508 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:33:12.0218 2508 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:33:12.0359 2508 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:33:13.0000 2508 stisvc - ok
18:33:13.0078 2508 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:33:13.0796 2508 swenum - ok
18:33:13.0890 2508 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:33:14.0515 2508 swmidi - ok
18:33:14.0531 2508 SwPrv - ok
18:33:14.0718 2508 [ DAEC63566C399E59B91F8993A491D5DB ] SXDS10 C:\Programme\Gemeinsame Dateien\soft Xpansion\SXDS10.exe
18:33:15.0015 2508 SXDS10 ( UnsignedFile.Multi.Generic ) - warning
18:33:15.0015 2508 SXDS10 - detected UnsignedFile.Multi.Generic (1)
18:33:15.0031 2508 symc810 - ok
18:33:15.0062 2508 symc8xx - ok
18:33:15.0265 2508 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
18:33:15.0609 2508 SymDS - ok
18:33:15.0875 2508 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
18:33:16.0468 2508 SymEFA - ok
18:33:16.0656 2508 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:33:16.0734 2508 SymEvent - ok
18:33:16.0890 2508 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
18:33:16.0984 2508 SymIRON - ok
18:33:17.0140 2508 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
18:33:17.0328 2508 SYMTDI - ok
18:33:17.0343 2508 sym_hi - ok
18:33:17.0359 2508 sym_u3 - ok
18:33:17.0468 2508 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:33:17.0937 2508 sysaudio - ok
18:33:18.0062 2508 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:33:18.0609 2508 SysmonLog - ok
18:33:18.0718 2508 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:33:19.0218 2508 TapiSrv - ok
18:33:19.0437 2508 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:33:19.0703 2508 Tcpip - ok
18:33:19.0750 2508 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:33:20.0296 2508 TDPIPE - ok
18:33:20.0343 2508 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:33:20.0843 2508 TDTCP - ok
18:33:20.0875 2508 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:33:21.0562 2508 TermDD - ok
18:33:21.0750 2508 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
18:33:22.0343 2508 TermService - ok
18:33:22.0453 2508 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:33:22.0609 2508 Themes - ok
18:33:22.0687 2508 TosIde - ok
18:33:22.0843 2508 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:33:23.0593 2508 TrkWks - ok
18:33:23.0765 2508 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:33:24.0375 2508 Udfs - ok
18:33:24.0390 2508 ultra - ok
18:33:24.0593 2508 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:33:25.0187 2508 Update - ok
18:33:25.0281 2508 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:33:25.0843 2508 upnphost - ok
18:33:25.0921 2508 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
18:33:26.0406 2508 UPS - ok
18:33:26.0453 2508 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:33:26.0953 2508 usbccgp - ok
18:33:27.0031 2508 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:33:27.0562 2508 usbhub - ok
18:33:27.0593 2508 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:33:28.0062 2508 usbprint - ok
18:33:28.0109 2508 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
18:33:28.0640 2508 usbser - ok
18:33:28.0687 2508 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:33:29.0218 2508 USBSTOR - ok
18:33:29.0250 2508 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:33:29.0687 2508 usbuhci - ok
18:33:29.0765 2508 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:33:30.0343 2508 VgaSave - ok
18:33:30.0359 2508 ViaIde - ok
18:33:30.0468 2508 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:33:30.0953 2508 VolSnap - ok
18:33:31.0109 2508 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
18:33:31.0687 2508 VSS - ok
18:33:31.0828 2508 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
18:33:32.0406 2508 W32Time - ok
18:33:32.0468 2508 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:33:33.0031 2508 Wanarp - ok
18:33:33.0203 2508 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:33:33.0578 2508 Wdf01000 - ok
18:33:33.0609 2508 WDICA - ok
18:33:33.0750 2508 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:33:34.0250 2508 wdmaud - ok
18:33:34.0312 2508 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:33:34.0734 2508 WebClient - ok
18:33:34.0906 2508 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:33:35.0359 2508 winmgmt - ok
18:33:35.0500 2508 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:33:36.0031 2508 WmdmPmSN - ok
18:33:36.0171 2508 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:33:36.0671 2508 WmiApSrv - ok
18:33:37.0062 2508 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:33:37.0750 2508 WPFFontCache_v0400 - ok
18:33:37.0828 2508 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:33:38.0515 2508 wscsvc - ok
18:33:38.0578 2508 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:33:39.0062 2508 wuauserv - ok
18:33:39.0281 2508 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:33:39.0921 2508 WZCSVC - ok
18:33:40.0015 2508 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:33:40.0546 2508 xmlprov - ok
18:33:40.0593 2508 ================ Scan global ===============================
18:33:40.0687 2508 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
18:33:40.0875 2508 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:33:41.0000 2508 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:33:41.0093 2508 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
18:33:41.0093 2508 [Global] - ok
18:33:41.0109 2508 ================ Scan MBR ==================================
18:33:41.0171 2508 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
18:33:43.0625 2508 \Device\Harddisk0\DR0 - ok
18:33:43.0640 2508 ================ Scan VBR ==================================
18:33:43.0656 2508 [ 9A345D0CA7625E8B638D31A135AB55E1 ] \Device\Harddisk0\DR0\Partition1
18:33:43.0656 2508 \Device\Harddisk0\DR0\Partition1 - ok
18:33:43.0734 2508 [ 73E3C56B81359A0D4D2EE35BEE3A0353 ] \Device\Harddisk0\DR0\Partition2
18:33:43.0765 2508 \Device\Harddisk0\DR0\Partition2 - ok
18:33:43.0812 2508 [ FD0F487814F347E848C8681238D3127A ] \Device\Harddisk0\DR0\Partition3
18:33:43.0812 2508 \Device\Harddisk0\DR0\Partition3 - ok
18:33:43.0843 2508 ============================================================
18:33:43.0843 2508 Scan finished
18:33:43.0843 2508 ============================================================
18:33:44.0015 2500 Detected object count: 3
18:33:44.0015 2500 Actual detected object count: 3
18:39:53.0125 2500 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:53.0125 2500 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:53.0125 2500 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:53.0125 2500 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:53.0125 2500 SXDS10 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:53.0125 2500 SXDS10 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:00.0937 0732 Deinitialize success
|
|
04.04.2013, 23:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2013, 20:36
| #11 |
| | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo Cosinus, der Scan von COMBOFIX ist problemlos durchgelaufen. Die Konsole musste neu geladen werden. Eine logfile wurde erstellt. Bevor ich aber wieder das Trojaner-board aufrufen wollte, habe ich wieder meine Antivirensoftware aktiviert. Beim Aktivieren von Malwarebytes hat sich der Rechner aufgehängt. Einen Hardware Reset musste ich machen. Booten war OK. Die Fehlermeldung kam nicht. Die Malwarebytes konnte ich problemlos aktivieren. Firefox startet weiterhin verspätet. Am Anfang des logfiles steht "FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}" McAfee Firewall habe ich aber nicht mehr! HINWEIS: !!! Ich bin am Sonnabend und Sonntag NICHT im Netz! Erst wieder am Sonntagabend !!!! Ein schönes Wochenende wünsche ich Dir. Grüße Anbei die logfile Code:
ATTFilter Combofix Logfile: |
|
06.04.2013, 16:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2013, 18:53
| #13 |
| | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo Cosinus, ich hoffe, Du hattest auch ein schönes Wochenende verbracht. JRT lief problemlos durch. Anbei der logfile. Grüße Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Microsoft Windows XP x86
Ran by MS on 07.04.2013 at 18:59:50,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1060284298-1647877149-682003330-1004\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Dokumente und Einstellungen\MS\Anwendungsdaten\mozilla\firefox\profiles\lf1nr5fj.default\user.js
Successfully deleted: [File] C:\Dokumente und Einstellungen\MS\Anwendungsdaten\mozilla\firefox\profiles\lf1nr5fj.default\searchplugins\conduit.xml
Successfully deleted the following from C:\Dokumente und Einstellungen\MS\Anwendungsdaten\mozilla\firefox\profiles\lf1nr5fj.default\prefs.js
user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
user_pref("keyword.URL", "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.04.2013 at 19:42:59,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
08.04.2013, 10:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Was ist mit den anderen Logs?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2013, 17:58
| #15 |
| | Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. Hallo Cosinus, war ein Denkfehler von mir. adwCleaner lief problemlos. Nur 1x Neustart. OLT lief auch problemlos. Anbei alle 4 logfiles. Grüße Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Microsoft Windows XP x86
Ran by MS on 07.04.2013 at 18:59:50,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1060284298-1647877149-682003330-1004\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Dokumente und Einstellungen\MS\Anwendungsdaten\mozilla\firefox\profiles\lf1nr5fj.default\user.js
Successfully deleted: [File] C:\Dokumente und Einstellungen\MS\Anwendungsdaten\mozilla\firefox\profiles\lf1nr5fj.default\searchplugins\conduit.xml
Successfully deleted the following from C:\Dokumente und Einstellungen\MS\Anwendungsdaten\mozilla\firefox\profiles\lf1nr5fj.default\prefs.js
user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
user_pref("keyword.URL", "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.04.2013 at 19:42:59,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 08/04/2013 um 18:08:13 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : MS - MS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\MS\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Programme\mozilla firefox\searchplugins\Search the web.src
Ordner Gelöscht : C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\Conduit
Ordner Gelöscht : C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\welcome@toolmin.com
Ordner Gelöscht : C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\Conduit
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1194 octets] - [08/04/2013 18:08:13]
########## EOF - C:\AdwCleaner[S1].txt - [1254 octets] ##########
[/CODE] OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.04.2013 18:30:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MS\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 54,15% Memory free 2,98 Gb Paging File | 2,59 Gb Available in Paging File | 86,80% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,25 Gb Total Space | 19,16 Gb Free Space | 51,45% Space Free | Partition Type: NTFS Drive D: | 34,35 Gb Total Space | 5,19 Gb Free Space | 15,11% Space Free | Partition Type: NTFS Drive E: | 2,92 Gb Total Space | 1,56 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Computer Name: MS-PC | User Name: MS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Norton 360\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\PerfectDisk_11_Pro\PDAgent.exe (Raxco Software, Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (N360) -- C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation) SRV - (PDAgent) -- C:\Programme\PerfectDisk_11_Pro\PDAgent.exe (Raxco Software, Inc.) SRV - (PDEngine) -- C:\Programme\PerfectDisk_11_Pro\PDEngine.exe (Raxco Software, Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (SXDS10) -- C:\Programme\Gemeinsame Dateien\soft Xpansion\SXDS10.exe (soft Xpansion) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PROCEXP150) -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\MS\LOKALE~1\Temp\catchme.sys File not found DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130322.001\BHDrvx86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130405.005\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130405.005\NAVENG.SYS (Symantec Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130404.001\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys (Symantec Corporation) DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\..\SearchScopes\{FB909426-9B52-425D-8336-755FB1C8F597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:1.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.11 14:17:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013.04.08 18:16:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.10.01 19:25:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.08 17:18:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.08 17:18:30 | 000,000,000 | ---D | M] [2010.09.07 19:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Extensions [2013.04.08 18:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions [2011.01.28 19:49:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.08 22:45:50 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} [2013.04.07 19:49:37 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Mozilla\Firefox\Profiles\lf1nr5fj.default\extensions\toolbar@web.de [2013.03.08 17:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 17:18:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 17:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2013.03.08 17:18:09 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2013.03.08 17:18:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.01.19 20:07:45 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.19 20:07:45 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.01.19 20:07:45 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.01.19 20:07:45 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.12 21:28:08 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml [2013.01.19 20:07:45 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.19 20:07:45 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.05 20:49:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863 O7 - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKU\S-1-5-21-1060284298-1647877149-682003330-1004\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357406469017 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C94311B-E53A-4875-BFA2-CDC8B70F1F17}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.07 13:59:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.07 19:53:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Desktop\Scans_2013-04-07 [2013.04.07 18:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.04.07 18:59:13 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.05 20:33:47 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.04.05 20:30:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.04.05 20:30:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.04.05 20:30:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.04.05 20:30:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.04.05 20:29:59 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.04.05 20:24:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.05 20:21:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2013.04.05 20:21:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\MS\Startmenü\Programme\Verwaltung [2013.04.05 20:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.04.05 20:16:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2013.04.05 19:58:34 | 005,047,274 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\MS\Desktop\ComboFix.exe [2013.04.04 18:26:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.04.04 18:10:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Desktop\Scans_2013-04-04 [2013.04.03 14:29:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\MS\Recent [2013.04.03 13:35:26 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\MS\Desktop\tdsskiller.exe [2013.04.02 23:34:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\MS\Desktop\aswMBR.exe [2013.04.02 21:57:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Desktop\Scans_2013-03-31 [2013.04.01 11:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Architect [2013.03.31 13:06:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Anwendungsdaten\Malwarebytes [2013.03.31 13:03:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.03.31 13:02:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.03.31 13:02:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.03.31 13:02:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.03.26 20:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.22 18:14:39 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013.03.22 18:14:38 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013.03.19 22:56:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Desktop\Klavier [2013.03.16 19:55:10 | 015,859,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013.03.09 19:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MS\Eigene Dateien\Steuer-Sparbuch [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.08 18:15:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.08 18:15:19 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2013.04.07 18:54:06 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\adwcleaner.exe [2013.04.07 18:30:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.05 20:49:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.04.05 20:34:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.04.05 20:03:16 | 005,047,274 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\MS\Desktop\ComboFix.exe [2013.04.03 14:28:52 | 000,037,902 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\cc_20130403_142845.reg [2013.04.03 13:35:29 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\MS\Desktop\tdsskiller.exe [2013.04.02 23:35:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\MS\Desktop\aswMBR.exe [2013.04.02 20:58:30 | 023,019,081 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\Desktop\Vollständiger Verlauf.mcf [2013.03.31 13:04:18 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.31 12:32:19 | 000,516,414 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.03.31 12:32:19 | 000,493,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.03.31 12:32:19 | 000,100,804 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.31 12:32:19 | 000,083,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.03.26 20:23:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MS\Desktop\OTL.exe [2013.03.26 20:22:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.20 18:11:03 | 000,002,224 | ---- | M] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 18:07:27 | 000,002,672 | ---- | M] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.18 21:56:33 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.03.16 19:55:34 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.03.16 19:55:34 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.03.16 19:55:11 | 015,859,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2013.03.09 20:43:34 | 000,000,537 | ---- | M] () -- C:\WINDOWS\wiso.ini [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.07 18:53:44 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\adwcleaner.exe [2013.04.05 20:34:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.04.05 20:33:54 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.04.05 20:30:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.04.05 20:30:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.04.05 20:30:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.04.05 20:30:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.04.05 20:30:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.04.03 14:28:50 | 000,037,902 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\cc_20130403_142845.reg [2013.04.02 20:57:46 | 023,019,081 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Desktop\Vollständiger Verlauf.mcf [2013.03.31 13:04:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 20:22:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\defogger_reenable [2013.03.20 18:11:01 | 000,002,224 | ---- | C] () -- C:\{3D5ACB3C-9197-41E7-8EEF-79C6862ABAFC} [2013.03.20 18:07:27 | 000,002,672 | ---- | C] () -- C:\{3A81EAD9-C923-4731-89E1-269CCB30A1B5} [2013.03.09 18:20:33 | 000,000,537 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.02.02 17:50:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2013.02.02 17:50:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2013.02.02 17:49:57 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2013.02.02 17:48:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT [2013.02.02 17:48:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012.02.24 19:20:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.28 18:09:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini [2011.11.23 23:04:09 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011.11.09 21:17:20 | 002,681,344 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2011.09.27 18:42:28 | 000,000,457 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\clipdat2.rdf [2011.01.26 19:41:04 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.26 19:35:58 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.07.07 14:10:10 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\MS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.01.12 21:17:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.04.2013 18:30:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,25 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 54,15% Memory free
2,98 Gb Paging File | 2,59 Gb Available in Paging File | 86,80% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,25 Gb Total Space | 19,16 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
Drive D: | 34,35 Gb Total Space | 5,19 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 1,56 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
Computer Name: MS-PC | User Name: MS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1060284298-1647877149-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1FD1567B-0129-4FA0-914C-F3E02833F77B}" = soft Xpansion Perfect PDF 5 Premium
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E281D5E-A6AE-41AB-8514-C3FB0ED6CAF9}_is1" = PC-WELT Sicherheits-Check 1.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J220
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FreeCommander_is1" = FreeCommander 2009.02a
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Nokia PC Suite" = Nokia PC Suite
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.02.2012 05:47:44 | Computer Name = MS-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 24.02.2012 15:53:49 | Computer Name = MS-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 18.03.2012 15:06:43 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FreeCommander.exe, Version 2009.2.0.410, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2012 11:08:34 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.1.4421, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2012 11:08:35 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.1.4421, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.03.2012 11:16:59 | Computer Name = MS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.1.4421, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 11.04.2012 12:57:53 | Computer Name = MS-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
[ System Events ]
Error - 08.04.2013 11:56:17 | Computer Name = MS-PC | Source = DCOM | ID = 10010
Description = Der Server "{22DAA0A2-0E27-4CC4-9588-EEEE76358306}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 08.04.2013 11:57:44 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.
Error - 08.04.2013 11:57:45 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 08.04.2013 11:58:43 | Computer Name = MS-PC | Source = DCOM | ID = 10010
Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 08.04.2013 11:59:39 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 08.04.2013 11:59:39 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.04.2013 12:18:11 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 08.04.2013 12:18:12 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.04.2013 12:18:49 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.
Error - 08.04.2013 12:18:49 | Computer Name = MS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
[/CODE] |
|
| Themen zu Leerlaufprozess bei 95% trotzdem startet jede Anwendung erst nach 2 Min nach dem booten. |
| adobe, bho, booten, cdburnerxp, converter, einstellungen, error, expert pdf, explorer, festplatte, firefox, format, home, leerlaufprozess, logfile, microsoft, mozilla, nvidia, plug-in, programm, realtek, rechner verlangsamt, registry, scan, search the web, software, symantec, temp, udp, windows xp, wiso |
Linear-Darstellung
