![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP Hallo liebe TBs, wie ich bei Suchen im Forum feststellen konnte, haben einige Nutzer das gleiche Problem wie ich : Beim Surfen im Internet wurde plötzlich der PC gesperrt mit einer Meldung der GVU, dass man gegen gewisse Gesetze verstoßen hat und sich darum über paysafe für 100 EUR "freikaufen" kann. Nach einigem Googeln auf meinem anderen Rechner gehe ich davon aus, dass wir uns den tollen GVU Trojaner eingefangen haben. Der PC ist ein Samsung Netbook N140 mit Windows XP. Beim Starten des Rechners kommt nach der Anmeldung des Nutzers (wir haben nur einen Nutzer eingerichtet) sofort die GVU-Sperre auf. Anhand der anderen Threads zum Thema vermute ich, dass ich jetzt erstmal im abgesicherten Modus starten und Logfiles erstellen muss? Falls dem so ist, wäre ich für eine detaillierte Beschreibung sehr dankbar. Mir sind vor allem meine Emails in Outlook Express sehr wichtig, da darin mein gesamter Mailverkehr der letzten Jahre abgelegt ist (und ich davon schlauerweise natürlich keine Sicherheitskopie gemacht habe).. :-( Für eure Hilfe bin ich euch schon im Voraus dankbar! |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP hi
__________________versuch mal neuzustarten, drücke f8 und wähle den abges modus. dann versuche via stick otl rüberzukopieren. logs dann auf dem selben Weg auf das andere System zum posten. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________sorry für meine verspätete Annwort - kam leider nicht früher dazu, deine Tipps zu befolgen. Jedenfalls hab ich das Problem, dass ich die Kiste nicht mal im abgesicherten Modus starten kann - alle 3 Optionen (abgesicherter Modus, abgesicherter Modus mit Eingabeauffordung, abgesicherter Modus mit Netzwerktreiber) führt unmittelbar zu einem Bluescreen woraufhin dann der Samsung Load Screen erscheint und ich dann anschließend wieder im Auswahlmenü für den abgesicherten Modus lande.. Irgendwelche Ideen? Muss um jeden Preis an meine Daten rankommen ![]() Vielen Dank vorab und ein wunderschönes Wochenende! |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP hi, kommst du an nen pc mit brenner? download: ISO Burner - Download - Filepony isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die ![]() Textbox. Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe • Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/20/2013 9:21:48 PM - Run OTLPE by OldTimer - Version Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,014.00 Mb Total Physical Memory | 817.00 Mb Available Physical Memory | 81.00% Memory free 902.00 Mb Paging File | 844.00 Mb Available in Paging File | 94.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 59.05 Gb Total Space | 21.10 Gb Free Space | 35.73% Space Free | Partition Type: NTFS Drive D: | 83.00 Gb Total Space | 20.33 Gb Free Space | 24.49% Space Free | Partition Type: NTFS Drive E: | 3.78 Gb Total Space | 3.73 Gb Free Space | 98.88% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (HidServ) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2012/11/28 05:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/26 12:06:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/03 04:44:46 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2012/05/08 12:43:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/08 12:43:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/03 08:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/04/30 15:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2009/05/19 13:39:46 | 000,066,792 | ---- | M] (SRS Labs, Inc.) [Auto] -- C:\Programme\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe -- (SRS_WOWXT_Service) SRV - [2007/12/05 06:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/11/26 08:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007/06/27 12:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/04/03 03:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2013/04/03 03:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2012/06/03 04:44:46 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2012/05/08 12:43:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/08 12:43:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/05/03 08:07:08 | 000,526,608 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2012/04/30 15:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/01/09 12:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2012/01/09 12:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2012/01/09 12:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011/09/16 11:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/07/28 19:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009/07/01 05:50:00 | 000,237,952 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMC33F.sys -- (VMC33F) DRV - [2009/06/18 23:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009/06/18 23:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009/06/04 01:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009/05/23 02:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/05/18 13:27:10 | 000,233,512 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009/05/01 09:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CryptOSD.sys -- (CryptOSD) DRV - [2009/04/15 21:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2009/02/06 12:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/07/24 20:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008/02/04 20:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007/11/26 08:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007/11/26 08:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007/11/26 08:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007/11/26 08:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2005/10/27 00:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Ockenator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKU\Ockenator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\pdf xchange viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\pdf xchange viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Programme\Comodo\HopSurfToolbar\hopsurfext_ff3_5 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/05/23 00:30:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/09/26 12:06:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/29 13:46:27 | 000,000,000 | ---D | M] [2012/02/18 15:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/09/26 12:06:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [1999/12/31 11:00:00 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012/09/26 12:06:06 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/26 12:06:06 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/09/26 12:06:06 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/09/26 12:06:06 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/09/26 12:06:06 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/09/26 12:06:06 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - File not found O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe (BL) O4 - HKLM..\Run: [MagicKeyboard] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SUPBackground] File not found O4 - HKLM..\Run: [UserFaultCheck] File not found O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKU\Ockenator_ON_C..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\Ockenator_ON_C..\Run: [BatteryLifeExtender] File not found O4 - HKU\Ockenator_ON_C..\Run: [KiesAirMessage] File not found O4 - HKU\Ockenator_ON_C..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\Ockenator_ON_C..\Run: [Spotify] C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\Ockenator_ON_C..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\Ockenator_ON_C..\Run: [SpriteService] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Ockenator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\goxvqtks\oupibttg.exe) - File not found O20 - HKU\Ockenator_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\Ockenator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/05 09:27:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2013/05/18 05:36:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/05/18 05:31:54 | 000,000,000 | ---D | C] -- C:\8a7819e540a0dc55a5069c [2013/05/12 13:45:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\SelfMV [2013/05/12 13:32:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\Handykontakte [2013/05/12 13:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump [2013/05/12 13:25:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\NativeFus_Log [2013/05/12 13:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Samsung [2013/05/12 13:24:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Samsung [2013/05/12 13:24:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\samsung [2013/05/12 13:11:59 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2013/05/12 13:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2013/05/12 13:05:27 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys [2013/05/12 13:05:25 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys [2013/05/12 13:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MyFree Codec [2013/05/12 13:01:45 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec [2013/05/12 12:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung [2013/05/12 12:58:25 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll [2013/05/12 12:58:19 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2013/05/12 12:55:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll [2013/05/12 12:55:51 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys [2013/05/12 12:53:22 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2 [2013/05/12 12:48:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations [2013/05/12 12:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/18 07:30:25 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini [2013/05/18 07:29:28 | 000,000,261 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2013/05/18 07:26:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/05/18 07:26:15 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys [2013/05/18 07:20:25 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/05/18 05:30:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/05/18 05:01:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/05/13 15:49:09 | 000,680,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Case study.pdf [2013/05/12 16:41:48 | 000,093,568 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013/05/12 14:09:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/05/12 14:09:15 | 000,193,536 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/05/12 13:23:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2013/05/12 13:11:58 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Windows Media Player.lnk [2013/05/12 13:06:51 | 000,001,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies (Lite).lnk [2013/05/12 13:06:51 | 000,001,597 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies.lnk [2013/05/12 13:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MyFree Codec [2013/05/12 12:58:50 | 000,001,625 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk [2013/05/12 12:58:50 | 000,001,615 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2013/05/12 12:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung [2013/05/12 12:55:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013/05/12 12:55:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013/05/12 12:40:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2013/05/07 00:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/15 09:01:37 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini [2013/05/13 15:49:07 | 000,680,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Case study.pdf [2013/05/12 16:41:48 | 000,093,568 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013/05/12 13:23:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2013/05/12 13:11:57 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Windows Media Player.lnk [2013/05/12 13:06:51 | 000,001,607 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies (Lite).lnk [2013/05/12 13:06:51 | 000,001,597 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies.lnk [2013/05/12 12:58:50 | 000,001,625 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk [2013/05/12 12:58:49 | 000,001,615 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2013/05/12 12:40:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2013/04/18 13:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2013/04/18 13:06:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2013/04/18 13:06:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2013/04/18 13:06:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2013/04/18 13:06:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012/10/13 11:20:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012/05/07 12:28:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/27 05:37:53 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2012/02/27 05:37:53 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2012/02/16 02:28:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/11 22:51:11 | 000,001,011 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2012/01/03 23:15:37 | 000,000,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\setup64 [2011/06/20 16:47:41 | 000,003,669 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\.recently-used.xbel [2010/05/31 16:08:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/01/11 17:16:41 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/11/19 18:12:23 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\$_hpcst$.hpc [2009/11/12 08:37:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009/10/13 16:54:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2009/10/13 16:54:02 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2009/10/09 06:47:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/10/09 06:47:01 | 000,193,536 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/09 06:05:15 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2009/10/08 23:35:33 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Ockenator_KBD.ini [2009/10/08 18:52:10 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2009/10/08 18:46:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI [2009/10/08 18:41:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/10/08 18:31:36 | 000,000,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\RSTable.dat [2009/10/08 18:31:35 | 000,000,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdskr01.dat [2009/10/08 18:31:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdhkr01.dat [2009/10/08 18:31:35 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdstr01.dat [2009/10/08 18:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/08/05 19:35:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/08/05 18:01:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/08/05 18:01:34 | 000,449,842 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2009/08/05 18:01:34 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2009/08/05 18:01:34 | 000,081,314 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2009/08/05 18:01:34 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2009/08/05 18:01:26 | 000,433,470 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2009/08/05 18:01:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2009/08/05 18:01:26 | 000,068,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2009/08/05 18:01:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2009/08/05 18:01:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2009/08/05 18:01:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2009/08/05 18:01:25 | 000,122,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat [2009/08/05 18:01:25 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2009/08/05 18:01:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2009/08/05 18:01:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2009/08/05 18:01:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2009/08/05 18:01:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2009/08/05 18:01:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2009/08/05 10:47:17 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe [2009/08/05 10:19:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/05 10:18:56 | 000,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/08/05 09:40:45 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2009/08/05 09:40:45 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini [2009/08/05 09:40:42 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2009/08/05 09:40:42 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2009/08/05 09:40:42 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2009/08/05 09:40:42 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2009/08/05 09:40:42 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2009/08/05 09:40:42 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2009/08/05 09:40:42 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2009/08/05 09:40:42 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2009/08/05 09:40:42 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI [2009/08/05 09:40:42 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2009/08/05 09:40:42 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2009/08/05 09:40:42 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2009/08/05 09:40:42 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2009/08/05 09:40:42 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2009/08/05 09:40:42 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2009/08/05 09:40:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2009/08/05 09:40:42 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2009/08/05 09:35:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini [2009/08/05 09:34:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/08/05 09:34:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009/08/05 09:34:05 | 000,233,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [2009/08/05 09:31:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe [2009/08/05 09:31:31 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2009/08/05 09:29:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/08/05 09:25:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/06/20 04:15:04 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2009/05/01 10:24:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\osdauth.dat [2009/05/01 09:41:06 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\OSDSig.dat [2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2007/02/26 10:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat [2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2009/08/05 19:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore [2012/06/26 15:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Adguhi [2010/12/07 18:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Amazon [2012/07/20 15:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Buqiir [2012/07/22 14:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Caito [2012/10/13 11:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Canneverbe Limited [2010/06/20 13:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Canon [2012/05/12 07:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\CheckPoint [2012/07/20 15:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Daogf [2009/10/13 16:54:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\DonationCoder [2012/01/16 12:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Dropbox [2012/09/03 14:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\elsterformular [2011/06/20 16:46:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\gtk-2.0 [2012/06/26 15:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Puokag [2012/08/14 06:35:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Qamey [2013/05/12 13:24:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Samsung [2013/05/15 14:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify [2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite PC Agent [2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite Setup Wizard [2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite Software [2012/02/02 15:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\uTorrent [2012/10/13 11:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009/10/09 07:36:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010/06/16 18:29:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2010/06/20 13:55:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2012/05/12 07:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012/02/19 18:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CPA_VA [2009/10/13 16:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder [2012/09/03 14:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2009/10/09 06:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2012/02/18 18:50:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nF38702JjNdL38702 [2013/05/12 13:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SAMSUNG [2009/10/08 23:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2009/10/09 09:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinClon [2009/08/05 09:34:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013/05/18 05:31:55 | 000,000,000 | ---D | M] -- C:\8a7819e540a0dc55a5069c [2013/05/18 05:37:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011/02/27 11:25:35 | 000,000,000 | R--D | M] -- C:\Damien Rice [2010/03/19 10:08:40 | 000,000,000 | ---D | M] -- C:\DirectX [2009/10/08 23:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010/12/16 19:58:38 | 000,000,000 | ---D | M] -- C:\Ey mann wo is mein Auto [2009/08/05 09:31:57 | 000,000,000 | ---D | M] -- C:\Intel [2013/05/12 13:01:45 | 000,000,000 | R--D | M] -- C:\Programme [2009/10/09 00:08:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013/03/24 12:35:23 | 000,000,000 | ---D | M] -- C:\sd karte [2012/09/24 16:39:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013/02/18 15:53:33 | 000,000,000 | ---D | M] -- C:\Temp [2013/05/18 07:27:42 | 000,000,000 | ---D | M] -- C:\WINDOWS [2010/11/11 08:08:46 | 000,000,000 | ---D | M] -- C:\Wohnung < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe [2008/04/29 11:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Programme\CheckPoint\ZAForceField\Heuristics\explorer.exe < MD5 for: NETLOGON.DLL > [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe [2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Programme\CheckPoint\ZAForceField\Heuristics\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/08/05 11:18:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/08/05 11:18:33 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/08/05 11:18:33 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2013/03/01 21:53:29 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2013/03/01 21:53:30 | 002,004,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP bauf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\goxvqtks\oupibttg.exe) - File not found O20 - HKU\Ockenator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat () [2013/05/18 07:30:25 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini :Files :Commands [EMPTYFLASH] [emptytemp] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die ![]()
__________________ --> GVU Trojaner - PC gesperrt - Windows XP |
![]() | #8 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP lies bitte noch mal, du hast das otl log rienkopiert nicht meinen script als fix genutzt
![]() | #9 |
![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\goxvqtks\oupibttg.exe deleted successfully. Registry value HKEY_USERS\Ockenator_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat deleted successfully. C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat moved successfully. C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. Empty user temp failed. Cannot find local settings folders. %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 7178631 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 31969501 bytes Total Files Cleaned = 37.00 mb OTLPE by OldTimer - Version log created on 05212013_220342 konnte nicht direkt von der File fix.txt laden, musste deinen Fix so ins OPL Textfester reinkopieren.. ist das jetzt das, was du brauchst? danke vorab schon für Deine Hilfe - weiß das wirklich zu schätzen!! |
![]() | #10 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP Hi passt gucken ob du in den normalen Modus kommstund weiter mit dem Upload
![]() | #11 |
![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP konnte im normalen Modus starten, habe die zip-file eben über uploadchannel hochgeladen |
![]() | #12 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP dankee. Downloade dir bitte ![]()
![]() | #13 |
![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP 23:15:41.0078 3052 TDSS rootkit removing tool Feb 11 2013 18:50:42 23:15:41.0203 3052 ============================================================ 23:15:41.0203 3052 Current date / time: 2013/05/21 23:15:41.0203 23:15:41.0203 3052 SystemInfo: 23:15:41.0203 3052 23:15:41.0203 3052 OS Version: 5.1.2600 ServicePack: 3.0 23:15:41.0203 3052 Product type: Workstation 23:15:41.0203 3052 ComputerName: MINI 23:15:41.0203 3052 UserName: Ockenator 23:15:41.0203 3052 Windows directory: C:\WINDOWS 23:15:41.0203 3052 System windows directory: C:\WINDOWS 23:15:41.0203 3052 Processor architecture: Intel x86 23:15:41.0203 3052 Number of processors: 2 23:15:41.0203 3052 Page size: 0x1000 23:15:41.0203 3052 Boot type: Normal boot 23:15:41.0203 3052 ============================================================ 23:15:43.0265 3052 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 23:15:43.0281 3052 Drive \Device\Harddisk1\DR6 - Size: 0xF2800000 (3.79 Gb), SectorSize: 0x200, Cylinders: 0x1EE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 23:15:43.0296 3052 ============================================================ 23:15:43.0296 3052 \Device\Harddisk0\DR0: 23:15:43.0312 3052 MBR partitions: 23:15:43.0312 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE00D12, BlocksNum 0x7617AEE 23:15:43.0312 3052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8418800, BlocksNum 0xA600800 23:15:43.0312 3052 \Device\Harddisk1\DR6: 23:15:43.0312 3052 MBR partitions: 23:15:43.0312 3052 \Device\Harddisk1\DR6\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x79182F 23:15:43.0312 3052 ============================================================ 23:15:43.0343 3052 C: <-> \Device\Harddisk0\DR0\Partition1 23:15:43.0437 3052 D: <-> \Device\Harddisk0\DR0\Partition2 23:15:43.0437 3052 ============================================================ 23:15:43.0437 3052 Initialize success 23:15:43.0437 3052 ============================================================ 23:16:12.0515 3476 ============================================================ 23:16:12.0515 3476 Scan started 23:16:12.0515 3476 Mode: Manual; SigCheck; TDLFS; 23:16:12.0515 3476 ============================================================ 23:16:12.0843 3476 ================ Scan system memory ======================== 23:16:12.0859 3476 System memory - ok 23:16:12.0859 3476 ================ Scan services ============================= 23:16:13.0062 3476 Abiosdsk - ok 23:16:13.0078 3476 abp480n5 - ok 23:16:13.0125 3476 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:16:14.0375 3476 ACPI - ok 23:16:14.0421 3476 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 23:16:14.0687 3476 ACPIEC - ok 23:16:14.0703 3476 adpu160m - ok 23:16:14.0750 3476 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 23:16:15.0062 3476 aec - ok 23:16:15.0109 3476 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 23:16:15.0250 3476 AFD - ok 23:16:15.0250 3476 Aha154x - ok 23:16:15.0265 3476 aic78u2 - ok 23:16:15.0281 3476 aic78xx - ok 23:16:15.0312 3476 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 23:16:15.0578 3476 Alerter - ok 23:16:15.0625 3476 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 23:16:15.0812 3476 ALG - ok 23:16:15.0828 3476 AliIde - ok 23:16:15.0906 3476 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys 23:16:16.0156 3476 Ambfilt - ok 23:16:16.0171 3476 amsint - ok 23:16:16.0281 3476 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 23:16:16.0484 3476 AntiVirSchedulerService - ok 23:16:16.0515 3476 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 23:16:16.0640 3476 AntiVirService - ok 23:16:16.0656 3476 AppMgmt - ok 23:16:16.0750 3476 [ 74AD200C4E5454A884D7C711B6A906CF ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys 23:16:17.0015 3476 AR5416 - ok 23:16:17.0015 3476 asc - ok 23:16:17.0031 3476 asc3350p - ok 23:16:17.0031 3476 asc3550 - ok 23:16:17.0125 3476 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 23:16:17.0203 3476 aspnet_state - ok 23:16:17.0234 3476 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:16:17.0609 3476 AsyncMac - ok 23:16:17.0640 3476 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 23:16:17.0921 3476 atapi - ok 23:16:17.0921 3476 Atdisk - ok 23:16:17.0953 3476 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:16:18.0218 3476 Atmarpc - ok 23:16:18.0281 3476 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 23:16:18.0562 3476 AudioSrv - ok 23:16:18.0593 3476 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 23:16:18.0875 3476 audstub - ok 23:16:18.0906 3476 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 23:16:19.0015 3476 avgntflt - ok 23:16:19.0046 3476 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 23:16:19.0125 3476 avipbb - ok 23:16:19.0140 3476 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 23:16:19.0203 3476 avkmgr - ok 23:16:19.0265 3476 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 23:16:19.0531 3476 Beep - ok 23:16:19.0593 3476 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 23:16:19.0890 3476 BITS - ok 23:16:19.0937 3476 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 23:16:20.0359 3476 Browser - ok 23:16:20.0406 3476 [ D6407B9A012205E5754866E145165C29 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 23:16:20.0500 3476 btaudio - ok 23:16:20.0515 3476 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 23:16:20.0593 3476 BTDriver - ok 23:16:20.0656 3476 [ 75130181FA2FD6CBE83083C5311ABE78 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys 23:16:20.0781 3476 BTKRNL - ok 23:16:20.0843 3476 [ B90635B00D3D4D6EA8C21CCAF35BE55E ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe 23:16:20.0953 3476 btwdins - ok 23:16:20.0984 3476 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 23:16:21.0062 3476 BTWDNDIS - ok 23:16:21.0093 3476 [ 1166CB501E1C34750A91600579EFEAB3 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 23:16:21.0156 3476 BTWUSB - ok 23:16:21.0203 3476 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 23:16:21.0515 3476 cbidf2k - ok 23:16:21.0578 3476 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 23:16:21.0875 3476 CCDECODE - ok 23:16:21.0875 3476 cd20xrnt - ok 23:16:21.0937 3476 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 23:16:22.0203 3476 Cdaudio - ok 23:16:22.0234 3476 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 23:16:22.0578 3476 Cdfs - ok 23:16:22.0625 3476 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:16:22.0937 3476 Cdrom - ok 23:16:22.0953 3476 Changer - ok 23:16:23.0000 3476 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 23:16:23.0281 3476 CiSvc - ok 23:16:23.0312 3476 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 23:16:23.0593 3476 ClipSrv - ok 23:16:23.0640 3476 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:16:23.0734 3476 clr_optimization_v2.0.50727_32 - ok 23:16:23.0765 3476 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 23:16:24.0031 3476 CmBatt - ok 23:16:24.0046 3476 CmdIde - ok 23:16:24.0062 3476 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 23:16:24.0343 3476 Compbatt - ok 23:16:24.0343 3476 COMSysApp - ok 23:16:24.0359 3476 Cpqarray - ok 23:16:24.0421 3476 [ C914D18AB66B132E9C73F19F8F805F1F ] CryptOSD C:\WINDOWS\system32\DRIVERS\CryptOSD.sys 23:16:24.0546 3476 CryptOSD - ok 23:16:24.0593 3476 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 23:16:24.0875 3476 CryptSvc - ok 23:16:24.0890 3476 dac2w2k - ok 23:16:24.0906 3476 dac960nt - ok 23:16:24.0968 3476 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 23:16:25.0140 3476 DcomLaunch - ok 23:16:25.0171 3476 [ B575C523F537F24D66D31F8877E6BCAB ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys 23:16:25.0296 3476 dg_ssudbus - ok 23:16:25.0328 3476 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 23:16:25.0625 3476 Dhcp - ok 23:16:25.0687 3476 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 23:16:25.0953 3476 Disk - ok 23:16:25.0968 3476 dmadmin - ok 23:16:26.0031 3476 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 23:16:26.0359 3476 dmboot - ok 23:16:26.0406 3476 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 23:16:26.0703 3476 dmio - ok 23:16:26.0750 3476 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 23:16:27.0031 3476 dmload - ok 23:16:27.0078 3476 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 23:16:27.0375 3476 dmserver - ok 23:16:27.0390 3476 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 23:16:27.0671 3476 DMusic - ok 23:16:27.0718 3476 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 23:16:27.0875 3476 Dnscache - ok 23:16:27.0921 3476 [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO C:\WINDOWS\system32\MEMIO.SYS 23:16:27.0953 3476 DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning 23:16:27.0953 3476 DOSMEMIO - detected UnsignedFile.Multi.Generic (1) 23:16:27.0968 3476 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 23:16:28.0265 3476 Dot3svc - ok 23:16:28.0281 3476 dpti2o - ok 23:16:28.0312 3476 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 23:16:28.0640 3476 drmkaud - ok 23:16:28.0671 3476 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 23:16:28.0968 3476 EapHost - ok 23:16:29.0000 3476 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 23:16:29.0281 3476 ERSvc - ok 23:16:29.0328 3476 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 23:16:29.0406 3476 Eventlog - ok 23:16:29.0453 3476 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 23:16:29.0578 3476 EventSystem - ok 23:16:29.0609 3476 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 23:16:29.0890 3476 Fastfat - ok 23:16:29.0953 3476 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 23:16:30.0093 3476 FastUserSwitchingCompatibility - ok 23:16:30.0125 3476 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 23:16:30.0406 3476 Fdc - ok 23:16:30.0421 3476 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 23:16:30.0703 3476 Fips - ok 23:16:30.0750 3476 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 23:16:31.0015 3476 Flpydisk - ok 23:16:31.0078 3476 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 23:16:31.0359 3476 FltMgr - ok 23:16:31.0437 3476 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 23:16:31.0500 3476 FontCache3.0.0.0 - ok 23:16:31.0546 3476 [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 23:16:31.0609 3476 fssfltr - ok 23:16:31.0687 3476 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Programme\Windows Live\Family Safety\fsssvc.exe 23:16:31.0781 3476 fsssvc - ok 23:16:31.0812 3476 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:16:32.0140 3476 Fs_Rec - ok 23:16:32.0187 3476 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:16:32.0484 3476 Ftdisk - ok 23:16:32.0531 3476 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:16:32.0812 3476 Gpc - ok 23:16:32.0859 3476 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 23:16:33.0140 3476 HDAudBus - ok 23:16:33.0218 3476 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 23:16:33.0515 3476 helpsvc - ok 23:16:33.0531 3476 HidServ - ok 23:16:33.0562 3476 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:16:33.0843 3476 HidUsb - ok 23:16:33.0890 3476 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 23:16:34.0156 3476 hkmsvc - ok 23:16:34.0171 3476 hpn - ok 23:16:34.0234 3476 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 23:16:34.0343 3476 HTTP - ok 23:16:34.0390 3476 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 23:16:34.0656 3476 HTTPFilter - ok 23:16:34.0656 3476 i2omgmt - ok 23:16:34.0671 3476 i2omp - ok 23:16:34.0718 3476 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 23:16:35.0046 3476 i8042prt - ok 23:16:35.0265 3476 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 23:16:35.0812 3476 ialm - ok 23:16:35.0890 3476 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:16:36.0031 3476 idsvc - ok 23:16:36.0062 3476 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 23:16:36.0343 3476 Imapi - ok 23:16:36.0406 3476 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 23:16:36.0687 3476 ImapiService - ok 23:16:36.0750 3476 [ B02A8A25192EE1C5E653628637AB6AAA ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys 23:16:36.0812 3476 InCDfs - ok 23:16:36.0843 3476 [ B49BD5B663E1AF9BF3233B782B70D865 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys 23:16:36.0906 3476 InCDPass - ok 23:16:36.0921 3476 [ 8FD364EDBD97983575CEE3E8909E62B4 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys 23:16:36.0968 3476 InCDrec - ok 23:16:37.0000 3476 [ FC04E827133D54AB79CA254708F76CD0 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys 23:16:37.0062 3476 incdrm - ok 23:16:37.0171 3476 [ 067020BB8ABF1F6B80361051B2806C90 ] InCDsrv C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe 23:16:37.0343 3476 InCDsrv - ok 23:16:37.0359 3476 ini910u - ok 23:16:37.0546 3476 [ 0CACDCBBC8E6F11E2865C47BFC509848 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 23:16:38.0062 3476 IntcAzAudAddService - ok 23:16:38.0078 3476 IntelIde - ok 23:16:38.0125 3476 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 23:16:38.0468 3476 intelppm - ok 23:16:38.0484 3476 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 23:16:38.0765 3476 Ip6Fw - ok 23:16:38.0781 3476 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:16:39.0062 3476 IpFilterDriver - ok 23:16:39.0093 3476 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:16:39.0359 3476 IpInIp - ok 23:16:39.0406 3476 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:16:39.0687 3476 IpNat - ok 23:16:39.0734 3476 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:16:40.0015 3476 IPSec - ok 23:16:40.0062 3476 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 23:16:40.0218 3476 IRENUM - ok 23:16:40.0281 3476 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:16:40.0546 3476 isapnp - ok 23:16:40.0609 3476 [ EE8BED092A58A4FAEB08DC140729189E ] ISWKL C:\Programme\CheckPoint\ZAForceField\ISWKL.sys 23:16:40.0890 3476 ISWKL - ok 23:16:40.0921 3476 [ AA7FD6A7532EF23FDCFC030195C148F9 ] IswSvc C:\Programme\CheckPoint\ZAForceField\IswSvc.exe 23:16:41.0015 3476 IswSvc - ok 23:16:41.0109 3476 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 23:16:41.0296 3476 JavaQuickStarterService - ok 23:16:41.0328 3476 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:16:41.0656 3476 Kbdclass - ok 23:16:41.0703 3476 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys 23:16:41.0812 3476 KL1 - ok 23:16:41.0843 3476 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys 23:16:41.0921 3476 kl2 - ok 23:16:41.0937 3476 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys 23:16:42.0046 3476 KLIF - ok 23:16:42.0093 3476 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 23:16:42.0359 3476 kmixer - ok 23:16:42.0421 3476 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 23:16:42.0609 3476 KSecDD - ok 23:16:42.0640 3476 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 23:16:42.0765 3476 LanmanServer - ok 23:16:42.0812 3476 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 23:16:42.0906 3476 lanmanworkstation - ok 23:16:42.0921 3476 lbrtfdc - ok 23:16:43.0015 3476 [ CCAD2AAE36E24346488B0F54A049DE78 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 23:16:43.0109 3476 LightScribeService - ok 23:16:43.0156 3476 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 23:16:43.0437 3476 LmHosts - ok 23:16:43.0468 3476 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 23:16:43.0734 3476 Messenger - ok 23:16:43.0796 3476 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 23:16:44.0062 3476 mnmdd - ok 23:16:44.0109 3476 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 23:16:44.0375 3476 mnmsrvc - ok 23:16:44.0421 3476 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 23:16:44.0703 3476 Modem - ok 23:16:44.0796 3476 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys 23:16:44.0984 3476 Monfilt - ok 23:16:45.0000 3476 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:16:45.0281 3476 Mouclass - ok 23:16:45.0312 3476 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:16:45.0609 3476 mouhid - ok 23:16:45.0625 3476 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 23:16:45.0921 3476 MountMgr - ok 23:16:45.0968 3476 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 23:16:46.0046 3476 MozillaMaintenance - ok 23:16:46.0046 3476 mraid35x - ok 23:16:46.0093 3476 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:16:46.0359 3476 MRxDAV - ok 23:16:46.0421 3476 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:16:46.0578 3476 MRxSmb - ok 23:16:46.0625 3476 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 23:16:46.0906 3476 MSDTC - ok 23:16:46.0953 3476 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 23:16:47.0234 3476 Msfs - ok 23:16:47.0234 3476 MSIServer - ok 23:16:47.0265 3476 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:16:47.0546 3476 MSKSSRV - ok 23:16:47.0562 3476 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:16:47.0828 3476 MSPCLOCK - ok 23:16:47.0859 3476 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 23:16:48.0156 3476 MSPQM - ok 23:16:48.0203 3476 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:16:48.0484 3476 mssmbios - ok 23:16:48.0531 3476 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 23:16:48.0812 3476 MSTEE - ok 23:16:48.0859 3476 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 23:16:48.0968 3476 Mup - ok 23:16:48.0984 3476 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 23:16:49.0281 3476 NABTSFEC - ok 23:16:49.0328 3476 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 23:16:49.0625 3476 napagent - ok 23:16:49.0718 3476 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe 23:16:49.0828 3476 NBService - ok 23:16:49.0875 3476 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 23:16:49.0968 3476 NDIS - ok 23:16:50.0000 3476 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 23:16:50.0281 3476 NdisIP - ok 23:16:50.0312 3476 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:16:50.0421 3476 NdisTapi - ok 23:16:50.0453 3476 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:16:50.0734 3476 Ndisuio - ok 23:16:50.0765 3476 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:16:50.0843 3476 NdisWan - ok 23:16:50.0890 3476 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 23:16:50.0984 3476 NDProxy - ok 23:16:51.0031 3476 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 23:16:51.0343 3476 NetBIOS - ok 23:16:51.0406 3476 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 23:16:51.0687 3476 NetBT - ok 23:16:51.0734 3476 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 23:16:52.0015 3476 NetDDE - ok 23:16:52.0031 3476 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 23:16:52.0312 3476 NetDDEdsdm - ok 23:16:52.0359 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 23:16:52.0656 3476 Netlogon - ok 23:16:52.0687 3476 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 23:16:52.0968 3476 Netman - ok 23:16:53.0046 3476 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:16:53.0125 3476 NetTcpPortSharing - ok 23:16:53.0171 3476 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 23:16:53.0281 3476 Nla - ok 23:16:53.0421 3476 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe 23:16:53.0515 3476 NMIndexingService - ok 23:16:53.0593 3476 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe 23:16:53.0671 3476 NMSAccess - ok 23:16:53.0750 3476 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 23:16:54.0078 3476 Npfs - ok 23:16:54.0125 3476 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 23:16:54.0453 3476 Ntfs - ok 23:16:54.0484 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 23:16:54.0765 3476 NtLmSsp - ok 23:16:54.0812 3476 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 23:16:55.0140 3476 NtmsSvc - ok 23:16:55.0187 3476 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 23:16:55.0453 3476 Null - ok 23:16:55.0484 3476 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:16:55.0765 3476 NwlnkFlt - ok 23:16:55.0781 3476 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:16:56.0062 3476 NwlnkFwd - ok 23:16:56.0093 3476 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 23:16:56.0359 3476 Parport - ok 23:16:56.0421 3476 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 23:16:56.0687 3476 PartMgr - ok 23:16:56.0734 3476 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 23:16:57.0000 3476 ParVdm - ok 23:16:57.0062 3476 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 23:16:57.0328 3476 PCI - ok 23:16:57.0343 3476 PCIDump - ok 23:16:57.0390 3476 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 23:16:57.0671 3476 PCIIde - ok 23:16:57.0718 3476 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 23:16:58.0031 3476 Pcmcia - ok 23:16:58.0031 3476 PDCOMP - ok 23:16:58.0046 3476 PDFRAME - ok 23:16:58.0062 3476 PDRELI - ok 23:16:58.0062 3476 PDRFRAME - ok 23:16:58.0078 3476 perc2 - ok 23:16:58.0093 3476 perc2hib - ok 23:16:58.0140 3476 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 23:16:58.0218 3476 PlugPlay - ok 23:16:58.0234 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 23:16:58.0515 3476 PolicyAgent - ok 23:16:58.0546 3476 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:16:58.0828 3476 PptpMiniport - ok 23:16:58.0828 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 23:16:59.0109 3476 ProtectedStorage - ok 23:16:59.0140 3476 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 23:16:59.0406 3476 PSched - ok 23:16:59.0453 3476 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:16:59.0734 3476 Ptilink - ok 23:16:59.0781 3476 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 23:16:59.0843 3476 PxHelp20 - ok 23:16:59.0859 3476 ql1080 - ok 23:16:59.0875 3476 Ql10wnt - ok 23:16:59.0875 3476 ql12160 - ok 23:16:59.0890 3476 ql1240 - ok 23:16:59.0906 3476 ql1280 - ok 23:16:59.0921 3476 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:17:00.0203 3476 RasAcd - ok 23:17:00.0250 3476 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 23:17:00.0531 3476 RasAuto - ok 23:17:00.0531 3476 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:17:00.0812 3476 Rasl2tp - ok 23:17:00.0843 3476 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 23:17:01.0140 3476 RasMan - ok 23:17:01.0187 3476 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:17:01.0468 3476 RasPppoe - ok 23:17:01.0500 3476 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 23:17:01.0765 3476 Raspti - ok 23:17:01.0812 3476 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:17:02.0125 3476 Rdbss - ok 23:17:02.0171 3476 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:17:02.0453 3476 RDPCDD - ok 23:17:02.0500 3476 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 23:17:02.0640 3476 RDPWD - ok 23:17:02.0671 3476 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 23:17:02.0968 3476 RDSessMgr - ok 23:17:03.0000 3476 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 23:17:03.0281 3476 redbook - ok 23:17:03.0312 3476 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 23:17:03.0578 3476 RemoteAccess - ok 23:17:03.0687 3476 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Programme\CyberLink\Shared files\RichVideo.exe 23:17:03.0765 3476 RichVideo - ok 23:17:03.0796 3476 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 23:17:04.0078 3476 RpcLocator - ok 23:17:04.0109 3476 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 23:17:04.0234 3476 RpcSs - ok 23:17:04.0281 3476 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 23:17:04.0593 3476 RSVP - ok 23:17:04.0656 3476 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 23:17:04.0796 3476 RTLE8023xp - ok 23:17:04.0812 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 23:17:05.0093 3476 SamSs - ok 23:17:05.0125 3476 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 23:17:05.0406 3476 SCardSvr - ok 23:17:05.0468 3476 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 23:17:05.0765 3476 Schedule - ok 23:17:05.0796 3476 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:17:05.0968 3476 Secdrv - ok 23:17:06.0000 3476 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 23:17:06.0265 3476 seclogon - ok 23:17:06.0296 3476 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 23:17:06.0562 3476 SENS - ok 23:17:06.0593 3476 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 23:17:06.0859 3476 Serial - ok 23:17:06.0906 3476 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 23:17:07.0171 3476 Sfloppy - ok 23:17:07.0234 3476 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 23:17:07.0546 3476 SharedAccess - ok 23:17:07.0578 3476 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 23:17:07.0640 3476 ShellHWDetection - ok 23:17:07.0656 3476 Simbad - ok 23:17:07.0703 3476 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 23:17:07.0875 3476 SkypeUpdate - ok 23:17:07.0906 3476 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 23:17:08.0187 3476 SLIP - ok 23:17:08.0203 3476 Sparrow - ok 23:17:08.0250 3476 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 23:17:08.0546 3476 splitter - ok 23:17:08.0609 3476 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 23:17:08.0718 3476 Spooler - ok 23:17:08.0750 3476 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 23:17:08.0921 3476 sr - ok 23:17:08.0953 3476 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 23:17:09.0125 3476 srservice - ok 23:17:09.0187 3476 [ 7D7AD4ABA007E20ACC35CAB03B28A935 ] SRS_PremiumSound_Service C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys 23:17:09.0281 3476 SRS_PremiumSound_Service - ok 23:17:09.0343 3476 [ 979B9C522C91BE3196E3220437BB2C38 ] SRS_WOWXT_Service C:\Programme\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe 23:17:09.0421 3476 SRS_WOWXT_Service - ok 23:17:09.0468 3476 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 23:17:09.0609 3476 Srv - ok 23:17:09.0656 3476 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 23:17:09.0937 3476 SSDPSRV - ok 23:17:09.0984 3476 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 23:17:10.0046 3476 ssmdrv - ok 23:17:10.0093 3476 [ CA22092117F4F8BA3700B4BF9962444A ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys 23:17:10.0187 3476 ssudmdm - ok 23:17:10.0218 3476 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys 23:17:10.0265 3476 StarOpen ( UnsignedFile.Multi.Generic ) - warning 23:17:10.0265 3476 StarOpen - detected UnsignedFile.Multi.Generic (1) 23:17:10.0296 3476 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys 23:17:10.0593 3476 StillCam - ok 23:17:10.0656 3476 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 23:17:10.0937 3476 stisvc - ok 23:17:10.0968 3476 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 23:17:11.0234 3476 streamip - ok 23:17:11.0296 3476 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 23:17:11.0609 3476 swenum - ok 23:17:11.0640 3476 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 23:17:11.0937 3476 swmidi - ok 23:17:11.0953 3476 SwPrv - ok 23:17:11.0953 3476 symc810 - ok 23:17:11.0968 3476 symc8xx - ok 23:17:11.0984 3476 sym_hi - ok 23:17:12.0000 3476 sym_u3 - ok 23:17:12.0046 3476 [ EA447F6DB6115E8A32352F9FAFFA824D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 23:17:12.0156 3476 SynTP - ok 23:17:12.0187 3476 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 23:17:12.0468 3476 sysaudio - ok 23:17:12.0500 3476 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 23:17:12.0765 3476 SysmonLog - ok 23:17:12.0828 3476 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 23:17:13.0109 3476 TapiSrv - ok 23:17:13.0171 3476 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:17:13.0281 3476 Tcpip - ok 23:17:13.0312 3476 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 23:17:13.0609 3476 TDPIPE - ok 23:17:13.0625 3476 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 23:17:13.0906 3476 TDTCP - ok 23:17:13.0937 3476 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 23:17:14.0234 3476 TermDD - ok 23:17:14.0265 3476 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 23:17:14.0546 3476 TermService - ok 23:17:14.0578 3476 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 23:17:14.0656 3476 Themes - ok 23:17:14.0671 3476 TosIde - ok 23:17:14.0718 3476 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 23:17:15.0000 3476 TrkWks - ok 23:17:15.0046 3476 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 23:17:15.0328 3476 Udfs - ok 23:17:15.0328 3476 ultra - ok 23:17:15.0375 3476 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 23:17:15.0703 3476 Update - ok 23:17:15.0734 3476 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 23:17:15.0937 3476 upnphost - ok 23:17:15.0953 3476 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 23:17:16.0234 3476 UPS - ok 23:17:16.0281 3476 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 23:17:16.0593 3476 usbccgp - ok 23:17:16.0625 3476 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:17:16.0906 3476 usbehci - ok 23:17:16.0921 3476 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:17:17.0203 3476 usbhub - ok 23:17:17.0250 3476 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:17:17.0609 3476 usbprint - ok 23:17:17.0656 3476 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 23:17:17.0953 3476 usbscan - ok 23:17:18.0000 3476 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:17:18.0312 3476 USBSTOR - ok 23:17:18.0359 3476 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 23:17:18.0625 3476 usbuhci - ok 23:17:18.0671 3476 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 23:17:18.0953 3476 usbvideo - ok 23:17:18.0984 3476 [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys 23:17:19.0156 3476 usb_rndisx - ok 23:17:19.0171 3476 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 23:17:19.0468 3476 VgaSave - ok 23:17:19.0484 3476 ViaIde - ok 23:17:19.0546 3476 [ C365E0B920B2233001210EC9C324AEDC ] VMC33F C:\WINDOWS\system32\Drivers\VMC33F.sys 23:17:19.0640 3476 VMC33F - ok 23:17:19.0671 3476 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 23:17:19.0968 3476 VolSnap - ok 23:17:20.0015 3476 [ 7DB9123AEB762953D130B6953B246BC0 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys 23:17:20.0109 3476 Vsdatant - ok 23:17:20.0156 3476 vsmon - ok 23:17:20.0187 3476 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 23:17:20.0375 3476 VSS - ok 23:17:20.0421 3476 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 23:17:20.0718 3476 W32Time - ok 23:17:20.0796 3476 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:17:21.0125 3476 Wanarp - ok 23:17:21.0125 3476 WDICA - ok 23:17:21.0156 3476 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 23:17:21.0421 3476 wdmaud - ok 23:17:21.0468 3476 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 23:17:21.0765 3476 WebClient - ok 23:17:21.0875 3476 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 23:17:22.0421 3476 winmgmt - ok 23:17:22.0484 3476 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 23:17:22.0718 3476 WmdmPmSN - ok 23:17:22.0750 3476 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 23:17:23.0218 3476 WmiApSrv - ok 23:17:23.0312 3476 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 23:17:23.0515 3476 WMPNetworkSvc - ok 23:17:23.0578 3476 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys 23:17:23.0718 3476 WpdUsb - ok 23:17:23.0765 3476 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 23:17:24.0296 3476 wscsvc - ok 23:17:24.0312 3476 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 23:17:24.0625 3476 WSTCODEC - ok 23:17:24.0671 3476 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 23:17:25.0015 3476 wuauserv - ok 23:17:25.0078 3476 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 23:17:25.0234 3476 WudfPf - ok 23:17:25.0281 3476 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 23:17:25.0375 3476 WudfRd - ok 23:17:25.0406 3476 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 23:17:25.0500 3476 WudfSvc - ok 23:17:25.0578 3476 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 23:17:25.0921 3476 WZCSVC - ok 23:17:25.0953 3476 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 23:17:26.0265 3476 xmlprov - ok 23:17:26.0281 3476 ================ Scan global =============================== 23:17:26.0328 3476 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 23:17:26.0375 3476 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 23:17:26.0390 3476 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 23:17:26.0406 3476 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 23:17:26.0421 3476 [Global] - ok 23:17:26.0421 3476 ================ Scan MBR ================================== 23:17:26.0437 3476 [ A0A345F7AB6F3BAC008FB0DE602E66CD ] \Device\Harddisk0\DR0 23:17:27.0015 3476 \Device\Harddisk0\DR0 - ok 23:17:27.0015 3476 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR6 23:17:27.0187 3476 \Device\Harddisk1\DR6 - ok 23:17:27.0187 3476 ================ Scan VBR ================================== 23:17:27.0187 3476 [ FE60D06EDFCC0E4C540D014D11B5E4A3 ] \Device\Harddisk0\DR0\Partition1 23:17:27.0203 3476 \Device\Harddisk0\DR0\Partition1 - ok 23:17:27.0218 3476 [ C92D27747642281D6D8B57783609D5DE ] \Device\Harddisk0\DR0\Partition2 23:17:27.0218 3476 \Device\Harddisk0\DR0\Partition2 - ok 23:17:27.0234 3476 [ A9993F6A7B3395B7F824571E9688942F ] \Device\Harddisk1\DR6\Partition1 23:17:27.0234 3476 \Device\Harddisk1\DR6\Partition1 - ok 23:17:27.0234 3476 ============================================================ 23:17:27.0234 3476 Scan finished 23:17:27.0234 3476 ============================================================ 23:17:27.0359 2896 Detected object count: 2 23:17:27.0359 2896 Actual detected object count: 2 23:19:05.0375 2896 DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user 23:19:05.0375 2896 DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:19:05.0375 2896 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 23:19:05.0375 2896 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip |
![]() | #14 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP Hi, Scan mit Combofix
![]() | #15 |
![]() | ![]() GVU Trojaner - PC gesperrt - Windows XP Combofix Logfile: Code:
ATTFilter ComboFix 13-05-21.01 - Ockenator 21.05.2013 21:07:55.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.554 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Ockenator\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\dokumente und einstellungen\Ockenator\4.0 c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Adguhi c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Adguhi\tuyhk.fui c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Buqiir c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Buqiir\atuv.kyy c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Daogf c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Daogf\otnyh.wok c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Puokag c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Puokag\bapu.uxe c:\windows\system32\_000006_.tmp.dll c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MICORSOFT_WINDOWS_SERVICE . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-21 bis 2013-05-21 )))))))))))))))))))))))))))))) . . 2013-05-21 05:15 . 2013-05-21 20:47 -------- d-----w- C:\_OTL 2013-05-21 05:10 . 2013-05-21 05:10 -------- d-----r- c:\dokumente und einstellungen\LocalService\Eigene Dateien 2013-05-18 09:31 . 2013-05-18 09:31 -------- d-----w- C:\8a7819e540a0dc55a5069c 2013-05-12 17:25 . 2013-05-12 17:25 -------- d-----w- c:\dokumente und einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Samsung 2013-05-12 17:24 . 2013-05-12 17:24 -------- d-----w- c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Samsung 2013-05-12 17:07 . 2008-04-14 12:00 26624 ----a-w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2013-05-12 17:05 . 2013-04-03 07:58 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-05-12 17:05 . 2013-04-03 07:58 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-05-12 17:01 . 2013-05-12 17:01 -------- d-----w- c:\programme\MyFree Codec 2013-05-12 16:58 . 2013-04-18 17:08 4659712 ----a-w- c:\windows\system32\Redemption.dll 2013-05-12 16:55 . 2013-04-18 17:06 821824 ----a-w- c:\windows\system32\dgderapi.dll 2013-05-12 16:55 . 2013-04-18 17:06 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2013-05-12 16:53 . 2013-05-12 16:53 -------- d-----w- c:\programme\Windows Media Connect 2 2013-05-12 16:48 . 2013-05-12 16:48 -------- d-----w- c:\dokumente und einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations 2013-05-12 16:40 . 2013-05-12 17:23 -------- d-----w- c:\windows\system32\drivers\UMDF . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-18 17:07 . 2013-04-18 17:07 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2013-04-18 17:07 . 2013-04-18 17:07 330240 ----a-w- c:\windows\MASetupCaller.dll 2013-04-18 17:07 . 2013-04-18 17:07 30568 ----a-w- c:\windows\MusiccityDownload.exe 2013-04-18 17:06 . 2013-04-18 17:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2013-04-18 17:06 . 2013-04-18 17:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2013-04-18 17:06 . 2013-04-18 17:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2013-04-18 17:06 . 2013-04-18 17:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2013-04-18 17:06 . 2013-04-18 17:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2013-04-18 17:06 . 2013-04-18 17:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2013-04-18 17:06 . 2013-04-18 17:06 569344 ----a-w- c:\windows\system32\muzdecode.ax 2013-04-18 17:06 . 2013-04-18 17:06 491520 ----a-w- c:\windows\system32\muzapp.dll 2013-04-18 17:06 . 2013-04-18 17:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2013-04-18 17:06 . 2013-04-18 17:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2013-04-18 17:06 . 2013-04-18 17:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2013-04-18 17:06 . 2013-04-18 17:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2013-04-18 17:06 . 2013-04-18 17:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2013-04-18 17:06 . 2013-04-18 17:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2013-04-18 17:06 . 2013-04-18 17:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2013-04-18 17:06 . 2013-04-18 17:06 245760 ----a-w- c:\windows\system32\MSCLib.dll 2013-04-18 17:06 . 2013-04-18 17:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2013-04-18 17:06 . 2013-04-18 17:06 200704 ----a-w- c:\windows\system32\muzwmts.dll 2013-04-18 17:06 . 2013-04-18 17:06 155648 ----a-w- c:\windows\system32\MSFLib.dll 2013-04-18 17:06 . 2013-04-18 17:06 143360 ----a-w- c:\windows\system32\3DAudio.ax 2013-04-18 17:06 . 2013-04-18 17:06 135168 ----a-w- c:\windows\system32\muzaf1.dll 2013-04-18 17:06 . 2013-04-18 17:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2013-04-18 17:06 . 2013-04-18 17:06 122880 ----a-w- c:\windows\system32\muzeffect.ax 2013-04-18 17:06 . 2013-04-18 17:06 118784 ----a-w- c:\windows\system32\MaDRM.dll 2013-04-18 17:06 . 2013-04-18 17:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2013-04-18 17:06 . 2009-08-05 13:34 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2013-04-12 14:00 . 2009-08-05 22:01 1876480 ----a-w- c:\windows\system32\win32k.sys 2013-03-08 08:36 . 2009-08-05 22:01 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2008-04-14 07:30 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-07 15:56 . 2009-08-05 22:01 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-02 01:53 . 2009-08-05 22:01 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 01:53 . 2009-08-05 22:01 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 01:53 . 2009-08-05 22:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:08 . 2009-08-05 22:01 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2009-08-05 13:23 2067456 ----a-w- c:\windows\system32\mstscax.dll 2012-09-26 16:06 . 2012-02-18 19:17 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify"="c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Spotify\Spotify.exe" [2013-04-24 4547584] "Spotify Web Helper"="c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe" [2013-04-24 1105408] "KiesPreload"="c:\programme\Samsung\Kies\Kies.exe" [2013-04-23 1561968] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480] "BatteryManager"="c:\programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2009-06-01 3153408] "DMHotKey"="c:\programme\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944] "UCam_Menu"="c:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "LGODDFU"="c:\programme\lg_fwupdate\fwupdate.exe" [2007-02-26 249856] "NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\programme\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480] "InCD"="c:\programme\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064] "CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544] "DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "ZoneAlarm"="c:\programme\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848] "KiesTrayAgent"="c:\programme\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584] Erinnerungen für Microsoft Works-Kalender.lnk - c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-5 53317] Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Dokumente und Einstellungen\\Ockenator\\Anwendungsdaten\\Spotify\\spotify.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.03.2012 23:01 36000] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [12.05.2012 13:35 11352] R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.03.2012 23:01 86224] R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [05.08.2009 15:31 4300] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [30.04.2012 21:05 27016] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [30.04.2012 21:05 497280] R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\programme\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [19.05.2009 19:39 66792] R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [01.05.2009 15:41 384896] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [05.08.2009 15:34 233512] R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [05.08.2009 15:36 237952] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [09.11.2012 12:21 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05.08.2009 15:33 1684736] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12.05.2013 19:05 83864] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12.05.2013 19:05 181912] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-12-05 10:27 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = FF - ProfilePath - c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Mozilla\Firefox\Profiles\b8bkeqe9.default\ FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN26266762648347-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=20c14cbe00000000000000265eb05146&q={searchTerms} FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN26266762648347-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=20c14cbe00000000000000265eb05146&q={searchTerms} FF - user.js: extensions.zonealarm_i.dnsErr - true FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26266762648347-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=20c14cbe00000000000000265eb05146&q= FF - user.js: extensions.zonealarm.id - 20c14cbe00000000000000265eb05146 FF - user.js: extensions.zonealarm.instlDay - 15472 FF - user.js: extensions.zonealarm.vrsn - FF - user.js: extensions.zonealarm.vrsni - FF - user.js: extensions.zonealarm_i.vrsnTs - FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1025 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN26266762648347-1001 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-BatteryLifeExtender - c:\programme\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe HKCU-Run-SpriteService - c:\programme\Sprite Software\Sprite Backup\SpriteService.exe HKCU-Run-KiesAirMessage - c:\programme\Samsung\Kies\KiesAirMessage.exe HKLM-Run-SUPBackground - c:\programme\Samsung\Samsung Update Plus\SUPBackground.exe HKLM-Run-MagicKeyboard - c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe HKLM-Run-ISW - (no file) AddRemove-MSNINST - c:\programme\MSN\MsnInstaller\msninst.exe AddRemove-WinRAR archiver - c:\programme\WinRAR\uninstall.exe AddRemove-Works2kSetup - c:\programme\Microsoft Works Suite 2000\Setup\Launcher.exe AddRemove-{145DE957-0679-4A2A-BB5C-1D3E9808FAB2} - c:\programme\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe AddRemove-{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2} - c:\programme\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\setup.exe AddRemove-{6A1F72DD-2465-43A2-A137-8A849399B7A8} - c:\programme\InstallShield Installation Information\{6A1F72DD-2465-43A2-A137-8A849399B7A8}\Install.exe AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-{F4F41D14-E0DD-4FB4-AA09-A14225C769BD} - c:\programme\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-05-21 21:36 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-953792537-315184200-2242276583-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*& ] @Class="Shell" @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-953792537-315184200-2242276583-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*& \OpenWithList] @Class="Shell" "a"="PDFCreator.exe" "MRUList"="a" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(832) c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(888) c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(2104) c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\windows\system32\btmmhook.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\Nero\Nero 7\InCD\InCDsrv.exe c:\programme\Java\jre7\bin\jqs.exe c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe c:\programme\CDBurnerXP\NMSAccessU.exe c:\programme\CyberLink\Shared files\RichVideo.exe c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\programme\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-05-21 22:00:58 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-05-21 20:00 . Vor Suchlauf: 13 Verzeichnis(se), 26.590.351.360 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 07074EFAD4A6F840DC51E6EC954ED3E3 |
![]() |
Themen zu GVU Trojaner - PC gesperrt - Windows XP |
abgesicherten, anmeldung, beim starten, emails, express, forum, gesperrt, gvu trojaner, internet, jahre, logfiles, meldung, modus, outlook, plötzlich, problem, rechner, starten, suche, surfen, thema, trojaner, wichtig, windows, windows xp |