| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 meldet Kritischen Fehler der FestplatteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.04.2011, 18:37
| #1 |
| |  TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Hallo liebe Gemeinde, ich bin neu hier und erhoffe mir Eure Hilfe. Habe mir wie auch immer den Trojaner Kazy.mekml.1 eingefangen. Ich habe vor ca. 3 Wochen erst mein Betriebssystem neu aufgesetzt und habe echt keinen Nerv das schon wieder zu machen. Also Hiiiiiiiiiiiiiiiiiiiiilfe  Zunächst zum System: Hardware: - Prozessor Intel Core2 Quad CPU Q9550@2,83GHz - 2 GB RAM - Intel SSD a2M040G2GC ATA als Startpartition - Samsung HD401LJ ATA Device - Samsung HD753LJ ATA Device - WDC WD5000AAKB-00H8A0 ATA Device Betriebssystem Windows 7 Professional 64bit mit allen akutellen updates Die Beschreibung der Fehler sind manigfaltig. Hier nur einige Auszüge: - Beschädigte Festplatten-Cluster gefunden. Private Dateien sind in Gefahr. - Das System hat ein Problem mit einem oder mehreren installierten IDE/Sata-Festplatten erkannt. Es wird empfohlen das System neu zu starten - Kritischer Fehler der Festplatte RAM-Speicher - Fehler in C:\ProgramData\44490504.exe - Windows konnte alle Daten für die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Dieser Fehler kann durch einen Ausfall der Hardware verursacht werden. Nach vielen googeln und massig lesen bin ich ratlos hier gelandet. Habe mich an die Beschreibung von *Coverflow* gehalten (http://www.trojaner-board.de/97571-t...tendefekt.html) und alles genau so gemacht. Außer die Systemwiederherstellung 1. Gmer-logfile [gmer hasn´t found any system modifiction] könnte wohl an der 64 bit Version liegen 2. Malwarbyte Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6412
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.04.2011 18:46:14
mbam-log-2011-04-21 (18-46-14).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Durchsuchte Objekte: 1126107
Laufzeit: 1 Stunde(n), 38 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
Infizierte Speicherprozesse:
c:\programdata\dlunqaybbo.exe (Trojan.Agent) -> 2680 -> Failed to unload process.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dlUnqaYBbo (Trojan.Agent) -> Value: dlUnqaYBbo -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\dlunqaybbo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\43966216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Local\Temp\err.log6067518 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Local\Temp\tmpD106.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Roaming\Adobe\plugs\kb6069530.exe (Trojan.Agent) -> Quarantined and deleted successfully.
f:\neuer ordner\removewga12.exe (PUP.RemoveWGA) -> Not selected for removal.
3. HijackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:49:09, on 21.04.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16766) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe D:\Program Files (x86)\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\FreePDF_XP\fpassist.exe C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\NOTEPAD.EXE I:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Google Calendar Sync.lnk = D:\Program Files (x86)\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8621 bytes] 4. HJTscanlist Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
21.04.2011 18:46 C:\ProgramData --------- 8192
C:\hiberfil.sys ---------
21.04.2011 08:33 C:\Program Files (x86) --------- 12288
21.04.2011 07:38 C:\System Volume Information --------- 4096
21.04.2011 07:31 C:\bootsqm.dat --------- 3560
21.04.2011 06:37 C:\Windows --------- 24576
19.04.2011 12:02 C:\ScanSoft --------- 0
30.03.2011 07:28 C:\Program Files --------- 8192
21.03.2011 16:14 C:\Temp --------- 0
17.03.2011 21:37 C:\MSOCache --------- 0
17.03.2011 18:49 C:\$Recycle.Bin --------- 0
17.03.2011 18:49 C:\Users --------- 4096
17.03.2011 18:49 C:\Recovery --------- 0
17.03.2011 18:49 C:\Programme --------- 0
17.03.2011 18:49 C:\Dokumente und Einstellungen --------- 0
14.07.2009 07:08 C:\Documents and Settings --------- 0
14.07.2009 05:20 C:\PerfLogs --------- 0
----------------------------------------
C:\Windows
21.04.2011 19:24 C:\Windows\bootstat.dat --------- 67584
21.04.2011 19:24 C:\Windows\WindowsUpdate.log --------- 1462705
21.04.2011 15:57 C:\Windows\setupact.log --------- 26813
21.04.2011 14:40 C:\Windows\ntbtlog.txt --------- 114802
19.04.2011 12:02 C:\Windows\FBDirect.INI --------- 135
18.03.2011 19:30 C:\Windows\msxml4-KB973688-enu.LOG --------- 283856
18.03.2011 19:30 C:\Windows\msxml4-KB954430-enu.LOG --------- 288518
17.03.2011 22:32 C:\Windows\Irremote.ini --------- 4767
17.03.2011 22:12 C:\Windows\DirectX.log --------- 25443
17.03.2011 21:37 C:\Windows\win.ini --------- 478
17.03.2011 21:14 C:\Windows\PFRO.log --------- 318
17.03.2011 18:39 C:\Windows\DtcInstall.log --------- 1774
17.03.2011 18:39 C:\Windows\TSSysprep.log --------- 1313
04.01.2011 17:10 C:\Windows\MusiccityDownload.exe --------- 30568
04.01.2011 17:10 C:\Windows\MASetupCaller.dll --------- 325552
04.01.2011 17:10 C:\Windows\MAMCityDownload.ocx --------- 90112
31.10.2009 08:34 C:\Windows\explorer.exe --------- 2870272
14.07.2009 06:54 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 06:51 C:\Windows\setuperr.log --------- 0
14.07.2009 03:39 C:\Windows\write.exe --------- 10240
14.07.2009 03:39 C:\Windows\splwow64.exe --------- 61952
14.07.2009 03:39 C:\Windows\regedit.exe --------- 427008
14.07.2009 03:39 C:\Windows\notepad.exe --------- 193536
14.07.2009 03:39 C:\Windows\hh.exe --------- 16896
14.07.2009 03:39 C:\Windows\HelpPane.exe --------- 733696
14.07.2009 03:39 C:\Windows\fveupdate.exe --------- 15360
14.07.2009 03:38 C:\Windows\bfsvc.exe --------- 71168
14.07.2009 03:16 C:\Windows\twain_32.dll --------- 51200
14.07.2009 03:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 03:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 01:06 C:\Windows\mib.bin --------- 43131
10.06.2009 23:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 23:41 C:\Windows\twain.dll --------- 94784
10.06.2009 23:08 C:\Windows\system.ini --------- 219
10.06.2009 22:52 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 22:36 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 22:31 C:\Windows\Starter.xml --------- 48201
10.06.2009 22:30 C:\Windows\Professional.xml --------- 53551
21.10.1998 18:43 C:\Windows\IsUn0407.exe --------- 328704
----------------------------------------
C:\Windows\System
----------------------------------------
C:\Windows\System32
21.04.2011 17:01 C:\Windows\system32\drivers --------- 65536
21.04.2011 16:49 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13248
21.04.2011 16:49 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13248
21.04.2011 16:03 C:\Windows\system32\perfh009.dat --------- 615810
21.04.2011 16:03 C:\Windows\system32\perfc009.dat --------- 106190
21.04.2011 16:03 C:\Windows\system32\perfh007.dat --------- 653928
21.04.2011 16:03 C:\Windows\system32\perfc007.dat --------- 129800
21.04.2011 16:03 C:\Windows\system32\PerfStringBackup.INI --------- 1498506
21.04.2011 10:54 C:\Windows\system32\config --------- 16384
21.04.2011 08:54 C:\Windows\system32\wdi --------- 4096
19.04.2011 12:01 C:\Windows\system32\Tasks --------- 4096
19.04.2011 09:03 C:\Windows\system32\FNTCACHE.DAT --------- 2362760
19.04.2011 09:02 C:\Windows\system32\migration --------- 0
19.04.2011 09:02 C:\Windows\system32\Boot --------- 0
18.04.2011 11:26 C:\Windows\system32\catroot --------- 0
18.04.2011 11:22 C:\Windows\system32\MRT.exe --------- 41455560
18.04.2011 10:51 C:\Windows\system32\catroot2 --------- 20480
11.04.2011 16:41 C:\Windows\system32\FxsTmp --------- 0
21.03.2011 16:54 C:\Windows\system32\DriverStore --------- 4096
18.03.2011 20:09 C:\Windows\system32\LogFiles --------- 4096
18.03.2011 19:33 C:\Windows\system32\NDF --------- 0
18.03.2011 19:24 C:\Windows\system32\de-DE --------- 327680
18.03.2011 19:20 C:\Windows\system32\en-US --------- 4096
17.03.2011 19:04 C:\Windows\system32\restore --------- 0
17.03.2011 18:55 C:\Windows\system32\CodeIntegrity --------- 0
17.03.2011 18:49 C:\Windows\system32\Recovery --------- 0
17.03.2011 18:45 C:\Windows\system32\license.rtf --------- 57035
17.03.2011 18:39 C:\Windows\system32\sysprep --------- 0
11.03.2011 08:19 C:\Windows\system32\mfc42u.dll --------- 1359872
11.03.2011 08:19 C:\Windows\system32\mfc42.dll --------- 1395712
08.03.2011 08:14 C:\Windows\system32\inetcomm.dll --------- 976896
03.03.2011 08:17 C:\Windows\system32\dnsrslvr.dll --------- 182272
03.03.2011 08:17 C:\Windows\system32\dnsapi.dll --------- 356352
03.03.2011 08:14 C:\Windows\system32\dnscacheugc.exe --------- 30208
03.03.2011 05:58 C:\Windows\system32\win32k.sys --------- 3133440
24.02.2011 08:30 C:\Windows\system32\XpsGdiConverter.dll --------- 476160
24.02.2011 08:29 C:\Windows\system32\wininet.dll --------- 1197056
24.02.2011 08:28 C:\Windows\system32\urlmon.dll --------- 1499136
24.02.2011 08:25 C:\Windows\system32\mstime.dll --------- 1026560
24.02.2011 08:25 C:\Windows\system32\mshtmled.dll --------- 97280
24.02.2011 08:25 C:\Windows\system32\mshtml.dll --------- 9311744
24.02.2011 08:25 C:\Windows\system32\msfeedsbs.dll --------- 82944
24.02.2011 08:25 C:\Windows\system32\msfeeds.dll --------- 703488
24.02.2011 08:24 C:\Windows\system32\licmgr10.dll --------- 57856
24.02.2011 08:24 C:\Windows\system32\jsproxy.dll --------- 64512
24.02.2011 08:24 C:\Windows\system32\ieui.dll --------- 247808
24.02.2011 08:24 C:\Windows\system32\iertutil.dll --------- 2447872
24.02.2011 08:24 C:\Windows\system32\iepeers.dll --------- 256000
24.02.2011 08:24 C:\Windows\system32\ieframe.dll --------- 12369408
24.02.2011 08:24 C:\Windows\system32\iedkcs32.dll --------- 445952
24.02.2011 08:21 C:\Windows\system32\msfeedssync.exe --------- 12288
24.02.2011 07:05 C:\Windows\system32\html.iec --------- 482816
24.02.2011 06:24 C:\Windows\system32\mshtml.tlb --------- 1638912
19.02.2011 08:36 C:\Windows\system32\atmlib.dll --------- 46080
19.02.2011 06:13 C:\Windows\system32\atmfd.dll --------- 367104
18.02.2011 08:37 C:\Windows\system32\vbscript.dll --------- 612352
18.02.2011 08:36 C:\Windows\system32\jscript.dll --------- 852480
12.02.2011 08:14 C:\Windows\system32\FXSCOVER.exe --------- 267776
05.02.2011 14:41 C:\Windows\system32\winresume.efi --------- 556928
05.02.2011 14:41 C:\Windows\system32\winload.efi --------- 640896
05.02.2011 14:41 C:\Windows\system32\kd1394.dll --------- 19328
05.02.2011 14:41 C:\Windows\system32\kdusb.dll --------- 20352
05.02.2011 14:41 C:\Windows\system32\kdcom.dll --------- 17792
05.02.2011 14:39 C:\Windows\system32\winresume.exe --------- 518160
05.02.2011 14:39 C:\Windows\system32\winload.exe --------- 603976
02.02.2011 18:11 C:\Windows\system32\MpSigStub.exe --------- 270720
26.01.2011 08:31 C:\Windows\system32\cdd.dll --------- 144384
17.01.2011 08:17 C:\Windows\system32\d3d10_1.dll --------- 197120
07.01.2011 10:07 C:\Windows\system32\XpsPrint.dll --------- 662528
05.01.2011 23:23 C:\Windows\system32\FsExService64.exe --------- 25960
23.12.2010 08:07 C:\Windows\system32\sbe.dll --------- 1118720
23.12.2010 08:07 C:\Windows\system32\CPFilters.dll --------- 961024
23.12.2010 08:07 C:\Windows\system32\EncDec.dll --------- 723968
23.12.2010 08:02 C:\Windows\system32\mpg2splt.ax --------- 259072
21.12.2010 08:16 C:\Windows\system32\wscsvc.dll --------- 97280
21.12.2010 08:16 C:\Windows\system32\wscapi.dll --------- 62976
21.12.2010 08:16 C:\Windows\system32\winsrv.dll --------- 214016
21.12.2010 08:16 C:\Windows\system32\winhttp.dll --------- 442880
21.12.2010 08:16 C:\Windows\system32\WebClnt.dll --------- 258048
21.12.2010 08:15 C:\Windows\system32\upnp.dll --------- 264192
21.12.2010 08:15 C:\Windows\system32\slwga.dll --------- 15360
21.12.2010 08:13 C:\Windows\system32\msxml3.dll --------- 1880576
21.12.2010 08:13 C:\Windows\system32\msxml6.dll --------- 2003968
21.12.2010 08:10 C:\Windows\system32\davclnt.dll --------- 100864
18.12.2010 08:12 C:\Windows\system32\mstscax.dll --------- 3138048
18.12.2010 08:11 C:\Windows\system32\kerberos.dll --------- 714752
18.12.2010 08:08 C:\Windows\system32\mstsc.exe --------- 1097216
02.11.2010 07:18 C:\Windows\system32\XpsRasterService.dll --------- 229888
02.11.2010 07:18 C:\Windows\system32\wmicmiplugin.dll --------- 524288
02.11.2010 07:17 C:\Windows\system32\taskschd.dll --------- 1169408
02.11.2010 07:17 C:\Windows\system32\taskcomp.dll --------- 473600
02.11.2010 07:16 C:\Windows\system32\schedsvc.dll --------- 1114624
02.11.2010 07:12 C:\Windows\system32\FntCache.dll --------- 1133568
02.11.2010 07:12 C:\Windows\system32\DWrite.dll --------- 1540608
02.11.2010 07:12 C:\Windows\system32\d3d10warp.dll --------- 1837568
02.11.2010 07:12 C:\Windows\system32\d3d10_1core.dll --------- 320512
02.11.2010 07:12 C:\Windows\system32\d2d1.dll --------- 902656
02.11.2010 07:10 C:\Windows\system32\taskeng.exe --------- 464384
02.11.2010 07:10 C:\Windows\system32\schtasks.exe --------- 285696
27.10.2010 07:18 C:\Windows\system32\ntoskrnl.exe --------- 5510528
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
21.04.2011 15:57 C:\Windows\Tasks\SA.DAT --------- 6
14.07.2009 07:08 C:\Windows\Tasks\SCHEDLGU.TXT --------- 11466
----------------------------------------
C:\Windows\Temp
21.04.2011 08:18 C:\Windows\Temp\Cookies --------- 0
21.04.2011 08:17 C:\Windows\Temp\History --------- 0
20.04.2011 10:59 C:\Windows\Temp\MpCmdRun.log --------- 5436
19.04.2011 09:07 C:\Windows\Temp\MpSigStub.log --------- 31344
18.04.2011 11:22 C:\Windows\Temp\KB2446708_20110418_111648272.html --------- 55144
18.04.2011 11:22 C:\Windows\Temp\KB2446708_20110418_111648272-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 9826452
18.04.2011 11:16 C:\Windows\Temp\KB2446708_10.0.30319 --------- 0
18.04.2011 11:16 C:\Windows\Temp\dd_clwireg.txt --------- 7228
22.03.2011 20:01 C:\Windows\Temp\contentDATs.exe --------- 499528
22.03.2011 20:01 C:\Windows\Temp\Temporary Internet Files --------- 0
21.03.2011 12:40 C:\Windows\Temp\KB2160841_20110321_113842304.html --------- 55238
21.03.2011 12:40 C:\Windows\Temp\KB2160841_20110321_113842304-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 5033050
21.03.2011 12:38 C:\Windows\Temp\KB2160841_10.0.30319 --------- 0
21.03.2011 12:38 C:\Windows\Temp\KB2473228_20110321_113824083.html --------- 55132
21.03.2011 12:38 C:\Windows\Temp\KB2473228_20110321_113824083-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 1141496
21.03.2011 12:38 C:\Windows\Temp\KB2473228_10.0.30319 --------- 0
21.03.2011 09:30 C:\Windows\Temp\dmiwu --------- 0
18.03.2011 19:25 C:\Windows\Temp\dd_dotNetFx40LP_Client_x86_x64de_decompression_log.txt --------- 1557
18.03.2011 19:25 C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20110318_182438076.html --------- 249986
18.03.2011 19:25 C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20110318_182438076-MSI_netfx_CoreLP_x64.msi.txt --------- 2146004
18.03.2011 19:24 C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_4.0.30319 --------- 0
18.03.2011 19:24 C:\Windows\Temp\dd_dotNetFx40_Client_x86_x64_decompression_log.txt --------- 1537
18.03.2011 19:24 C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20110318_182023420.html --------- 583494
18.03.2011 19:24 C:\Windows\Temp\dd_SetupUtility.txt --------- 660
18.03.2011 19:24 C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20110318_182023420-MSI_netfx_Core_x64.msi.txt --------- 7225034
18.03.2011 19:20 C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319 --------- 0
17.03.2011 23:05 C:\Windows\Temp\AVSETUP_4d827790 --------- 0
17.03.2011 20:09 C:\Windows\Temp\fwtsqmfile00.sqm --------- 140
17.03.2011 18:45 C:\Windows\Temp\TS_B997.tmp --------- 327680
17.03.2011 18:45 C:\Windows\Temp\TS_B65B.tmp --------- 458752
17.03.2011 18:45 C:\Windows\Temp\TS_B58F.tmp --------- 196608
17.03.2011 18:45 C:\Windows\Temp\TS_B2D0.tmp --------- 786432
17.03.2011 18:45 C:\Windows\Temp\TS_B224.tmp --------- 196608
17.03.2011 18:45 C:\Windows\Temp\TS_B0AC.tmp --------- 262144
17.03.2011 18:45 C:\Windows\Temp\TS_ADBF.tmp --------- 458752
17.03.2011 18:45 C:\Windows\Temp\TS_AD22.tmp --------- 327680
17.03.2011 18:45 C:\Windows\Temp\TS_AC08.tmp --------- 327680
17.03.2011 18:39 C:\Windows\Temp\FXSAPIDebugLogFile.txt --------- 0
17.03.2011 18:39 C:\Windows\Temp\FXSTIFFDebugLogFile.txt --------- 0
17.03.2011 18:39 C:\Windows\Temp\DMI225E.tmp --------- 0
17.03.2011 18:39 C:\Windows\Temp\DMI21A3.tmp --------- 0
----------------------------------------
C:\Users\NAME~1\AppData\Local\Temp
21.04.2011 18:48 C:\Users\NAME~1\AppData\Local\Temp\~DF28C0EE358620646A.TMP --------- 114688
21.04.2011 16:44 C:\Users\NAME~1\AppData\Local\Temp\amt.log --------- 9366
21.04.2011 16:44 C:\Users\NAMES~1\AppData\Local\Temp\alm.log --------- 3217
21.04.2011 16:44 C:\Users\NAME~1\AppData\Local\Temp\TWAIN.LOG --------- 695
21.04.2011 16:44 C:\Users\NAME~1\AppData\Local\Temp\Twunk001.MTX --------- 156
21.04.2011 16:44 C:\Users\NAME~1\AppData\Local\Temp\Twain001.Mtx --------- 3
21.04.2011 16:03 C:\Users\NAME~1\AppData\Local\Temp\uxlyapog.sys --------- 100480
21.04.2011 15:57 C:\Users\NAME~1\AppData\Local\Temp\WPDNSE --------- 0
21.04.2011 15:57 C:\Users\NAME~1\AppData\Local\Temp\AdobeARM.log --------- 55849
21.04.2011 15:57 C:\Users\NAME~1\AppData\Local\Temp\~DFDF17AF1597ED2CCC.TMP --------- 16384
21.04.2011 14:56 C:\Users\NAME~1\AppData\Local\Temp\CProgram Files (x86)Opera --------- 0
21.04.2011 14:41 C:\Users\NAME~1\AppData\Local\Temp\msdtadmin --------- 0
21.04.2011 10:56 C:\Users\NAME~1\AppData\Local\Temp\~DF55FBCD9D08309D60.TMP --------- 16384
21.04.2011 09:14 C:\Users\NAME~1\AppData\Local\Temp\~DF644D7DE12B6A89C7.TMP --------- 16384
21.04.2011 08:52 C:\Users\NAME~1\AppData\Local\Temp\~DFDF441EFC5ED42CE8.TMP --------- 16384
21.04.2011 08:50 C:\Users\NAME~1\AppData\Local\Temp\nscopy.tmp --------- 2947
21.04.2011 08:50 C:\Users\NAME~1\AppData\Local\Temp\nsemail.eml --------- 2763
21.04.2011 08:50 C:\Users\NAME~1\AppData\Local\Temp\nsmail.tmp --------- 2190
21.04.2011 08:50 C:\Users\NAME~1\AppData\Local\Temp\nsemail.html --------- 3542
21.04.2011 08:48 C:\Users\NAME~1\AppData\Local\Temp\MozillaMailnews --------- 0
21.04.2011 08:21 C:\Users\NAME~1\AppData\Local\Temp\~DF24F9329602E5AC37.TMP --------- 16384
21.04.2011 08:16 C:\Users\NAME~1\AppData\Local\Temp\~DF33D1013FEF146D0B.TMP --------- 16384
21.04.2011 07:32 C:\Users\NAME~1\AppData\Local\Temp\~DFA97680131553FE0C.TMP --------- 16384
20.04.2011 11:30 C:\Users\NAME~1\AppData\Local\Temp\~DF8290964EBE4D7BA0.TMP --------- 16384
20.04.2011 11:03 C:\Users\NAME~1\AppData\Local\Temp\~DF23EF36B117E90F4B.TMP --------- 16384
20.04.2011 10:54 C:\Users\NAME~1\AppData\Local\Temp\~DFFB1B93996FDFB8BA.TMP --------- 16384
19.04.2011 13:46 C:\Users\NAME~1\AppData\Local\Temp\hsperfdata_NAME Gehm --------- 0
19.04.2011 13:33 C:\Users\NAME~1\AppData\Local\Temp\java_install_reg.log --------- 4381
19.04.2011 12:18 C:\Users\NAME~1\AppData\Local\Temp\PDFDF95.tmp --------- 408826
19.04.2011 12:01 C:\Users\NAME~1\AppData\Local\Temp\{d7581b5f-8395-473e-b0bb-fb3e983bbff6} --------- 0
19.04.2011 11:54 C:\Users\NAME~1\AppData\Local\Temp\{469ea3a6-3d6a-49a0-a46c-92bfefd0f8d4} --------- 0
19.04.2011 11:53 C:\Users\NAME~1\AppData\Local\Temp\wmplog01.sqm --------- 1424
19.04.2011 11:51 C:\Users\NAME~1\AppData\Local\Temp\{257878fb-d6a5-42e8-83a9-c03030c30b61} --------- 0
19.04.2011 11:50 C:\Users\NAME~1\AppData\Local\Temp\pft6AA9~tmp --------- 0
19.04.2011 11:44 C:\Users\NAME~1\AppData\Local\Temp\msdt --------- 0
19.04.2011 11:43 C:\Users\NAME~1\AppData\Local\Temp\DMIBE13.tmp --------- 0
19.04.2011 11:37 C:\Users\NAME~1\AppData\Local\Temp\WZSE1.tmp --------- 0
19.04.2011 09:08 C:\Users\NAME~1\AppData\Local\Temp\E0DD.dir --------- 0
19.04.2011 09:08 C:\Users\NAME~1\AppData\Local\Temp\E0DD.tmp --------- 0
11.04.2011 17:47 C:\Users\NAME~1\AppData\Local\Temp\dd_vcredistUI5425.txt --------- 14254
11.04.2011 17:47 C:\Users\NAME~1\AppData\Local\Temp\dd_vcredistMSI5425.txt --------- 390446
11.04.2011 17:46 C:\Users\NAME~1\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51 --------- 0
11.04.2011 17:15 C:\Users\NAME~1\AppData\Local\Temp\wmplog00.sqm --------- 1588
11.04.2011 17:14 C:\Users\NAME~1\AppData\Local\Temp\RadioCenter.v1.0.9.gadget.~0000 --------- 1243321
11.04.2011 17:13 C:\Users\NAME~1\AppData\Local\Temp\ALDI_informiert.gadget.~0001 --------- 60135
11.04.2011 17:13 C:\Users\NAME~1\AppData\Local\Temp\ALDI_informiert.gadget.~0000 --------- 60135
11.04.2011 16:52 C:\Users\NAME~1\AppData\Local\Temp\DIMLog.txt --------- 2555
11.04.2011 16:52 C:\Users\NAME~1\AppData\Local\Temp\PCULog0.txt --------- 29357
11.04.2011 16:41 C:\Users\NAME~1\AppData\Local\Temp\FXSTIFFDebugLogFile.txt --------- 0
11.04.2011 16:38 C:\Users\NAME~1\AppData\Local\Temp\srvAEF4.tmp --------- 0
11.04.2011 16:38 C:\Users\NAME~1\AppData\Local\Temp\{7DBB1A4E-228C-48CF-BEC3-D4BAEF5EA7DB} --------- 0
11.04.2011 16:37 C:\Users\NAME~1\AppData\Local\Temp\CorelDRAW Graphics Suite X5 --------- 0
11.04.2011 16:37 C:\Users\NAME~1\AppData\Local\Temp\ICA7D122.log.xml --------- 113381
11.04.2011 16:37 C:\Users\NAME~1\AppData\Local\Temp\ICA7D122.log --------- 44635716
11.04.2011 16:35 C:\Users\NAME~1\AppData\Local\Temp\wmsetup.log --------- 5702
11.04.2011 16:30 C:\Users\NAME~1\AppData\Local\Temp\CAMSIC21.tmp --------- 325992
11.04.2011 16:25 C:\Users\NAME~1\AppData\Local\Temp\583F8B1A-2336-43EA-AE12-3A3FA61E551E --------- 0
11.04.2011 16:25 C:\Users\NAME~1\AppData\Local\Temp\ICAC0437.log.xml --------- 191539
11.04.2011 16:25 C:\Users\NAME~1\AppData\Local\Temp\ICAC0437.log --------- 15349238
11.04.2011 16:15 C:\Users\NAME~1\AppData\Local\Temp\PCULog2.txt --------- 4335
11.04.2011 16:15 C:\Users\NAME~1\AppData\Local\Temp\PCULog3.txt --------- 1130
11.04.2011 16:14 C:\Users\NAME~1\AppData\Local\Temp\ICA8696E.log.xml --------- 184759
11.04.2011 16:13 C:\Users\NAME~1\AppData\Local\Temp\ICA8696E.log --------- 19097446
11.04.2011 16:04 C:\Users\NAME~1\AppData\Local\Temp\0F1852A2-2267-4FF5-A55F-5FF79D474E89 --------- 0
11.04.2011 16:04 C:\Users\NAME~1\AppData\Local\Temp\ICAA93C7.log.xml --------- 187257
11.04.2011 16:03 C:\Users\NAME~1\AppData\Local\Temp\ICAA93C7.log --------- 15279318
11.04.2011 15:20 C:\Users\NAME~1\AppData\Local\Temp\DC4B.dir --------- 0
11.04.2011 15:20 C:\Users\NAME~1\AppData\Local\Temp\DC4B.tmp --------- 0
05.04.2011 16:20 C:\Users\NAME~1\AppData\Local\Temp\NERE09F.tmp --------- 0
04.04.2011 14:14 C:\Users\NAME~1\AppData\Local\Temp\690F.dir --------- 0
04.04.2011 14:14 C:\Users\NAME~1\AppData\Local\Temp\690F.tmp --------- 0
01.04.2011 21:27 C:\Users\NAME~1\AppData\Local\Temp\PDF9D3C.tmp --------- 83785
01.04.2011 20:53 C:\Users\NAME~1\AppData\Local\Temp\msohtmlclip1 --------- 0
01.04.2011 19:52 C:\Users\NAME~1\AppData\Local\Temp\VBE --------- 0
01.04.2011 19:49 C:\Users\NAME~1\AppData\Local\Temp\nsf38BE.tmp --------- 0
01.04.2011 19:49 C:\Users\NAME~1\AppData\Local\Temp\jusched.log --------- 950
01.04.2011 19:49 C:\Users\NAME~1\AppData\Local\Temp\jre_setup.log --------- 22774
01.04.2011 19:49 C:\Users\NAME~1\AppData\Local\Temp\java_install.log --------- 28427
01.04.2011 19:48 C:\Users\NAME~1\AppData\Local\Temp\jinstall.cfg --------- 923
31.03.2011 22:40 C:\Users\NAME~1\AppData\Local\Temp\moz-screenshot.png --------- 62924
30.03.2011 07:33 C:\Users\NAME~1\AppData\Local\Temp\AmazonMP3AlbumArt.png --------- 8066
30.03.2011 07:33 C:\Users\NAME~1\AppData\Local\Temp\AmazonMP3Logo.png --------- 1689
22.03.2011 20:01 C:\Users\NAME~1\AppData\Local\Temp\SecurityScan_Release.exe --------- 3598224
21.03.2011 16:32 C:\Users\NAME~1\AppData\Local\Temp\JET5.tmp --------- 0
21.03.2011 16:21 C:\Users\NAME~1\AppData\Local\Temp\JET4.tmp --------- 0
21.03.2011 16:21 C:\Users\NAME~1\AppData\Local\Temp\JET3.tmp --------- 0
21.03.2011 16:20 C:\Users\NAME~1\AppData\Local\Temp\JET2.tmp --------- 0
21.03.2011 10:27 C:\Users\NAME~1\AppData\Local\Temp\DMI904E.tmp --------- 0
21.03.2011 10:11 C:\Users\NAME~1\AppData\Local\Temp\DMI97EB.tmp --------- 0
21.03.2011 09:31 C:\Users\NAME~1\AppData\Local\Temp\History --------- 0
21.03.2011 09:31 C:\Users\NAME~1\AppData\Local\Temp\Cookies --------- 0
21.03.2011 09:31 C:\Users\NAME~1\AppData\Local\Temp\Temporary Internet Files --------- 0
21.03.2011 09:31 C:\Users\NAME~1\AppData\Local\Temp\Adobe --------- 0
21.03.2011 09:26 C:\Users\NAME~1\AppData\Local\Temp\{31ECA612-6A14-4FDF-9F66-2190809E92BB} --------- 0
21.03.2011 09:26 C:\Users\NAME~1\AppData\Local\Temp\{CE289FCF-B3CB-44FE-9007-C24849C15D65} --------- 0
21.03.2011 09:26 C:\Users\NAME~1\AppData\Local\Temp\{4a157098-9b0e-4758-8e4b-e6a572d42812} --------- 0
21.03.2011 09:25 C:\Users\NAME~1\AppData\Local\Temp\{750F51CA-88AC-497C-BB05-3697CB52C49F} --------- 0
21.03.2011 09:25 C:\Users\NAME~1\AppData\Local\Temp\{2BC81570-EE42-437C-BE7F-FC33F107933F} --------- 0
21.03.2011 09:22 C:\Users\NAME~1\AppData\Local\Temp\DMIEEC1.tmp --------- 0
21.03.2011 09:22 C:\Users\NAME~1\AppData\Local\Temp\DMI9DA5.tmp --------- 0
21.03.2011 09:21 C:\Users\NAME~1\AppData\Local\Temp\DMIA5B0.tmp --------- 0
21.03.2011 09:18 C:\Users\NAME~1\AppData\Local\Temp\{E4295926-6867-458A-B259-F95693ABF779} --------- 0
21.03.2011 09:16 C:\Users\NAME~1\AppData\Local\Temp\{2C670D69-B540-47A0-A5A0-1A82D1266D14} --------- 0
21.03.2011 09:12 C:\Users\NAME~1\AppData\Local\Temp\DMIB07A.tmp --------- 0
18.03.2011 20:49 C:\Users\NAME~1\AppData\Local\Temp\nsmail.pdf --------- 68578
18.03.2011 20:11 C:\Users\NAME~1\AppData\Local\Temp\AdobeSFX.log --------- 2018
18.03.2011 20:07 C:\Users\NAME~1\AppData\Local\Temp\Twunk002.MTX --------- 0
18.03.2011 19:56 C:\Users\NAME~1\AppData\Local\Temp\{61D23D99-3398-414E-974E-EBAE498BB298}bridge.ico --------- 42014
18.03.2011 19:56 C:\Users\NAME~1\AppData\Local\Temp\{193F8A7B-1853-48D5-88AC-19446C2C1D13}estk_ribs_bgd.png --------- 93314
18.03.2011 19:56 C:\Users\NAME~1\AppData\Local\Temp\{8F4BCEE1-1F4E-445F-B155-7C9A1CDBAF9F}background.png --------- 57708
18.03.2011 19:56 C:\Users\NAME~1\AppData\Local\Temp\{8F4BCEE1-1F4E-445F-B155-7C9A1CDBAF9F}PS_AppIcon.ico --------- 41582
18.03.2011 19:33 C:\Users\NAME~1\AppData\Local\Temp\tmp4124.tmp --------- 0
17.03.2011 23:36 C:\Users\NAME~1\AppData\Local\Temp\4a1d5025-db4a-490d-a7cd-3007c5abd064 --------- 0
17.03.2011 23:26 C:\Users\NAME~1\AppData\Local\Temp\6bf42878-b9fe-490c-b6ca-c742df2feeaf --------- 0
17.03.2011 23:23 C:\Users\NAME~1\AppData\Local\Temp\d7a32cc5-a54a-42c1-a636-4c9fca65f582 --------- 0
17.03.2011 23:23 C:\Users\NAME~1\AppData\Local\Temp\KiesInstall.Log --------- 13685
17.03.2011 23:22 C:\Users\NAME~1\AppData\Local\Temp\DMI6AA6.tmp --------- 0
17.03.2011 23:22 C:\Users\NAME~1\AppData\Local\Temp\SAMSUNG --------- 0
17.03.2011 23:21 C:\Users\NAME~1\AppData\Local\Temp\MarkAny --------- 0
17.03.2011 23:12 C:\Users\NAME~1\AppData\Local\Temp\ICA10692.log.xml --------- 177302
17.03.2011 23:12 C:\Users\NAME~1\AppData\Local\Temp\ICA10692.log --------- 18853054
17.03.2011 23:11 C:\Users\NAME~1\AppData\Local\Temp\msohtmlclip --------- 0
17.03.2011 23:00 C:\Users\NAME~1\AppData\Local\Temp\dd_vcredistUI2272.txt --------- 12542
17.03.2011 23:00 C:\Users\NAME~1\AppData\Local\Temp\dd_vcredistMSI2272.txt --------- 409664
17.03.2011 22:51 C:\Users\NAME~1\AppData\Local\Temp\Nero Setup (110317 210755).log --------- 1089898
17.03.2011 22:44 C:\Users\NAME~1\AppData\Local\Temp\dd_vcredistMSI1599.txt --------- 4158
17.03.2011 22:44 C:\Users\NAME~1\AppData\Local\Temp\outlook logging --------- 0
17.03.2011 22:43 C:\Users\NAME~1\AppData\Local\Temp\dd_vcredistUI1599.txt --------- 12500
17.03.2011 22:07 C:\Users\NAME~1\AppData\Local\Temp\nro.log --------- 0
17.03.2011 21:56 C:\Users\NAME~1\AppData\Local\Temp\NAME Gehm.bmp --------- 31832
17.03.2011 21:43 C:\Users\NAME~1\AppData\Local\Temp\SetupExe(201103172027528A0).log --------- 133737
17.03.2011 20:20 C:\Users\NAME~1\AppData\Local\Temp\Low --------- 0
17.03.2011 20:18 C:\Users\NAME~1\AppData\Local\Temp\StructuredQuery.log --------- 707
17.03.2011 20:18 C:\Users\NAME~1\AppData\Local\Temp\MSI447e9.LOG --------- 842
17.03.2011 18:49 C:\Users\NAME~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
14.10.2010 17:33 C:\Users\NAME~1\AppData\Local\Temp\syncappw.exe --------- 103424
14.10.2010 17:33 C:\Users\NAME~1\AppData\Local\Temp\syncapp.dll --------- 6384640
14.10.2010 16:31 C:\Users\NAME~1\AppData\Local\Temp\SyncHook.dll --------- 42496
14.07.2009 03:14 C:\Users\NAME~1\AppData\Local\Temp\err.log6067627 --------- 47104
14.07.2009 03:14 C:\Users\NAME~1\AppData\Local\Temp\xscwoamner.exe --------- 47104
29.11.2007 19:05 C:\Users\NAME~1\AppData\Local\Temp\Uninst.exe --------- 501024
31.10.2006 01:00 C:\Users\NAME~1\AppData\Local\Temp\ose00000.exe --------- 145184
----------------------------------------
C:\Program Files
19.04.2011 09:02 C:\Program Files\Internet Explorer --------- 4096
30.03.2011 07:28 C:\Program Files\WinRAR --------- 4096
21.03.2011 09:21 C:\Program Files\Common Files --------- 4096
17.03.2011 21:38 C:\Program Files\Microsoft Office --------- 0
17.03.2011 21:23 C:\Program Files\Microsoft IntelliPoint --------- 8192
17.03.2011 21:13 C:\Program Files\Windows Mail --------- 4096
17.03.2011 21:13 C:\Program Files\Windows Media Player --------- 4096
17.03.2011 20:35 C:\Program Files\NVIDIA Corporation --------- 0
17.03.2011 18:49 C:\Program Files\Windows NT --------- 4096
17.03.2011 18:49 C:\Program Files\Gemeinsame Dateien --------- 0
14.07.2009 20:18 C:\Program Files\DVD Maker --------- 0
14.07.2009 20:18 C:\Program Files\Windows Journal --------- 0
14.07.2009 19:58 C:\Program Files\Windows Sidebar --------- 4096
14.07.2009 19:58 C:\Program Files\Windows Photo Viewer --------- 0
14.07.2009 19:58 C:\Program Files\Windows Defender --------- 4096
14.07.2009 07:32 C:\Program Files\Windows Portable Devices --------- 0
14.07.2009 07:32 C:\Program Files\MSBuild --------- 0
14.07.2009 07:32 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 07:09 C:\Program Files\Uninstall Information --------- 0
14.07.2009 06:54 C:\Program Files\desktop.ini --------- 174
----------------------------------------
C:\ProgramData\..
NAME
Default
Public
Default User
All Users
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 304 K
smss.exe 244 Services 0 108 K
csrss.exe 344 Services 0 1.300 K
wininit.exe 408 Services 0 200 K
csrss.exe 428 Console 1 42.016 K
services.exe 472 Services 0 4.648 K
lsass.exe 492 Services 0 4.484 K
lsm.exe 500 Services 0 1.792 K
winlogon.exe 536 Console 1 2.252 K
svchost.exe 656 Services 0 4.248 K
nvvsvc.exe 752 Services 0 976 K
svchost.exe 792 Services 0 5.360 K
svchost.exe 888 Services 0 12.808 K
svchost.exe 932 Services 0 74.316 K
svchost.exe 972 Services 0 20.648 K
svchost.exe 416 Services 0 11.704 K
svchost.exe 960 Services 0 7.496 K
nvvsvc.exe 1124 Console 1 1.908 K
spoolsv.exe 1172 Services 0 4.116 K
sched.exe 1208 Services 0 2.540 K
svchost.exe 1228 Services 0 11.940 K
aavus.exe 1360 Services 0 200 K
avguard.exe 1436 Services 0 3.600 K
taskhost.exe 1464 Console 1 4.380 K
mDNSResponder.exe 1496 Services 0 2.116 K
bratimer.exe 1528 Services 0 1.004 K
svchost.exe 1576 Services 0 11.088 K
mdm.exe 1628 Services 0 1.632 K
NBService.exe 1676 Services 0 1.412 K
avshadow.exe 1740 Services 0 200 K
conhost.exe 1756 Services 0 164 K
PsiService_2.exe 1872 Services 0 164 K
sp_rsser.exe 1908 Services 0 7.828 K
svchost.exe 1984 Services 0 1.996 K
dwm.exe 2252 Console 1 19.168 K
explorer.exe 2280 Console 1 40.524 K
ipoint.exe 2540 Console 1 6.424 K
KiesTrayAgent.exe 2600 Console 1 2.992 K
sidebar.exe 2652 Console 1 19.180 K
SpywareTerminatorUpdate.e 2784 Console 1 6.300 K
GoogleCalendarSync.exe 2852 Console 1 2.112 K
SearchIndexer.exe 3008 Services 0 60.740 K
avgnt.exe 2640 Console 1 3.396 K
fpassist.exe 3024 Console 1 1.236 K
SpywareTerminatorShield.E 3120 Console 1 2.712 K
wmpnetwk.exe 3532 Services 0 9.904 K
mobsync.exe 3856 Console 1 6.080 K
PresentationFontCache.exe 3904 Services 0 1.404 K
firefox.exe 684 Console 1 98.404 K
splwow64.exe 3288 Console 1 356 K
svchost.exe 1260 Services 0 16.140 K
SearchProtocolHost.exe 2704 Services 0 5.992 K
notepad.exe 588 Console 1 3.868 K
HijackThis.exe 940 Console 1 7.896 K
notepad.exe 4020 Console 1 3.872 K
audiodg.exe 884 Services 0 15.648 K
SearchFilterHost.exe 3948 Services 0 8.064 K
cmd.exe 3864 Console 1 3.656 K
conhost.exe 1416 Console 1 5.848 K
dllhost.exe 2668 Console 1 6.000 K
tasklist.exe 3640 Console 1 5.632 K
WmiPrvSE.exe 2388 Services 0 6.248 K
***** Ende des Scans 21.04.2011 um 19:25:56,01 ***
5. Ccleaner Code:
ATTFilter 7-Zip 9.20 20.03.2011
AAVUpdateManager Akademische Arbeitsgemeinschaft 18.04.2011 18,5MB 15.00.0000
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.03.2011 6,00MB 10.2.152.32
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.04.2011 6,00MB 10.2.159.1
Adobe Photoshop CS3 Adobe Systems Incorporated 17.03.2011 1.085MB 10.0
Adobe Reader X (10.0.1) - Deutsch Adobe Systems Incorporated 17.03.2011 115,9MB 10.0.1
Allway Sync 'n' Go version 10.5.8 Botkind Inc 10.04.2011 16,0MB
Amazon MP3-Downloader 1.0.9 29.03.2011
Avira AntiVir Personal - Free Antivirus Avira GmbH 16.03.2011 67,7MB 10.0.0.635
BRAdmin Professional 3 Brother 20.03.2011 3.41.0004
Canon Inkjet Printer Driver Add-On Module 20.03.2011
CCleaner Piriform 20.04.2011 3.05
Corel Graphics - Windows Shell Extension Corel Corporation 10.04.2011 2,93MB 15.0.0.487
CorelDRAW(R) Graphics Suite X5 Corel Corporation 10.04.2011 920MB 15.0.0.486
ElsterFormular für Unternehmer Landesfinanzdirektion Thüringen 10.04.2011 12.1.1.6214u
FreePDF (Remove only) 20.03.2011
Fronius Solar.access 1.21.00 Fronius International 20.03.2011 33,9MB 1.21.00
Google Calendar Sync 20.03.2011
GPL Ghostscript 9.01 20.03.2011
InfoBibliothek 2 Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH 18.04.2011 12,6MB 1.08.03.00
IrfanView (remove only) Irfan Skiljan 17.03.2011 1,50MB 4.28
Java(TM) 6 Update 15 Sun Microsystems, Inc. 31.03.2011 95,0MB 6.0.150
Malwarebytes' Anti-Malware Malwarebytes Corporation 20.04.2011 10,5MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 17.03.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 17.03.2011 2,94MB 4.0.30319
Microsoft IntelliPoint 8.0 Microsoft 16.03.2011 38,0MB 8.0.225.0
Microsoft Office Enterprise 2007 Microsoft Corporation 16.03.2011 12.0.4518.1014
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.04.2011 0,34MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10.04.2011 0,24MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.03.2011 0,58MB 9.0.30729.4148
Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 10.04.2011 211MB 9.0.30729
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Corporation 10.04.2011 96,0MB 9.0.30729
Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Corporation 10.04.2011 0,15MB 9.0.30729
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft Corporation 10.04.2011 0,22MB 9.0.30729
Mozilla Firefox (3.6.16) Mozilla 03.04.2011 3.6.16 (de)
Mozilla Thunderbird (3.1.9) Mozilla 16.03.2011 3.1.9 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.03.2011 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.03.2011 1,33MB 4.20.9876.0
Nero 9 Nero AG 16.03.2011
NVIDIA Display Control Panel NVIDIA Corporation 16.03.2011 6.14.12.5896
NVIDIA Drivers NVIDIA Corporation 16.03.2011 63,0MB 1.10.62.40
Opera 11.01 Opera Software ASA 16.03.2011 11.01.1190
Philips network storage wizard Philips 16.03.2011 1.2
RedMon - Redirection Port Monitor 20.03.2011
Samsung Kies Samsung Electronics Co., Ltd. 16.03.2011 168,2MB 2.0.0.11011_16
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 16.03.2011 31,7MB 1.3.1800.0
Spyware Terminator Crawler Inc. 20.04.2011 2.8.2.192
Steuer-Spar-Erklärung Plus 2011 Akademische Arbeitsgemeinschaft Verlag 18.04.2011 347MB 16.02
VLC media player 1.1.8 VideoLAN 04.04.2011 1.1.8
WinRAR 4.00 (64-Bit) win.rar GmbH 29.03.2011 4.00.0
So das war jetzt alles. Nun noch ein kurzes Stoßgebet in den Äther  Schon mal viiiielen Dank vorneweg an die Leute, die das alles lesen und noch mehr, sogar verstehen  LG LuckyLuke |
|
21.04.2011, 19:31
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.mekml.1 meldet Kritischen Fehler der FestplatteZitat:
Besorg dir eine Originalversion und setz sauber neu auf.
__________________ |
|
21.04.2011, 19:34
| #3 |
| | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Ist kein gecracktes Windows
__________________ |
|
21.04.2011, 19:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Klar deswegen hast du ja auch ein removeWGA da drin 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.04.2011, 23:05
| #5 |
| | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Glaub es oder lass es. Ist eine Original-Windows-Version. |
|
22.04.2011, 11:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Ok, ich glaub es. RemoveWGA werkelt nur auf WinXP. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ --> TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte |
|
24.04.2011, 10:53
| #7 |
| | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Hallo Cosinus, danke, dass Du mir endlich abgenommen hast, dass es eine Original-Windows-Version ist  Außer dem bereits geposteten log unter Malwarebytes ist nix mehr drin. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6412
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.04.2011 18:46:14
mbam-log-2011-04-21 (18-46-14).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Durchsuchte Objekte: 1126107
Laufzeit: 1 Stunde(n), 38 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
Infizierte Speicherprozesse:
c:\programdata\dlunqaybbo.exe (Trojan.Agent) -> 2680 -> Failed to unload process.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dlUnqaYBbo (Trojan.Agent) -> Value: dlUnqaYBbo -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\dlunqaybbo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\43966216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Local\Temp\err.log6067518 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Local\Temp\tmpD106.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\NAME\AppData\Roaming\Adobe\plugs\kb6069530.exe (Trojan.Agent) -> Quarantined and deleted successfully.
f:\neuer ordner\removewga12.exe (PUP.RemoveWGA) -> Not selected for removal.
Der Fehler hat sich aber nach den ganzen Maßnahmen nicht mehr gezeigt. Aber: - immer noch schwarzer Hintergrundbildschirm, keine Änderung möglich - bekomme alle Mails in Thunderbird doppelt, dreifach, vierfach........  Das Löschen nervt doch ziemlichVielleicht gibts ja Abhilfe  |
|
25.04.2011, 13:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 08:44
| #9 |
| | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Hier die Log-Files OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2011 09:28:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\NAME\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 37,17 Gb Total Space | 0,56 Gb Free Space | 1,51% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 240,22 Gb Free Space | 98,39% Space Free | Partition Type: NTFS Drive E: | 372,61 Gb Total Space | 91,49 Gb Free Space | 24,55% Space Free | Partition Type: NTFS Drive F: | 221,61 Gb Total Space | 32,71 Gb Free Space | 14,76% Space Free | Partition Type: NTFS Drive H: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 698,63 Gb Total Space | 692,59 Gb Free Space | 99,13% Space Free | Partition Type: NTFS Computer Name: THOMASGEHM-PC | User Name: NAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\NAME\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe () PRC - D:\Program Files (x86)\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Modules (SafeList) ========== MOD - C:\Users\NAME\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (sp_rssrv) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BRA_Scheduler) -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 73 23 B5 C3 E4 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.04 07:08:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.04 07:08:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.17 21:47:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.17 21:47:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\NAME\AppData\Roaming\mozilla\Extensions [2011.03.17 21:47:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\NAME\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.25 14:15:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\NAME\AppData\Roaming\mozilla\Firefox\Profiles\bup4muik.default\extensions [2011.04.21 08:54:15 | 000,000,000 | -H-D | M] (NoScript) -- C:\Users\NAME\AppData\Roaming\mozilla\Firefox\Profiles\bup4muik.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.04.21 08:54:14 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\NAME\AppData\Roaming\mozilla\Firefox\Profiles\bup4muik.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.21 14:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.03 20:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.03 20:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.03 20:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.03 20:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.03 20:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk D:\ O32 - AutoRun File - [2009.04.29 11:02:01 | 000,000,055 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.26 09:27:19 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe [2011.04.24 12:19:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2011.04.21 19:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.21 19:32:15 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.21 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\NAME\AppData\Roaming\Malwarebytes [2011.04.21 17:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.21 17:01:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.21 17:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 17:01:24 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.21 08:32:52 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\Spyware Terminator [2011.04.21 08:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator [2011.04.21 08:32:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spyware Terminator [2011.04.21 08:32:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Spyware Terminator [2011.04.20 11:03:30 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.19 12:02:16 | 000,036,352 | R--- | C] (Visioneer Inc) -- C:\Windows\SysWow64\FBCtrl.cpl [2011.04.19 12:02:15 | 000,000,000 | -H-D | C] -- C:\ScanSoft [2011.04.19 11:51:03 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2011.04.19 11:08:46 | 000,000,000 | -H-D | C] -- C:\Users\NAME\Documents\Steuerfälle [2011.04.19 11:08:46 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Local\AAV [2011.04.19 11:06:35 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\AAV [2011.04.19 11:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfoBibliothek 2 [2011.04.19 11:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps [2011.04.19 11:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft [2011.04.19 10:59:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\AAV [2011.04.18 10:52:21 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.18 10:52:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.18 10:52:17 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.18 10:52:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.18 10:52:17 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.18 10:52:13 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.18 10:52:12 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.18 10:52:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.18 10:52:11 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.18 10:52:07 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.18 10:52:07 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.18 10:52:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.18 10:52:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.18 10:51:43 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.18 10:51:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.18 10:51:42 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.18 10:51:42 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.18 10:51:42 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.18 10:51:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.18 10:51:42 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.18 10:51:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.18 10:51:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.18 10:51:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.18 10:51:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.18 10:51:40 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.18 10:51:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.18 10:51:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.18 10:51:28 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.18 10:51:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.18 10:51:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.18 10:51:23 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.18 10:51:23 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.18 10:51:23 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.18 10:51:23 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.18 10:51:23 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.18 10:51:23 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.18 10:51:23 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.18 10:51:20 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.11 17:54:59 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\elsterformular [2011.04.11 17:47:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\elsterformular [2011.04.11 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2011.04.11 17:30:44 | 004,136,656 | -H-- | C] (Botkind Inc ) -- C:\Users\NAME\Desktop\allwaysync-n-go-10-5-8.exe [2011.04.11 16:38:42 | 000,000,000 | -H-D | C] -- C:\Users\NAME\Documents\Meine Paletten [2011.04.11 16:36:14 | 000,000,000 | -H-D | C] -- C:\Users\NAME\Documents\Corel [2011.04.11 16:35:50 | 000,000,000 | -H-D | C] -- C:\Users\NAME\Documents\Visual Studio 2008 [2011.04.11 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011.04.11 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2011.04.11 16:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2011.04.11 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis [2011.04.11 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 [2011.04.11 16:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2011.04.05 16:09:28 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\vlc [2011.04.05 16:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.04.05 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.04.04 15:29:53 | 000,000,000 | -H-D | C] -- C:\Users\NAME\Documents\Corel User Files [2011.04.01 19:52:01 | 000,000,000 | -H-D | C] -- C:\Users\NAME\Application Data [2011.04.01 19:49:53 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader [2011.04.01 19:49:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2011.04.01 19:49:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.04.01 19:49:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.04.01 19:49:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.04.01 19:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.03.30 07:33:17 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\Amazon [2011.03.30 07:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.03.30 07:28:47 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\WinRAR [2011.03.30 07:28:47 | 000,000,000 | -H-D | C] -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.30 07:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.30 07:28:41 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR ========== Files - Modified Within 30 Days ========== [2011.04.26 09:31:56 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 09:31:56 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 09:30:13 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.26 09:30:13 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.26 09:30:13 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.26 09:30:13 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.26 09:30:13 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.26 09:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 09:24:31 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 19:32:19 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.21 15:06:11 | 000,002,097 | -H-- | M] () -- C:\Users\NAME\Desktop\hjtscanlist.zip [2011.04.21 09:14:26 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~43966216 [2011.04.21 09:14:26 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43966216r [2011.04.21 09:14:16 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43966216 [2011.04.21 09:11:59 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe [2011.04.21 08:21:15 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~44490504 [2011.04.21 08:21:15 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44490504r [2011.04.21 08:21:09 | 000,000,336 | -H-- | M] () -- C:\ProgramData\44490504 [2011.04.21 07:31:54 | 000,003,560 | -H-- | M] () -- C:\bootsqm.dat [2011.04.20 11:03:32 | 000,000,640 | -H-- | M] () -- C:\Users\NAME\Desktop\Windows Recovery.lnk [2011.04.20 11:03:31 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~45276936 [2011.04.20 11:03:31 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~45276936r [2011.04.20 11:03:25 | 000,000,344 | -H-- | M] () -- C:\ProgramData\45276936 [2011.04.19 12:02:16 | 000,000,135 | ---- | M] () -- C:\Windows\FBDirect.INI [2011.04.19 12:02:08 | 000,000,172 | -H-- | M] () -- C:\Users\NAME\AppData\Roaming\default.rss [2011.04.19 11:06:41 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\Steuertipps - Der SteuerBerater.LNK [2011.04.19 09:03:38 | 002,362,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.11 17:47:38 | 000,000,485 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2011.04.11 17:30:46 | 004,136,656 | -H-- | M] (Botkind Inc ) -- C:\Users\NAME\Desktop\allwaysync-n-go-10-5-8.exe [2011.04.11 16:15:10 | 000,003,452 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011.04.11 16:15:07 | 000,000,088 | RHS- | M] () -- C:\ProgramData\C1D1835D8C.sys [2011.04.01 19:49:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2011.04.01 19:49:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.04.01 19:49:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.04.01 19:49:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe ========== Files Created - No Company Name ========== [2011.04.21 19:32:19 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.21 19:25:20 | 000,030,259 | ---- | C] () -- C:\Users\NAME\Desktop\hjtscanlist.bat [2011.04.21 19:25:16 | 000,002,097 | -H-- | C] () -- C:\Users\NAME\Desktop\hjtscanlist.zip [2011.04.21 09:14:26 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~43966216 [2011.04.21 09:14:26 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43966216r [2011.04.21 09:14:16 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43966216 [2011.04.21 08:21:15 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~44490504 [2011.04.21 08:21:15 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44490504r [2011.04.21 08:21:09 | 000,000,336 | -H-- | C] () -- C:\ProgramData\44490504 [2011.04.21 07:31:54 | 000,003,560 | -H-- | C] () -- C:\bootsqm.dat [2011.04.20 11:03:32 | 000,000,640 | -H-- | C] () -- C:\Users\NAME\Desktop\Windows Recovery.lnk [2011.04.20 11:03:31 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45276936r [2011.04.20 11:03:30 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~45276936 [2011.04.20 11:03:25 | 000,000,344 | -H-- | C] () -- C:\ProgramData\45276936 [2011.04.19 12:02:16 | 000,025,088 | R--- | C] () -- C:\Windows\SysWow64\CloseOT.exe [2011.04.19 12:02:16 | 000,000,135 | ---- | C] () -- C:\Windows\FBDirect.INI [2011.04.19 11:06:41 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\Steuertipps - Der SteuerBerater.LNK [2011.04.11 17:47:38 | 000,000,485 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2011.03.21 10:34:05 | 000,000,172 | -H-- | C] () -- C:\Users\NAME\AppData\Roaming\default.rss [2011.03.21 10:20:50 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C1D1835D8C.sys [2011.03.21 10:20:49 | 000,003,452 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.03.21 09:52:18 | 000,000,159 | -H-- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.03.17 22:32:15 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > und hier das zweite log-File OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2011 09:28:20 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\NAME\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37,17 Gb Total Space | 0,56 Gb Free Space | 1,51% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 240,22 Gb Free Space | 98,39% Space Free | Partition Type: NTFS
Drive E: | 372,61 Gb Total Space | 91,49 Gb Free Space | 24,55% Space Free | Partition Type: NTFS
Drive F: | 221,61 Gb Total Space | 32,71 Gb Free Space | 14,76% Space Free | Partition Type: NTFS
Drive H: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 698,63 Gb Total Space | 692,59 Gb Free Space | 99,13% Space Free | Partition Type: NTFS
Computer Name: THOMASGEHM-PC | User Name: NAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EF9059D-C5FB-4629-BD30-720A1321B231}" = Fronius Solar.access 1.21.00
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{f436d831-966f-49b5-8e3c-c1192330741a}" = Nero 9
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Allway Sync 'n' Go_is1" = Allway Sync 'n' Go version 10.5.8
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular für Unternehmer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Opera 11.01.1190" = Opera 11.01
"Philips Network Attached Storage_is1" = Philips network storage wizard
"Spyware Terminator_is1" = Spyware Terminator
"VLC media player" = VLC media player 1.1.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2011 11:59:52 | Computer Name = ThomasGehm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "J:\SoftonicDownloader_fuer_tapinradio.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 11.04.2011 11:59:53 | Computer Name = ThomasGehm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "J:\SoftonicDownloader_fuer_slimdrivers.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 19.04.2011 04:06:44 | Computer Name = ThomasGehm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 19.04.2011 05:37:40 | Computer Name = ThomasGehm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas
Gehm\Downloads\SoftonicDownloader_fuer_allway-sync.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 20.04.2011 04:59:33 | Computer Name = ThomasGehm-PC | Source = VSS | ID = 8194
Description =
Error - 21.04.2011 01:21:33 | Computer Name = ThomasGehm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Thomas
Gehm\Downloads\SoftonicDownloader_fuer_allway-sync.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 21.04.2011 01:22:04 | Computer Name = ThomasGehm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "I:\SoftonicDownloader_fuer_allway-sync.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 21.04.2011 02:32:21 | Computer Name = ThomasGehm-PC | Source = Application Hang | ID = 1002
Description = Programm 44490504.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a8c Startzeit:
01cbffec4ceb4af7 Endzeit: 77 Anwendungspfad: C:\ProgramData\44490504.exe Berichts-ID:
Error - 21.04.2011 03:09:50 | Computer Name = ThomasGehm-PC | Source = Application Hang | ID = 1002
Description = Programm 44490504.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a20 Startzeit:
01cbfff0aafcc15e Endzeit: 125 Anwendungspfad: C:\PROGRAMDATA\44490504.EXE Berichts-ID:
Error - 21.04.2011 10:02:38 | Computer Name = ThomasGehm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "I:\SoftonicDownloader_fuer_allway-sync.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
[ System Events ]
Error - 21.04.2011 09:43:43 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:45:49 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:45:49 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:45:49 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:50:49 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:50:49 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:50:49 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:52:57 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:52:57 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.04.2011 09:52:57 | Computer Name = ThomasGehm-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Ach ja, ein weiterer Fehler habe ich vergessen zu posten. Einige Dateien / Ordner werden nicht angezeigt. Erst nach Umstellung "alle sichtbar" sind sie wieder zu sehen. Allerdings hellgrau. Dieses Phänomen tritt aber nur bei der Systempartition C und einer weiteren Festplatte I auf  LG Lucky |
|
26.04.2011, 11:52
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.03.21 10:34:05 | 000,000,172 | -H-- | C] () -- C:\Users\NAME\AppData\Roaming\default.rss
[2011.03.21 10:20:50 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C1D1835D8C.sys
[2011.04.19 12:02:16 | 000,025,088 | R--- | C] () -- C:\Windows\SysWow64\CloseOT.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2009.04.29 11:02:01 | 000,000,055 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
:Files
C:\ProgramData\~*
C:\ProgramData\4*
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 11:26
| #11 |
| | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Hallo cosinus. Hab alles nach Deinen Angaben erledigt. Hier das Log-File: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Name\AppData\Roaming\default.rss moved successfully.
File C:\ProgramData\C1D1835D8C.sys not found.
File C:\Windows\SysWow64\CloseOT.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\ProgramData\~* not found.
File\Folder C:\ProgramData\4* not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Name
->Temp folder emptied: 17205 bytes
->Temporary Internet Files folder emptied: 39869 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18303984 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04272011_121739
Files\Folders moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.
C:\Users\Name\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Vielleicht wäre einen Neuinstallation doch die nervenschonendere Lösung  LG Lucky |
|
27.04.2011, 11:58
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 12:12
| #13 |
| | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Kaspersky: nix gefunden Hier log-File: Code:
ATTFilter 2011/04/27 13:09:36.0182 0968 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/27 13:09:36.0354 0968 ================================================================================
2011/04/27 13:09:36.0354 0968 SystemInfo:
2011/04/27 13:09:36.0354 0968
2011/04/27 13:09:36.0354 0968 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/27 13:09:36.0354 0968 Product type: Workstation
2011/04/27 13:09:36.0354 0968 ComputerName: NAME-PC
2011/04/27 13:09:36.0354 0968 UserName: NAME
2011/04/27 13:09:36.0354 0968 Windows directory: C:\Windows
2011/04/27 13:09:36.0354 0968 System windows directory: C:\Windows
2011/04/27 13:09:36.0354 0968 Running under WOW64
2011/04/27 13:09:36.0354 0968 Processor architecture: Intel x64
2011/04/27 13:09:36.0354 0968 Number of processors: 4
2011/04/27 13:09:36.0354 0968 Page size: 0x1000
2011/04/27 13:09:36.0354 0968 Boot type: Normal boot
2011/04/27 13:09:36.0354 0968 ================================================================================
2011/04/27 13:09:36.0650 0968 Initialize success
2011/04/27 13:09:41.0892 0284 ================================================================================
2011/04/27 13:09:41.0892 0284 Scan started
2011/04/27 13:09:41.0892 0284 Mode: Manual;
2011/04/27 13:09:41.0892 0284 ================================================================================
2011/04/27 13:09:42.0360 0284 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/27 13:09:42.0407 0284 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/27 13:09:42.0438 0284 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/27 13:09:42.0469 0284 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/27 13:09:42.0516 0284 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/27 13:09:42.0531 0284 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/27 13:09:42.0594 0284 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/27 13:09:42.0609 0284 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/27 13:09:42.0656 0284 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/27 13:09:42.0672 0284 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/27 13:09:42.0703 0284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/27 13:09:42.0719 0284 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/27 13:09:42.0750 0284 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/27 13:09:42.0781 0284 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/27 13:09:42.0812 0284 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/27 13:09:42.0859 0284 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/27 13:09:42.0906 0284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/27 13:09:42.0921 0284 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/27 13:09:42.0953 0284 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/27 13:09:42.0984 0284 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/27 13:09:43.0031 0284 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/27 13:09:43.0046 0284 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/27 13:09:43.0093 0284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/27 13:09:43.0155 0284 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/27 13:09:43.0202 0284 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/27 13:09:43.0249 0284 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/27 13:09:43.0296 0284 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/27 13:09:43.0327 0284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/27 13:09:43.0358 0284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/27 13:09:43.0405 0284 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/27 13:09:43.0421 0284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/27 13:09:43.0452 0284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/27 13:09:43.0483 0284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/27 13:09:43.0514 0284 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/27 13:09:43.0561 0284 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/27 13:09:43.0592 0284 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/27 13:09:43.0623 0284 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/27 13:09:43.0655 0284 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/27 13:09:43.0717 0284 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/27 13:09:43.0748 0284 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/27 13:09:43.0779 0284 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/27 13:09:43.0811 0284 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/27 13:09:43.0842 0284 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/27 13:09:43.0873 0284 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/27 13:09:43.0920 0284 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/27 13:09:43.0967 0284 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
2011/04/27 13:09:44.0013 0284 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/27 13:09:44.0060 0284 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/27 13:09:44.0076 0284 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/27 13:09:44.0138 0284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/27 13:09:44.0169 0284 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/27 13:09:44.0279 0284 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/27 13:09:44.0388 0284 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/27 13:09:44.0419 0284 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/27 13:09:44.0466 0284 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/27 13:09:44.0497 0284 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/27 13:09:44.0528 0284 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/27 13:09:44.0575 0284 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/27 13:09:44.0606 0284 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/27 13:09:44.0637 0284 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/27 13:09:44.0669 0284 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/27 13:09:44.0715 0284 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/27 13:09:44.0731 0284 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/27 13:09:44.0778 0284 FTDIBUS (7442bca60ed46cc31c2f39728bbdd9ad) C:\Windows\system32\drivers\ftdibus.sys
2011/04/27 13:09:44.0809 0284 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/27 13:09:44.0840 0284 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/27 13:09:44.0871 0284 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/27 13:09:44.0918 0284 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/27 13:09:44.0949 0284 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/27 13:09:44.0981 0284 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/27 13:09:45.0012 0284 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/27 13:09:45.0043 0284 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/27 13:09:45.0090 0284 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/27 13:09:45.0137 0284 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/27 13:09:45.0168 0284 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/27 13:09:45.0215 0284 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/27 13:09:45.0230 0284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/27 13:09:45.0277 0284 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/27 13:09:45.0308 0284 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/27 13:09:45.0339 0284 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/27 13:09:45.0371 0284 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/27 13:09:45.0417 0284 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/27 13:09:45.0449 0284 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/27 13:09:45.0480 0284 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/27 13:09:45.0511 0284 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/27 13:09:45.0527 0284 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/27 13:09:45.0558 0284 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/27 13:09:45.0589 0284 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/27 13:09:45.0620 0284 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/27 13:09:45.0651 0284 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/27 13:09:45.0683 0284 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/27 13:09:45.0698 0284 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/27 13:09:45.0761 0284 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/27 13:09:45.0963 0284 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/27 13:09:46.0026 0284 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/27 13:09:46.0057 0284 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/27 13:09:46.0088 0284 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/27 13:09:46.0119 0284 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/27 13:09:46.0166 0284 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/27 13:09:46.0197 0284 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/27 13:09:46.0229 0284 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/27 13:09:46.0260 0284 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/27 13:09:46.0291 0284 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/27 13:09:46.0322 0284 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/27 13:09:46.0353 0284 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/27 13:09:46.0385 0284 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/27 13:09:46.0400 0284 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/27 13:09:46.0447 0284 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/27 13:09:46.0478 0284 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/27 13:09:46.0494 0284 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/27 13:09:46.0525 0284 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/27 13:09:46.0556 0284 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/27 13:09:46.0587 0284 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/27 13:09:46.0634 0284 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/27 13:09:46.0665 0284 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/27 13:09:46.0697 0284 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/27 13:09:46.0743 0284 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/27 13:09:46.0775 0284 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/27 13:09:46.0806 0284 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/27 13:09:46.0837 0284 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/27 13:09:46.0884 0284 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/27 13:09:46.0915 0284 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/27 13:09:46.0946 0284 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/27 13:09:46.0977 0284 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/27 13:09:47.0024 0284 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/27 13:09:47.0071 0284 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/27 13:09:47.0118 0284 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/27 13:09:47.0133 0284 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/27 13:09:47.0165 0284 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/27 13:09:47.0211 0284 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/27 13:09:47.0227 0284 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/27 13:09:47.0258 0284 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/27 13:09:47.0305 0284 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/27 13:09:47.0352 0284 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/27 13:09:47.0399 0284 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/27 13:09:47.0430 0284 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/27 13:09:47.0492 0284 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/27 13:09:47.0539 0284 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/04/27 13:09:47.0586 0284 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/27 13:09:47.0851 0284 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/27 13:09:48.0101 0284 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/27 13:09:48.0132 0284 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/27 13:09:48.0163 0284 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/27 13:09:48.0194 0284 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/27 13:09:48.0257 0284 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/27 13:09:48.0288 0284 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/27 13:09:48.0319 0284 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/27 13:09:48.0350 0284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/27 13:09:48.0381 0284 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/27 13:09:48.0413 0284 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/27 13:09:48.0444 0284 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/27 13:09:48.0553 0284 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/04/27 13:09:48.0615 0284 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/27 13:09:48.0631 0284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/27 13:09:48.0678 0284 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/27 13:09:48.0740 0284 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/27 13:09:48.0787 0284 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/27 13:09:48.0834 0284 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/27 13:09:48.0865 0284 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/27 13:09:48.0896 0284 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/27 13:09:48.0943 0284 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/27 13:09:48.0974 0284 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/27 13:09:49.0005 0284 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/27 13:09:49.0052 0284 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/27 13:09:49.0083 0284 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/27 13:09:49.0115 0284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/27 13:09:49.0161 0284 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/27 13:09:49.0177 0284 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/27 13:09:49.0208 0284 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/27 13:09:49.0239 0284 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/27 13:09:49.0271 0284 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/27 13:09:49.0333 0284 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/27 13:09:49.0364 0284 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/27 13:09:49.0395 0284 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/27 13:09:49.0427 0284 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/27 13:09:49.0458 0284 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/27 13:09:49.0520 0284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/27 13:09:49.0567 0284 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/27 13:09:49.0598 0284 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/27 13:09:49.0629 0284 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/27 13:09:49.0692 0284 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/27 13:09:49.0707 0284 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/27 13:09:49.0739 0284 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/27 13:09:49.0770 0284 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/27 13:09:49.0817 0284 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/27 13:09:49.0848 0284 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/27 13:09:49.0879 0284 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/27 13:09:49.0941 0284 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/27 13:09:50.0004 0284 sp_rsdrv2 (a340abc480c43c30cabc943e78ac631e) C:\Windows\system32\DRIVERS\stflt.sys
2011/04/27 13:09:50.0051 0284 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/27 13:09:50.0097 0284 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/27 13:09:50.0129 0284 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/27 13:09:50.0160 0284 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/04/27 13:09:50.0191 0284 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/04/27 13:09:50.0222 0284 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/04/27 13:09:50.0253 0284 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/04/27 13:09:50.0269 0284 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/04/27 13:09:50.0300 0284 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/04/27 13:09:50.0347 0284 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/27 13:09:50.0378 0284 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/27 13:09:50.0425 0284 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/27 13:09:50.0441 0284 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/27 13:09:50.0550 0284 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/27 13:09:50.0643 0284 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/27 13:09:50.0690 0284 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/27 13:09:50.0721 0284 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/27 13:09:50.0753 0284 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/27 13:09:50.0784 0284 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/27 13:09:50.0815 0284 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/27 13:09:50.0846 0284 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/04/27 13:09:50.0924 0284 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/27 13:09:50.0955 0284 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/27 13:09:51.0002 0284 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/27 13:09:51.0033 0284 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/27 13:09:51.0096 0284 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/27 13:09:51.0127 0284 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/27 13:09:51.0143 0284 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/27 13:09:51.0189 0284 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/27 13:09:51.0221 0284 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/27 13:09:51.0252 0284 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/27 13:09:51.0283 0284 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/27 13:09:51.0314 0284 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/27 13:09:51.0345 0284 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/27 13:09:51.0377 0284 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/27 13:09:51.0408 0284 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/27 13:09:51.0455 0284 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/27 13:09:51.0486 0284 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/27 13:09:51.0517 0284 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/27 13:09:51.0548 0284 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/27 13:09:51.0579 0284 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/27 13:09:51.0611 0284 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/27 13:09:51.0626 0284 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/27 13:09:51.0657 0284 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/27 13:09:51.0689 0284 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/27 13:09:51.0735 0284 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/27 13:09:51.0751 0284 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/27 13:09:51.0798 0284 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/27 13:09:51.0845 0284 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/27 13:09:51.0876 0284 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/27 13:09:51.0891 0284 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/27 13:09:51.0954 0284 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/27 13:09:52.0001 0284 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/27 13:09:52.0094 0284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/27 13:09:52.0219 0284 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/27 13:09:52.0313 0284 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/27 13:09:52.0359 0284 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/27 13:09:52.0422 0284 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/27 13:09:52.0484 0284 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/27 13:09:52.0515 0284 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/27 13:09:52.0687 0284 ================================================================================
2011/04/27 13:09:52.0687 0284 Scan finished
2011/04/27 13:09:52.0687 0284 ================================================================================
Unhide starte ich jetzt mal Unhide voller Erfolg. System sieht gut aus. Auch Hintergrund lässt sich ändern (nicht dass es wichtig wäre). Mal schaun ob das mit den Emails irgendwie wieder normal läuft. Bis hierhin auf jeden Fall viiiiiiiiiiiiiiielen Dank an Cosinus. Gut das es Fachleute wie Dich gibt, die sich solchen Usern wie mir annehmen und helfen. Heute keine Selbstverständlichkeit mehr. LG Lucky Luke Geändert von LuckyLuke (27.04.2011 um 12:33 Uhr) |
|
27.04.2011, 13:21
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 14:36
| #15 |
| | TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte Hier das combofix-logfile [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-04-26.03 - NAME 27.04.2011 15:04:31.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2047.725 [GMT 2:00]
ausgeführt von:: c:\users\NAME\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAME\AppData\Roaming\Adobe\plugs
c:\users\NAME\AppData\Roaming\Adobe\shed
c:\users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
c:\users\NAME\Desktop\Windows Recovery.lnk
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
D:\autorun.inf
D:\uninstall.exe
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-27 bis 2011-04-27 ))))))))))))))))))))))))))))))
.
.
2011-04-27 13:13 . 2011-04-27 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-27 10:05 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 10:05 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-26 07:29 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD1B6B2B-44F5-4393-A140-A55512AADF43}\mpengine.dll
2011-04-24 10:19 . 2011-04-24 10:19 -------- d-----w- c:\windows\system32\appmgmt
2011-04-21 17:32 . 2011-04-21 17:32 -------- d-----w- c:\program files\CCleaner
2011-04-21 15:01 . 2011-04-21 15:01 -------- d-----w- c:\users\NAME\AppData\Roaming\Malwarebytes
2011-04-21 15:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-21 15:01 . 2011-04-21 15:01 -------- d-----w- c:\programdata\Malwarebytes
2011-04-21 15:01 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-21 06:32 . 2011-04-21 06:34 -------- d-----w- c:\users\NAME\AppData\Roaming\Spyware Terminator
2011-04-21 06:32 . 2011-04-21 06:52 -------- d-----w- c:\programdata\Spyware Terminator
2011-04-21 06:32 . 2011-04-24 10:11 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-04-19 10:02 . 2000-01-24 17:30 36352 ----a-r- c:\windows\SysWow64\FBCtrl.cpl
2011-04-19 10:02 . 2011-04-19 10:02 -------- d-----w- C:\ScanSoft
2011-04-19 09:51 . 1998-10-21 16:43 328704 ----a-w- c:\windows\IsUn0407.exe
2011-04-19 09:08 . 2011-04-19 09:08 -------- d-----w- c:\users\NAME\AppData\Local\AAV
2011-04-19 09:06 . 2011-04-19 09:06 -------- d-----w- c:\users\NAME\AppData\Roaming\AAV
2011-04-19 09:02 . 2011-04-24 10:19 -------- d-----w- c:\program files (x86)\Akademische Arbeitsgemeinschaft
2011-04-19 08:59 . 2011-04-19 09:06 -------- d-----w- c:\programdata\AAV
2011-04-11 15:54 . 2011-04-11 15:55 -------- d-----w- c:\users\NAME\AppData\Roaming\elsterformular
2011-04-11 15:47 . 2011-04-11 15:52 -------- d-----w- c:\programdata\elsterformular
2011-04-11 14:33 . 2011-04-11 14:33 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-04-11 14:33 . 2011-04-11 14:37 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2011-04-11 14:31 . 2011-04-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\Corel
2011-04-11 14:31 . 2011-04-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2011-04-11 14:08 . 2011-04-11 14:28 -------- d-----w- c:\program files (x86)\Corel
2011-04-05 14:09 . 2011-04-05 14:10 -------- d-----w- c:\users\NAME\AppData\Roaming\vlc
2011-04-05 14:08 . 2011-04-05 14:08 -------- d-----w- c:\program files (x86)\VideoLAN
2011-04-01 17:49 . 2011-04-01 17:49 411368 ----a-w- c:\windows\SysWow64\deploytk.dll
2011-04-01 17:49 . 2011-04-01 17:49 411368 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
2011-04-01 17:49 . 2011-04-01 17:49 -------- d-----w- c:\program files (x86)\Java
2011-03-30 05:33 . 2011-03-30 05:33 -------- d-----w- c:\users\NAME\AppData\Roaming\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 14:15 . 2011-03-21 08:20 3452 --sha-w- c:\programdata\KGyGaAvL.sys
2011-02-02 16:11 . 2011-03-17 17:04 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-01-05 3370296]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-04-21 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"SpywareTerminator"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-04-21 2557440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - d:\program files (x86)\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-09-15 65536]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\NAME\AppData\Roaming\Mozilla\Firefox\Profiles\bup4muik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ElsterFormular für Unternehmer 12.1.1.6214u - D:\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-27 15:28:49
ComboFix-quarantined-files.txt 2011-04-27 13:28
.
Vor Suchlauf: 2.472.050.688 Bytes frei
Nach Suchlauf: 2.683.969.536 Bytes frei
.
- - End Of File - - 6893119572C192360EED48753A7AD5F6
Funzt aber eigentlich vorher schon alles wieder. Hoffe diesen besch... Trojaner endlich erledigt zu haben. Mit Hilfe von Trojaner Board und dessen felißigen Usern  |
|
| Themen zu TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte |
| 64-bit, antivir, antivir guard, avira, bho, bonjour, browser, c:\hiberfil.sys, cache.dat, computer, cpu, desktop, desktop.ini, dnsapi.dll, failed, fehler, festplatte, firefox, flash player, google, hiberfil.sys, hijack, kazy.mekml.1, mozilla, mpsigstub.exe, neu aufgesetzt, object, plug-in, problem, prozessor, pup.removewga, recycle.bin, senden, software, spyware, spyware terminator, studio, syswow64, trojaner, twain.dll, twunk_32.exe, visual studio, win32k.sys, windows, winload.efi |
Hybrid-Darstellung
