Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert" (https://www.trojaner-board.de/112553-trojaner-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert.html)

taft 29.03.2012 10:44
Trojaner "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
 
Hallo,

seit gestern hat den Laptop meiner Freundin der Bazillus mit der Mitteilung "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert" erwischt.

Im abgesicherten Modus konnte ich noch Malwarebytes laufen lassen (log anbei; ältere logs habe ich leider nicht). Danach OTL (anbei).

Wenn Ihr mir helfen könntet, wäre das fantastisch!

Danke
taft

cosinus 29.03.2012 21:58
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


taft 02.04.2012 15:54
Hallo Arne,

anbei nun die log.txt von ESET.

Danke für die Hilfe!
taft

cosinus 02.04.2012 15:57
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

taft 02.04.2012 18:08
ad 1) Ja, der normale Modus scheint wieder zu gehen. Das Fenster mit "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert" kam nach dem MBAM-Check nicht mehr. Allerdings kam direkt danach, dass die MBAM-Testphase abgelaufen ist, obwohl sie erst 2 Tage vorher installiert wurde. Und Avira Antivir war auch plötzlich deinstalliert.

ad 2) Im Startmenü fehlt nichts.

Danke
taft

cosinus 02.04.2012 20:12
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

taft 04.04.2012 20:48
Hier die OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 04.04.2012 16:03:53 - Run 4
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\V3515\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,10 Mb Total Physical Memory | 567,72 Mb Available Physical Memory | 59,25% Memory free
1,51 Gb Paging File | 1,02 Gb Available in Paging File | 67,77% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 19,55 Gb Free Space | 34,97% Space Free | Partition Type: NTFS
 
Computer Name: HEIDESCOMPUTER | User Name: V3515 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\V3515\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
PRC - C:\Programme\Citrix\Secure Access Client\nsverctl.exe (Citrix Systems, Inc)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (nsverctl) -- C:\Programme\Citrix\Secure Access Client\nsverctl.exe (Citrix Systems, Inc)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ctxva51) -- C:\WINDOWS\system32\drivers\ctxva51.sys (Citrix Systems, Inc.)
DRV - (cag) -- C:\Programme\Gemeinsame Dateien\Deterministic Networks\Common Files\cag.sys (Citrix Systems, Inc.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (S3GIGP) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (UIUSys) -- C:\WINDOWS\system32\drivers\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.48.6: C:\Programme\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.31 20:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.28 20:15:23 | 000,000,000 | ---D | M]
 
[2010.02.12 17:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Extensions
[2012.01.25 12:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\extensions
[2011.07.05 23:09:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.25 12:49:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.14 10:54:53 | 000,002,289 | ---- | M] () -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\searchplugins\ecosia.xml
[2011.11.28 20:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\V3515\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\PISBLTMJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.31 20:52:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.17 17:24:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.31 20:52:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.31 20:52:05 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.31 20:52:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.31 20:52:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.31 20:52:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.31 20:52:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-436374069-1788223648-1177238915-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Citrix Access Gateway.lnk = C:\Programme\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259831970781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF000B4B-E31A-4BDC-A376-5EBFCBEC7654}: NameServer = 62.220.18.8 89.246.64.8
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.03 09:43:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 18:08:55 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.28 17:50:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\V3515\Desktop\OTL.exe
[2012.03.28 14:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012.03.28 14:31:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.28 14:30:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.28 14:30:38 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.03.28 14:30:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Malwarebytes
[2012.03.28 14:30:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.28 14:30:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.28 14:30:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.28 14:30:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.04 15:42:21 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\V3515\Desktop\Microsoft Word.lnk
[2012.04.04 15:42:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.04 15:40:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.04 15:40:31 | 1004,711,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 08:44:01 | 000,449,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.29 08:44:01 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.29 08:44:01 | 000,080,936 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.29 08:44:01 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.28 15:47:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\V3515\Desktop\OTL.exe
[2012.03.15 09:54:11 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.14 17:05:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 20:36:02 | 1004,711,936 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.15 14:25:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.08.30 14:16:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ct8751com.ini
[2011.07.17 17:42:55 | 000,010,606 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2011.07.17 17:39:08 | 000,202,832 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2011.07.17 17:39:08 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2011.07.11 14:48:07 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.03.12 20:15:22 | 000,311,072 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.01.30 22:00:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\AVSDVDPlayer.m3u
[2011.01.30 21:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.01.30 21:59:30 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.07.28 19:37:22 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010.07.28 19:37:21 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.07.28 19:35:23 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010.07.28 19:32:19 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010.06.09 19:02:10 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\V3515\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.07.11 14:48:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.10.10 17:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix
[2012.04.02 17:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PSYPRCFG
[2010.02.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2010.07.28 19:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2011.07.11 14:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Canneverbe Limited
[2011.07.27 18:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Dropbox
[2010.07.28 19:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\inkscape
[2011.10.13 14:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\PsyPrax
[2011.04.22 11:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\ScanSoft
[2011.07.20 15:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  >
 
<  >
 
<  >
 
<  >
 
<  >
 
<  >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
<  >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
<  >
 
< %APPDATA%\*. >
[2010.05.03 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Adobe
[2011.01.30 22:08:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\AVS4YOU
[2010.07.28 20:03:14 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Brother
[2011.07.11 14:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Canneverbe Limited
[2010.06.09 18:22:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\DivX
[2011.07.27 18:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Dropbox
[2012.02.14 15:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\dvdcss
[2011.11.28 23:04:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Help
[2011.07.19 17:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\HP
[2012.01.30 19:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\HpUpdate
[2010.05.06 15:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Identities
[2010.07.28 19:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\inkscape
[2010.07.28 19:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\InstallShield
[2010.02.12 11:45:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Macromedia
[2012.03.28 14:30:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Malwarebytes
[2011.11.12 19:19:21 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Microsoft
[2010.02.12 15:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Microsoft Web Folders
[2011.10.10 17:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla
[2011.10.13 14:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\PsyPrax
[2011.04.22 11:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\ScanSoft
[2010.03.21 14:04:45 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\SecuROM
[2011.06.07 22:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Skype
[2011.07.17 17:22:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Sun
[2012.03.28 14:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\SUPERAntiSpyware.com
[2011.07.20 15:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\TeamViewer
[2011.06.18 00:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\vlc
 
<  >
 
< %APPDATA%\*.exe /s >
[2010.07.28 19:32:53 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
 
<  >
 
< %SYSTEMDRIVE%\*.exe >
 
<  >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
<  >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
<  >
 
< %systemroot%\System32\config\*.sav >
[2009.12.03 10:29:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.03 10:29:48 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.03 10:29:48 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
<  >
 
< %systemroot%\*. /mp /s >
 
<  >
 
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<  >

< End of report >
--- --- ---


Danke abermals!

cosinus 04.04.2012 22:54
Das Log sieht passagenweise irgendwie merkwürdig aus.
Mach es bitte nochmal neu

taft 21.04.2012 20:05
So, Urlaub kam dazwischen, hier die neue OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 21.04.2012 20:47:45 - Run 5
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\V3515\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,10 Mb Total Physical Memory | 669,45 Mb Available Physical Memory | 69,87% Memory free
1,51 Gb Paging File | 1,31 Gb Available in Paging File | 87,08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 19,20 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
 
Computer Name: HEIDESCOMPUTER | User Name: V3515 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\V3515\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Citrix\Secure Access Client\nsverctl.exe (Citrix Systems, Inc)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (nsverctl) -- C:\Programme\Citrix\Secure Access Client\nsverctl.exe (Citrix Systems, Inc)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ctxva51) -- C:\WINDOWS\system32\drivers\ctxva51.sys (Citrix Systems, Inc.)
DRV - (cag) -- C:\Programme\Gemeinsame Dateien\Deterministic Networks\Common Files\cag.sys (Citrix Systems, Inc.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (S3GIGP) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (UIUSys) -- C:\WINDOWS\system32\drivers\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.48.6: C:\Programme\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.31 20:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.28 20:15:23 | 000,000,000 | ---D | M]
 
[2010.02.12 17:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Extensions
[2012.01.25 12:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\extensions
[2011.07.05 23:09:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.25 12:49:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.14 10:54:53 | 000,002,289 | ---- | M] () -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla\Firefox\Profiles\pisbltmj.default\searchplugins\ecosia.xml
[2011.11.28 20:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\V3515\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\PISBLTMJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.31 20:52:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.17 17:24:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.31 20:52:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.31 20:52:05 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.31 20:52:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.31 20:52:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.31 20:52:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.31 20:52:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-436374069-1788223648-1177238915-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Citrix Access Gateway.lnk = C:\Programme\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1788223648-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259831970781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.03 09:43:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.20 21:41:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\V3515\Desktop\112553-trojaner-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert-Dateien
[2012.03.30 18:08:55 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.28 17:50:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\V3515\Desktop\OTL.exe
[2012.03.28 14:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012.03.28 14:31:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.28 14:30:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.03.28 14:30:38 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.03.28 14:30:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Malwarebytes
[2012.03.28 14:30:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.21 20:45:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.21 20:43:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.21 20:43:39 | 1004,711,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.20 21:41:26 | 000,122,323 | ---- | M] () -- C:\Dokumente und Einstellungen\V3515\Desktop\112553-trojaner-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert.html
[2012.04.20 09:24:30 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\V3515\Desktop\Microsoft Word.lnk
[2012.04.17 21:30:00 | 000,449,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.17 21:30:00 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.17 21:30:00 | 000,080,936 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.17 21:30:00 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.16 18:50:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.03.28 15:47:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\V3515\Desktop\OTL.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.20 21:41:24 | 000,122,323 | ---- | C] () -- C:\Dokumente und Einstellungen\V3515\Desktop\112553-trojaner-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert.html
[2012.03.28 20:36:02 | 1004,711,936 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.15 14:25:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.08.30 14:16:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ct8751com.ini
[2011.07.17 17:42:55 | 000,010,606 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2011.07.17 17:39:08 | 000,202,832 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2011.07.17 17:39:08 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2011.07.11 14:48:07 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.03.12 20:15:22 | 000,311,072 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.01.30 22:00:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\AVSDVDPlayer.m3u
[2011.01.30 21:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.01.30 21:59:30 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.07.28 19:37:22 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010.07.28 19:37:21 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.07.28 19:35:23 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010.07.28 19:32:19 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010.06.09 19:02:10 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\V3515\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.07.11 14:48:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.10.10 17:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix
[2012.04.02 17:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PSYPRCFG
[2010.02.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2010.07.28 19:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2011.07.11 14:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Canneverbe Limited
[2011.07.27 18:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Dropbox
[2010.07.28 19:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\inkscape
[2011.10.13 14:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\PsyPrax
[2011.04.22 11:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\ScanSoft
[2011.07.20 15:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.03 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Adobe
[2011.01.30 22:08:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\AVS4YOU
[2010.07.28 20:03:14 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Brother
[2011.07.11 14:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Canneverbe Limited
[2010.06.09 18:22:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\DivX
[2011.07.27 18:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Dropbox
[2012.02.14 15:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\dvdcss
[2011.11.28 23:04:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Help
[2011.07.19 17:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\HP
[2012.01.30 19:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\HpUpdate
[2010.05.06 15:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Identities
[2010.07.28 19:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\inkscape
[2010.07.28 19:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\InstallShield
[2010.02.12 11:45:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Macromedia
[2012.03.28 14:30:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Malwarebytes
[2011.11.12 19:19:21 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Microsoft
[2010.02.12 15:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Microsoft Web Folders
[2011.10.10 17:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Mozilla
[2011.10.13 14:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\PsyPrax
[2011.04.22 11:03:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\ScanSoft
[2010.03.21 14:04:45 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\SecuROM
[2011.06.07 22:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Skype
[2011.07.17 17:22:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Sun
[2012.03.28 14:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\SUPERAntiSpyware.com
[2011.07.20 15:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\TeamViewer
[2012.04.21 18:38:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\vlc
 
< %APPDATA%\*.exe /s >
[2010.07.28 19:32:53 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\V3515\Anwendungsdaten\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.03 10:29:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.03 10:29:48 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.03 10:29:48 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
--- --- ---


Danke!
taft

cosinus 21.04.2012 22:45
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

taft 22.04.2012 16:07
Hier das Log-File von TDSS:
Code:
16:33:30.0031 2152        TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
16:33:30.0187 2152        ============================================================
16:33:30.0187 2152        Current date / time: 2012/04/22 16:33:30.0187
16:33:30.0187 2152        SystemInfo:
16:33:30.0187 2152       
16:33:30.0187 2152        OS Version: 5.1.2600 ServicePack: 3.0
16:33:30.0187 2152        Product type: Workstation
16:33:30.0187 2152        ComputerName: HEIDESCOMPUTER
16:33:30.0187 2152        UserName: V3515
16:33:30.0187 2152        Windows directory: C:\WINDOWS
16:33:30.0187 2152        System windows directory: C:\WINDOWS
16:33:30.0187 2152        Processor architecture: Intel x86
16:33:30.0187 2152        Number of processors: 1
16:33:30.0187 2152        Page size: 0x1000
16:33:30.0187 2152        Boot type: Normal boot
16:33:30.0187 2152        ============================================================
16:33:32.0625 2152        Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:33:32.0625 2152        \Device\Harddisk0\DR0:
16:33:32.0625 2152        MBR partitions:
16:33:32.0625 2152        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
16:33:32.0640 2152        C: <-> \Device\Harddisk0\DR0\Partition0
16:33:32.0640 2152        Initialize success
16:33:32.0640 2152        ============================================================
16:35:04.0468 0216        ============================================================
16:35:04.0468 0216        Scan started
16:35:04.0468 0216        Mode: Manual; SigCheck; TDLFS;
16:35:04.0468 0216        ============================================================
16:35:05.0093 0216        !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
16:35:05.0421 0216        !SASCORE - ok
16:35:05.0687 0216        Abiosdsk - ok
16:35:05.0796 0216        abp480n5 - ok
16:35:05.0921 0216        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:35:06.0828 0216        ACPI - ok
16:35:07.0015 0216        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:35:07.0187 0216        ACPIEC - ok
16:35:07.0218 0216        adpu160m - ok
16:35:07.0312 0216        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:35:07.0468 0216        aec - ok
16:35:07.0546 0216        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:35:07.0625 0216        AFD - ok
16:35:07.0656 0216        Aha154x - ok
16:35:07.0703 0216        aic78u2 - ok
16:35:07.0734 0216        aic78xx - ok
16:35:07.0796 0216        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
16:35:07.0968 0216        Alerter - ok
16:35:08.0031 0216        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
16:35:08.0093 0216        ALG - ok
16:35:08.0125 0216        AliIde - ok
16:35:08.0171 0216        amsint - ok
16:35:08.0234 0216        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
16:35:08.0312 0216        AppMgmt - ok
16:35:08.0406 0216        AR5211          (d07ccc37476034ebf5de4608a8af4386) C:\WINDOWS\system32\DRIVERS\ar5211.sys
16:35:08.0515 0216        AR5211 - ok
16:35:08.0687 0216        asc - ok
16:35:08.0734 0216        asc3350p - ok
16:35:08.0765 0216        asc3550 - ok
16:35:08.0859 0216        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:35:08.0875 0216        aspnet_state - ok
16:35:08.0953 0216        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:35:09.0109 0216        AsyncMac - ok
16:35:09.0203 0216        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:35:09.0375 0216        atapi - ok
16:35:09.0406 0216        Atdisk - ok
16:35:09.0468 0216        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:35:09.0640 0216        Atmarpc - ok
16:35:09.0703 0216        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
16:35:09.0843 0216        AudioSrv - ok
16:35:09.0921 0216        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:35:10.0078 0216        audstub - ok
16:35:10.0187 0216        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:35:10.0359 0216        Beep - ok
16:35:10.0515 0216        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
16:35:10.0734 0216        BITS - ok
16:35:10.0859 0216        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
16:35:11.0046 0216        Browser - ok
16:35:11.0140 0216        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:35:11.0203 0216        BrScnUsb - ok
16:35:11.0328 0216        cag            (c2c53a21adf398575ccb2481a4f5209e) C:\Programme\Gemeinsame Dateien\Deterministic Networks\Common Files\cag.sys
16:35:11.0343 0216        cag - ok
16:35:11.0421 0216        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:35:11.0609 0216        cbidf2k - ok
16:35:11.0750 0216        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:35:12.0078 0216        CCDECODE - ok
16:35:12.0109 0216        cd20xrnt - ok
16:35:12.0171 0216        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:35:12.0343 0216        Cdaudio - ok
16:35:12.0468 0216        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:35:12.0609 0216        Cdfs - ok
16:35:12.0703 0216        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:35:12.0859 0216        Cdrom - ok
16:35:12.0890 0216        Changer - ok
16:35:12.0968 0216        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
16:35:13.0140 0216        CiSvc - ok
16:35:13.0187 0216        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
16:35:13.0328 0216        ClipSrv - ok
16:35:13.0437 0216        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:13.0453 0216        clr_optimization_v2.0.50727_32 - ok
16:35:13.0546 0216        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:35:13.0718 0216        CmBatt - ok
16:35:13.0812 0216        CmdIde - ok
16:35:13.0859 0216        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:35:14.0015 0216        Compbatt - ok
16:35:14.0062 0216        COMSysApp - ok
16:35:14.0125 0216        Cpqarray - ok
16:35:14.0187 0216        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
16:35:14.0359 0216        CryptSvc - ok
16:35:14.0468 0216        ctxva51        (299d544f7445742990d53b3822f390fc) C:\WINDOWS\system32\DRIVERS\ctxva51.sys
16:35:14.0515 0216        ctxva51 - ok
16:35:14.0546 0216        dac2w2k - ok
16:35:14.0578 0216        dac960nt - ok
16:35:14.0687 0216        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:35:14.0812 0216        DcomLaunch - ok
16:35:14.0921 0216        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
16:35:15.0078 0216        Dhcp - ok
16:35:15.0187 0216        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:35:15.0390 0216        Disk - ok
16:35:15.0406 0216        dmadmin - ok
16:35:15.0500 0216        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:35:15.0750 0216        dmboot - ok
16:35:15.0843 0216        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:35:16.0000 0216        dmio - ok
16:35:16.0093 0216        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:35:16.0250 0216        dmload - ok
16:35:16.0296 0216        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
16:35:16.0468 0216        dmserver - ok
16:35:16.0562 0216        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:35:16.0750 0216        DMusic - ok
16:35:16.0828 0216        DNE            (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
16:35:16.0843 0216        DNE - ok
16:35:16.0906 0216        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
16:35:17.0015 0216        Dnscache - ok
16:35:17.0078 0216        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
16:35:17.0265 0216        Dot3svc - ok
16:35:17.0328 0216        dpti2o - ok
16:35:17.0484 0216        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:35:17.0640 0216        drmkaud - ok
16:35:17.0765 0216        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
16:35:17.0890 0216        EapHost - ok
16:35:17.0968 0216        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
16:35:18.0140 0216        ERSvc - ok
16:35:18.0218 0216        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:35:18.0250 0216        Eventlog - ok
16:35:18.0343 0216        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
16:35:18.0437 0216        EventSystem - ok
16:35:18.0515 0216        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:35:18.0671 0216        Fastfat - ok
16:35:18.0750 0216        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:35:18.0859 0216        FastUserSwitchingCompatibility - ok
16:35:19.0015 0216        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:35:19.0171 0216        Fdc - ok
16:35:19.0265 0216        FETNDIS        (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
16:35:19.0421 0216        FETNDIS - ok
16:35:19.0515 0216        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:35:19.0703 0216        Fips - ok
16:35:19.0734 0216        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:35:19.0906 0216        Flpydisk - ok
16:35:20.0000 0216        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:35:20.0171 0216        FltMgr - ok
16:35:20.0343 0216        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:35:20.0359 0216        FontCache3.0.0.0 - ok
16:35:20.0390 0216        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:35:20.0578 0216        Fs_Rec - ok
16:35:20.0625 0216        FTDIBUS        (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys
16:35:20.0640 0216        FTDIBUS - ok
16:35:20.0765 0216        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:35:20.0906 0216        Ftdisk - ok
16:35:21.0062 0216        FTSER2K        (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys
16:35:21.0078 0216        FTSER2K - ok
16:35:21.0171 0216        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:35:21.0343 0216        Gpc - ok
16:35:21.0437 0216        HdAudAddService (08f0f83fdb49cdbcacf546971a660524) C:\WINDOWS\system32\drivers\CHDAud.sys
16:35:21.0546 0216        HdAudAddService - ok
16:35:21.0640 0216        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:35:21.0781 0216        HDAudBus - ok
16:35:21.0921 0216        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:35:22.0078 0216        helpsvc - ok
16:35:22.0093 0216        HidServ - ok
16:35:22.0171 0216        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:35:22.0359 0216        HidUsb - ok
16:35:22.0484 0216        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
16:35:22.0640 0216        hkmsvc - ok
16:35:22.0687 0216        hpn - ok
16:35:22.0875 0216        hpqcxs08        (b14328cfeeb6b736be44c2c9db3b162c) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
16:35:22.0890 0216        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:35:22.0890 0216        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:35:22.0953 0216        hpqddsvc        (df446ba625cc441617843e87798ce048) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
16:35:22.0968 0216        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:35:22.0968 0216        hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:35:23.0046 0216        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:35:23.0296 0216        HPZid412 - ok
16:35:23.0406 0216        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:35:23.0437 0216        HPZipr12 - ok
16:35:23.0515 0216        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:35:23.0546 0216        HPZius12 - ok
16:35:23.0640 0216        HSFHWAZL        (d8d9ded6dcc4e3aee633e6ba462b75c4) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:35:23.0718 0216        HSFHWAZL - ok
16:35:23.0828 0216        HSF_DPV        (2df42cf7300b14b15953218a2b32217c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:35:23.0968 0216        HSF_DPV - ok
16:35:24.0078 0216        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:35:24.0140 0216        HTTP - ok
16:35:24.0281 0216        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
16:35:24.0453 0216        HTTPFilter - ok
16:35:24.0484 0216        i2omgmt - ok
16:35:24.0531 0216        i2omp - ok
16:35:24.0593 0216        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:35:24.0765 0216        i8042prt - ok
16:35:24.0937 0216        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:35:25.0031 0216        idsvc - ok
16:35:25.0125 0216        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:35:25.0281 0216        Imapi - ok
16:35:25.0390 0216        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
16:35:25.0562 0216        ImapiService - ok
16:35:25.0593 0216        ini910u - ok
16:35:25.0640 0216        IntelIde - ok
16:35:25.0750 0216        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:35:25.0890 0216        intelppm - ok
16:35:26.0015 0216        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:35:26.0171 0216        Ip6Fw - ok
16:35:26.0265 0216        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:35:26.0437 0216        IpFilterDriver - ok
16:35:26.0468 0216        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:35:26.0609 0216        IpInIp - ok
16:35:26.0671 0216        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:35:26.0843 0216        IpNat - ok
16:35:26.0953 0216        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:35:27.0109 0216        IPSec - ok
16:35:27.0203 0216        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:35:27.0296 0216        IRENUM - ok
16:35:27.0437 0216        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:35:27.0593 0216        isapnp - ok
16:35:27.0765 0216        JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
16:35:27.0796 0216        JavaQuickStarterService - ok
16:35:27.0843 0216        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:35:28.0015 0216        Kbdclass - ok
16:35:28.0312 0216        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:35:28.0484 0216        kmixer - ok
16:35:28.0531 0216        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:35:28.0640 0216        KSecDD - ok
16:35:28.0750 0216        LanmanServer    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
16:35:28.0812 0216        LanmanServer - ok
16:35:28.0921 0216        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
16:35:29.0000 0216        lanmanworkstation - ok
16:35:29.0046 0216        lbrtfdc - ok
16:35:29.0187 0216        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
16:35:29.0328 0216        LmHosts - ok
16:35:29.0453 0216        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
16:35:29.0484 0216        McComponentHostService - ok
16:35:29.0687 0216        mdmxsdk        (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:35:29.0703 0216        mdmxsdk - ok
16:35:29.0765 0216        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
16:35:29.0953 0216        Messenger - ok
16:35:30.0078 0216        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:35:30.0234 0216        mnmdd - ok
16:35:30.0296 0216        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
16:35:30.0468 0216        mnmsrvc - ok
16:35:30.0531 0216        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:35:30.0703 0216        Modem - ok
16:35:30.0781 0216        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:35:30.0953 0216        Mouclass - ok
16:35:31.0031 0216        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:35:31.0203 0216        mouhid - ok
16:35:31.0265 0216        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:35:31.0406 0216        MountMgr - ok
16:35:31.0437 0216        mraid35x - ok
16:35:31.0500 0216        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:35:31.0640 0216        MRxDAV - ok
16:35:31.0734 0216        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:35:31.0859 0216        MRxSmb - ok
16:35:32.0000 0216        MSCamSvc        (d98350792a7ce82e7459a7c36481beda) C:\Programme\Microsoft LifeCam\MSCamS32.exe
16:35:32.0015 0216        MSCamSvc - ok
16:35:32.0171 0216        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
16:35:32.0328 0216        MSDTC - ok
16:35:32.0453 0216        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:35:32.0609 0216        Msfs - ok
16:35:32.0687 0216        MSHUSBVideo    (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
16:35:32.0687 0216        MSHUSBVideo - ok
16:35:32.0718 0216        MSIServer - ok
16:35:32.0781 0216        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:35:33.0515 0216        MSKSSRV - ok
16:35:33.0640 0216        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:35:33.0796 0216        MSPCLOCK - ok
16:35:33.0843 0216        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:35:34.0015 0216        MSPQM - ok
16:35:34.0109 0216        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:35:34.0250 0216        mssmbios - ok
16:35:34.0359 0216        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:35:34.0531 0216        MSTEE - ok
16:35:34.0609 0216        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:35:34.0656 0216        Mup - ok
16:35:34.0718 0216        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:35:34.0906 0216        NABTSFEC - ok
16:35:35.0015 0216        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
16:35:35.0171 0216        napagent - ok
16:35:35.0265 0216        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:35:35.0437 0216        NDIS - ok
16:35:35.0515 0216        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:35:35.0671 0216        NdisIP - ok
16:35:35.0750 0216        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:35:35.0796 0216        NdisTapi - ok
16:35:35.0890 0216        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:35:36.0046 0216        Ndisuio - ok
16:35:36.0125 0216        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:35:36.0281 0216        NdisWan - ok
16:35:36.0343 0216        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:35:36.0437 0216        NDProxy - ok
16:35:36.0500 0216        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
16:35:36.0500 0216        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:35:36.0500 0216        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:35:36.0640 0216        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:35:36.0781 0216        NetBIOS - ok
16:35:36.0828 0216        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:35:37.0000 0216        NetBT - ok
16:35:37.0078 0216        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:35:37.0218 0216        NetDDE - ok
16:35:37.0250 0216        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:35:37.0406 0216        NetDDEdsdm - ok
16:35:37.0500 0216        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:35:37.0640 0216        Netlogon - ok
16:35:37.0703 0216        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
16:35:37.0859 0216        Netman - ok
16:35:38.0000 0216        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:35:38.0015 0216        NetTcpPortSharing - ok
16:35:38.0109 0216        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
16:35:38.0125 0216        Nla - ok
16:35:38.0281 0216        NMSAccess      (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
16:35:38.0296 0216        NMSAccess - ok
16:35:38.0437 0216        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:35:38.0593 0216        Npfs - ok
16:35:38.0640 0216        nsverctl        (a9cfa2137eaa5621b9df3aa699429030) C:\Programme\Citrix\Secure Access Client\nsverctl.exe
16:35:38.0656 0216        nsverctl - ok
16:35:38.0765 0216        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:35:38.0968 0216        Ntfs - ok
16:35:39.0125 0216        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:35:39.0281 0216        NtLmSsp - ok
16:35:39.0390 0216        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
16:35:39.0609 0216        NtmsSvc - ok
16:35:39.0656 0216        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:35:39.0812 0216        Null - ok
16:35:39.0921 0216        NWCWorkstation  (c34a6a72dec2c317d67355dc18f87090) C:\WINDOWS\System32\nwwks.dll
16:35:40.0000 0216        NWCWorkstation - ok
16:35:40.0062 0216        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:35:40.0203 0216        NwlnkFlt - ok
16:35:40.0265 0216        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:35:40.0421 0216        NwlnkFwd - ok
16:35:40.0515 0216        NwlnkIpx        (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
16:35:40.0656 0216        NwlnkIpx - ok
16:35:40.0687 0216        NwlnkNb        (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
16:35:40.0828 0216        NwlnkNb - ok
16:35:40.0890 0216        NwlnkSpx        (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
16:35:41.0031 0216        NwlnkSpx - ok
16:35:41.0078 0216        NWRDR          (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
16:35:41.0171 0216        NWRDR - ok
16:35:41.0218 0216        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
16:35:41.0343 0216        Parport - ok
16:35:41.0453 0216        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:35:41.0593 0216        PartMgr - ok
16:35:41.0671 0216        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:35:41.0843 0216        ParVdm - ok
16:35:41.0890 0216        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:35:42.0078 0216        PCI - ok
16:35:42.0109 0216        PCIDump - ok
16:35:42.0140 0216        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:35:42.0281 0216        PCIIde - ok
16:35:42.0343 0216        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:35:42.0484 0216        Pcmcia - ok
16:35:42.0515 0216        PDCOMP - ok
16:35:42.0562 0216        PDFRAME - ok
16:35:42.0593 0216        PDRELI - ok
16:35:42.0625 0216        PDRFRAME - ok
16:35:42.0671 0216        perc2 - ok
16:35:42.0703 0216        perc2hib - ok
16:35:42.0843 0216        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:35:42.0859 0216        PlugPlay - ok
16:35:42.0953 0216        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
16:35:42.0953 0216        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:35:42.0953 0216        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:35:43.0015 0216        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:35:43.0171 0216        PolicyAgent - ok
16:35:43.0296 0216        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:35:43.0468 0216        PptpMiniport - ok
16:35:43.0515 0216        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:35:43.0671 0216        ProtectedStorage - ok
16:35:43.0703 0216        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:35:43.0859 0216        PSched - ok
16:35:43.0906 0216        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:35:44.0046 0216        Ptilink - ok
16:35:44.0078 0216        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:35:44.0093 0216        PxHelp20 - ok
16:35:44.0187 0216        ql1080 - ok
16:35:44.0218 0216        Ql10wnt - ok
16:35:44.0250 0216        ql12160 - ok
16:35:44.0296 0216        ql1240 - ok
16:35:44.0328 0216        ql1280 - ok
16:35:44.0390 0216        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:35:44.0546 0216        RasAcd - ok
16:35:44.0593 0216        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
16:35:44.0765 0216        RasAuto - ok
16:35:44.0843 0216        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:35:45.0015 0216        Rasl2tp - ok
16:35:45.0062 0216        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
16:35:45.0218 0216        RasMan - ok
16:35:45.0312 0216        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:35:45.0468 0216        RasPppoe - ok
16:35:45.0546 0216        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:35:45.0671 0216        Raspti - ok
16:35:45.0765 0216        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:35:45.0906 0216        Rdbss - ok
16:35:46.0000 0216        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:35:46.0140 0216        RDPCDD - ok
16:35:46.0281 0216        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:35:46.0437 0216        rdpdr - ok
16:35:46.0531 0216        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:35:46.0562 0216        RDPWD - ok
16:35:46.0640 0216        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
16:35:46.0828 0216        RDSessMgr - ok
16:35:46.0906 0216        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:35:47.0031 0216        redbook - ok
16:35:47.0093 0216        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
16:35:47.0250 0216        RemoteAccess - ok
16:35:47.0359 0216        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
16:35:47.0515 0216        RemoteRegistry - ok
16:35:47.0640 0216        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
16:35:47.0781 0216        RpcLocator - ok
16:35:47.0890 0216        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:35:47.0937 0216        RpcSs - ok
16:35:48.0000 0216        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
16:35:48.0156 0216        RSVP - ok
16:35:48.0328 0216        S3GIGP          (0c963b81c842b49cc87123f165224e5a) C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
16:35:48.0421 0216        S3GIGP - ok
16:35:48.0531 0216        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:35:48.0687 0216        SamSs - ok
16:35:48.0828 0216        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
16:35:48.0843 0216        SASDIFSV - ok
16:35:48.0875 0216        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
16:35:48.0890 0216        SASKUTIL - ok
16:35:49.0015 0216        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
16:35:49.0187 0216        SCardSvr - ok
16:35:49.0265 0216        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
16:35:49.0421 0216        Schedule - ok
16:35:49.0546 0216        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:35:49.0609 0216        Secdrv - ok
16:35:49.0671 0216        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
16:35:49.0828 0216        seclogon - ok
16:35:49.0890 0216        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
16:35:50.0062 0216        SENS - ok
16:35:50.0109 0216        Ser2pl          (b4664c1ee39a5b7fc112f4077f8d21a5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
16:35:50.0140 0216        Ser2pl - ok
16:35:50.0265 0216        Serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:35:50.0421 0216        Serenum - ok
16:35:50.0500 0216        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
16:35:50.0656 0216        Serial - ok
16:35:50.0765 0216        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:35:50.0921 0216        Sfloppy - ok
16:35:51.0000 0216        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
16:35:51.0203 0216        SharedAccess - ok
16:35:51.0312 0216        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:35:51.0343 0216        ShellHWDetection - ok
16:35:51.0390 0216        Simbad - ok
16:35:51.0468 0216        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:35:51.0625 0216        SLIP - ok
16:35:51.0703 0216        Sparrow - ok
16:35:51.0765 0216        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:35:51.0921 0216        splitter - ok
16:35:52.0031 0216        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:35:52.0093 0216        Spooler - ok
16:35:52.0203 0216        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:35:52.0265 0216        sr - ok
16:35:52.0359 0216        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
16:35:52.0453 0216        srservice - ok
16:35:52.0546 0216        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:35:52.0609 0216        Srv - ok
16:35:52.0718 0216        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
16:35:52.0796 0216        SSDPSRV - ok
16:35:52.0875 0216        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
16:35:52.0890 0216        StarOpen ( UnsignedFile.Multi.Generic ) - warning
16:35:52.0890 0216        StarOpen - detected UnsignedFile.Multi.Generic (1)
16:35:52.0953 0216        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
16:35:53.0156 0216        stisvc - ok
16:35:53.0281 0216        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:35:53.0437 0216        streamip - ok
16:35:53.0546 0216        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:35:53.0671 0216        swenum - ok
16:35:53.0765 0216        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:35:53.0890 0216        swmidi - ok
16:35:53.0953 0216        SwPrv - ok
16:35:54.0000 0216        symc810 - ok
16:35:54.0046 0216        symc8xx - ok
16:35:54.0093 0216        sym_hi - ok
16:35:54.0125 0216        sym_u3 - ok
16:35:54.0234 0216        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:35:54.0406 0216        sysaudio - ok
16:35:54.0453 0216        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
16:35:54.0625 0216        SysmonLog - ok
16:35:54.0703 0216        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
16:35:54.0859 0216        TapiSrv - ok
16:35:54.0968 0216        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:35:55.0046 0216        Tcpip - ok
16:35:55.0109 0216        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:35:55.0250 0216        TDPIPE - ok
16:35:55.0328 0216        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:35:55.0515 0216        TDTCP - ok
16:35:55.0609 0216        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:35:55.0750 0216        TermDD - ok
16:35:55.0843 0216        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
16:35:56.0015 0216        TermService - ok
16:35:56.0078 0216        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:35:56.0093 0216        Themes - ok
16:35:56.0171 0216        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
16:35:56.0265 0216        TlntSvr - ok
16:35:56.0281 0216        TosIde - ok
16:35:56.0375 0216        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
16:35:56.0562 0216        TrkWks - ok
16:35:56.0656 0216        uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
16:35:56.0796 0216        uagp35 - ok
16:35:56.0859 0216        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:35:57.0046 0216        Udfs - ok
16:35:57.0109 0216        UIUSys          (7020c64a20709b39cbe4a1cf371a9cd5) C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
16:35:57.0125 0216        UIUSys ( UnsignedFile.Multi.Generic ) - warning
16:35:57.0125 0216        UIUSys - detected UnsignedFile.Multi.Generic (1)
16:35:57.0187 0216        ultra - ok
16:35:57.0281 0216        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:35:57.0531 0216        Update - ok
16:35:57.0609 0216        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
16:35:57.0671 0216        upnphost - ok
16:35:57.0734 0216        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
16:35:57.0890 0216        UPS - ok
16:35:58.0000 0216        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:35:58.0171 0216        usbaudio - ok
16:35:58.0250 0216        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:35:58.0375 0216        usbccgp - ok
16:35:58.0468 0216        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:35:58.0609 0216        usbehci - ok
16:35:58.0734 0216        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:35:58.0890 0216        usbhub - ok
16:35:58.0921 0216        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:35:59.0078 0216        usbprint - ok
16:35:59.0125 0216        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:35:59.0281 0216        usbscan - ok
16:35:59.0328 0216        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:35:59.0500 0216        USBSTOR - ok
16:35:59.0562 0216        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:35:59.0687 0216        usbuhci - ok
16:35:59.0750 0216        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:35:59.0906 0216        usbvideo - ok
16:35:59.0984 0216        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:36:00.0156 0216        VgaSave - ok
16:36:00.0234 0216        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:36:00.0390 0216        ViaIde - ok
16:36:00.0484 0216        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:36:00.0640 0216        VolSnap - ok
16:36:00.0750 0216        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
16:36:00.0843 0216        VSS - ok
16:36:00.0921 0216        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
16:36:01.0062 0216        W32Time - ok
16:36:01.0125 0216        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:36:01.0265 0216        Wanarp - ok
16:36:01.0296 0216        WDICA - ok
16:36:01.0390 0216        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:36:01.0546 0216        wdmaud - ok
16:36:01.0578 0216        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
16:36:01.0734 0216        WebClient - ok
16:36:01.0812 0216        winachsf        (86723ea860346fbe5490835344cad939) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:36:01.0953 0216        winachsf - ok
16:36:02.0125 0216        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:36:02.0312 0216        winmgmt - ok
16:36:02.0453 0216        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:36:02.0531 0216        WmdmPmSN - ok
16:36:02.0671 0216        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
16:36:02.0843 0216        Wmi - ok
16:36:02.0953 0216        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:36:03.0140 0216        WmiApSrv - ok
16:36:03.0312 0216        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
16:36:03.0406 0216        WMPNetworkSvc - ok
16:36:03.0578 0216        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
16:36:03.0718 0216        wscsvc - ok
16:36:03.0812 0216        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:36:03.0953 0216        WSTCODEC - ok
16:36:04.0078 0216        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
16:36:04.0234 0216        wuauserv - ok
16:36:04.0312 0216        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:36:04.0375 0216        WudfPf - ok
16:36:04.0406 0216        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:36:04.0437 0216        WudfRd - ok
16:36:04.0500 0216        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:36:04.0515 0216        WudfSvc - ok
16:36:04.0609 0216        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
16:36:04.0796 0216        WZCSVC - ok
16:36:04.0937 0216        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
16:36:05.0109 0216        xmlprov - ok
16:36:05.0187 0216        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:36:05.0406 0216        \Device\Harddisk0\DR0 - ok
16:36:05.0453 0216        Boot (0x1200)  (5c90099232ba7f79eb9ce982a7a660ba) \Device\Harddisk0\DR0\Partition0
16:36:05.0453 0216        \Device\Harddisk0\DR0\Partition0 - ok
16:36:05.0468 0216        ============================================================
16:36:05.0468 0216        Scan finished
16:36:05.0468 0216        ============================================================
16:36:05.0609 1236        Detected object count: 6
16:36:05.0609 1236        Actual detected object count: 6
16:36:17.0984 1236        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:17.0984 1236        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:36:17.0984 1236        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:17.0984 1236        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:36:18.0000 1236        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:18.0000 1236        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:36:18.0000 1236        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:18.0000 1236        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:36:18.0015 1236        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:18.0015 1236        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:36:18.0015 1236        UIUSys ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:18.0015 1236        UIUSys ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.04.2012 19:56
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131