| |
| |||||||
Log-Analyse und Auswertung: Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
19.09.2011, 17:09
| #1 |
 |  Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Hallo, ich hoffe ihr könnt mir weiterhelfen. Ich versuche mein Problem so gut es geht zu erläutern. Ich habe in meinem Rechner 2 Festplatten. Auf der ersten ist Windows installiert. Die zweite, in drei Partionen unterteilt, enthielt bisher Medien und Dokumente verschiedener Art. Nachdem ich kürzlich eine vollständige Systemprüfung mit Antivir durchgeführt habe kame folgender Befund: Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [FUND] Enthält Code des Bootsektorvirus BOO/TDss.C [HINWEIS] Der Sektor wurde erfolgreich neu geschrieben! Bootsektor 'D:\' [FUND] Enthält Code des Bootsektorvirus BOO/TDss.C [HINWEIS] Der Bootsektor wurde nicht repariert Bootsektor 'E:\' [FUND] Enthält Code des Bootsektorvirus BOO/TDss.C [HINWEIS] Der Bootsektor wurde nicht repariert Bootsektor 'F:\' [FUND] Enthält Code des Bootsektorvirus BOO/TDss.C [HINWEIS] Der Bootsektor wurde nicht repariert Nach dem Start des Rechners am darauffolgenden Tag Sind die drei Partionen der zweiten Festplatte nicht mehr auffindbar (Also D: E: und F  . Die Festplatte an sich wird im BIOS und im Gerätemanager angezeigt, nur eben im Arbeitsplatz nicht. Ich habe bisher keinen Weg gefunden auf die Daten zuzugreifen. Auch bei erneuten Suchläufen von Antivir oder anderen Programmen werden die Partitionen nicht mehr berücksichtigt, bzw. nicht mehr erkannt. Soweit das Problem. Ich hänge jetzt einfach mal alle von euch gewünschten Dateien an und hoffe, dass jemand eine Idee hat wie ich an die Festplatte wieder ran komme. Hier jetzt erstmal die OTL-logfile. Den Rest hänge ich als zip-Datei an. Danke schonmal im Voraus!  OTL Logfile:Code:
ATTFilter OTL logfile created on: 19.09.2011 17:07:56 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\Ake\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,73 Mb Total Physical Memory | 704,13 Mb Available Physical Memory | 68,85% Memory free 2,40 Gb Paging File | 2,08 Gb Available in Paging File | 86,75% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 59,08 Gb Free Space | 79,28% Space Free | Partition Type: NTFS Drive G: | 590,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ADMIN-DEE923473 | User Name: Ake | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.19 17:06:50 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ake\Desktop\OTL.exe PRC - [2011.08.14 18:43:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.29 19:58:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2006.06.19 17:40:24 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe PRC - [2002.12.31 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002.10.14 22:22:04 | 000,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X74-X75\lxbbbmon.exe PRC - [2002.10.14 22:12:33 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X74-X75\lxbbbmgr.exe ========== Modules (No Company Name) ========== MOD - [2011.06.09 08:12:56 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll MOD - [2011.06.09 08:02:51 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll MOD - [2011.06.09 08:02:40 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll MOD - [2011.06.09 08:02:37 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll MOD - [2011.06.09 08:02:08 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll MOD - [2011.06.09 08:01:42 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll MOD - [2011.06.09 08:01:29 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll MOD - [2011.06.09 08:01:02 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll MOD - [2011.06.08 23:48:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011.06.07 22:34:16 | 000,055,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\Lokale Einstellungen\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll MOD - [2011.06.06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.04.27 14:19:38 | 000,588,800 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll MOD - [2011.04.27 14:19:38 | 000,360,960 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll MOD - [2011.04.27 14:19:38 | 000,007,168 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll MOD - [2011.04.27 14:19:38 | 000,003,584 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011.08.14 18:43:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 19:58:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.08.14 18:43:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.08.14 18:43:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.15 20:53:22 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.12.06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007.07.18 16:40:08 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2004.08.03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2003.08.06 10:43:04 | 000,159,744 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k) DRV - [2001.11.05 14:02:30 | 001,758,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e10kx2k.sys -- (emu10kx) Creative EMU10K1/EMU10K2 Audio Driver (WDM) DRV - [2001.11.01 17:31:30 | 000,110,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2001.10.18 18:46:18 | 000,207,572 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2001.09.11 14:14:16 | 000,154,284 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2001.09.11 14:10:18 | 000,011,036 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2001.09.11 14:10:14 | 000,186,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [1999.12.17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110412194704718&tb_oid=12-04-2011&tb_mrud=12-04-2011&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.onlinefussballmanager.de" FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110412194704718&tb_oid=12-04-2011&tb_mrud=12-04-2011&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5024 [2011.08.30 08:18:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.06 12:22:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.13 15:11:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5024 [2011.08.30 08:18:00 | 000,000,000 | ---D | M] [2011.04.12 19:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Extensions [2011.06.08 16:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Firefox\Profiles\y7afh0wh.default\extensions [2011.06.08 16:32:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Firefox\Profiles\y7afh0wh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.12 21:47:42 | 000,002,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Firefox\Profiles\y7afh0wh.default\searchplugins\aol-web-search.xml [2011.04.12 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.12 22:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.12 22:24:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.06.08 23:39:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.08.30 08:18:00 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5024 [2011.09.06 12:22:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.04.12 22:24:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2002.12.31 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - C:\WINDOWS\system32\AcroIEHelpe040.dll (Adobe Systems, Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Lexmark X74-X75] C:\Programme\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [KiesHelper] C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{866F8893-3461-40D6-9997-BD50150BB9DC}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2011.04.12 19:03:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002.12.31 14:00:00 | 000,000,112 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ake^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: Jet Detection - hkey= - key= - C:\Programme\Creative\SBAudigy\Program\ADGJDet.exe () MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: Taskbar - hkey= - key= - C:\Programme\Creative\SBAudigy\Taskbar\CTLTask.exe (Creative Technology Ltd) MsConfig - StartUpReg: TaskTray - hkey= - key= - C:\Programme\Creative\SBAudigy\Taskbar\CTLTray.exe (Creative Technology Ltd.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.19 17:06:47 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ake\Desktop\OTL.exe [2011.09.19 13:24:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavalys [2011.09.19 13:24:30 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2011.08.30 08:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5024 [2011.08.27 10:05:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5023 [2011.08.22 00:07:22 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec [2011.04.12 21:12:43 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.19 17:06:50 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ake\Desktop\OTL.exe [2011.09.19 17:05:25 | 000,000,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\defogger_reenable [2011.09.19 17:04:49 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\Desktop\Defogger.exe [2011.09.19 14:54:40 | 000,448,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.09.19 14:54:40 | 000,186,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.09.19 14:54:40 | 000,080,092 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.09.19 14:54:40 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.09.19 14:50:50 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011.09.19 14:50:22 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys [2011.09.19 14:50:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.19 14:38:12 | 000,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.19 14:38:12 | 000,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.19 14:38:12 | 000,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.19 14:38:12 | 000,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.19 14:38:12 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011.09.19 14:38:12 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011.09.19 14:38:12 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.09.19 14:38:12 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.09.17 14:33:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.09.17 14:33:46 | 000,071,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.16 19:02:55 | 000,000,134 | -H-- | M] () -- C:\Dokumente und Einstellungen\Ake\Desktop\.~lock.Bewerbungen.odt# [2011.09.09 18:57:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.19 17:05:22 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\defogger_reenable [2011.09.19 17:04:49 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Desktop\Defogger.exe [2011.09.19 11:33:44 | 366,888,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Desktop\Doku - Buddhismus.avi [2011.09.16 19:01:03 | 000,000,134 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ake\Desktop\.~lock.Bewerbungen.odt# [2011.08.05 18:47:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2011.07.01 08:38:57 | 000,000,205 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2011.06.08 23:48:39 | 000,381,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.06.04 13:12:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2011.05.02 22:24:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.04.16 20:10:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.04.12 21:29:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.04.12 21:29:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.04.12 21:12:50 | 000,161,900 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2011.04.12 21:12:50 | 000,144,493 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2011.04.12 21:12:50 | 000,111,223 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2011.04.12 21:12:50 | 000,111,123 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat [2011.04.12 21:12:50 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2011.04.12 21:12:48 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2011.04.12 21:12:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE [2011.04.12 21:12:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2011.04.12 21:12:48 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2011.04.12 21:12:40 | 000,029,851 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2011.04.12 21:12:38 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat [2011.04.12 21:12:37 | 000,024,992 | ---- | C] () -- C:\WINDOWS\Ctres.dll [2011.04.12 21:12:37 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini [2011.04.12 21:09:11 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2011.04.12 19:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.04.12 19:47:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.04.12 19:45:06 | 000,123,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.12 19:13:03 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.12 19:06:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.04.12 19:00:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2002.12.31 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.12.31 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002.12.31 14:00:00 | 000,448,396 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2002.12.31 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002.12.31 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002.12.31 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002.12.31 14:00:00 | 000,186,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.12.31 14:00:00 | 000,080,092 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2002.12.31 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.12.31 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002.12.31 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002.12.31 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002.12.31 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002.12.31 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002.12.31 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002.12.31 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2002.12.31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.10.14 22:39:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini [1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2011.05.15 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DAEMON Tools Lite [2011.06.08 16:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.04.12 22:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\OpenOffice.org [2011.06.07 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Samsung [2011.09.11 23:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\temp [2011.04.13 17:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Trillian [2011.05.15 20:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.07.31 09:17:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileServe Limited [2011.06.07 22:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.09.19 14:50:50 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.07 22:18:03 | 000,000,000 | ---D | M] -- C:\d78da3046caaeff91a0896d1738743f5 [2011.04.12 19:11:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.07.31 09:21:30 | 000,000,000 | ---D | M] -- C:\Downloads [2011.09.17 11:46:26 | 000,000,000 | ---D | M] -- C:\Media [2011.06.04 13:11:11 | 000,000,000 | ---D | M] -- C:\Program Files [2011.09.19 13:24:30 | 000,000,000 | ---D | M] -- C:\Programme [2011.04.12 19:12:26 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.09.13 14:41:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.08 20:53:50 | 000,000,000 | ---D | M] -- C:\Temp [2011.09.19 14:16:12 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2002.12.31 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe [2002.12.31 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\system32\dllcache\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe < MD5 for: REGEDIT.EXE > [2002.12.31 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe [2002.12.31 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\system32\dllcache\regedit.exe [2001.09.24 09:40:16 | 000,118,784 | ---- | M] (Microsoft Corporation) MD5=8D7116DF0A8B034C06B647616BBB6F50 -- C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP0.DIR\REGEDIT.EXE [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2002.12.31 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2002.12.31 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2002.12.31 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2002.12.31 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-19 12:10:08 < > < End of report > |
|
19.09.2011, 18:20
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Geht mal über die Computerverwaltung in die Datenträgerverwaltung.
__________________Werden da noch die Partitionen auf der Datenplatte angezeigt? Mach am besten einen Screenshot und poste den hier.
__________________ |
|
19.09.2011, 18:31
| #3 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Lieben Dank schonmal für die schnelle Antwort.
__________________Hier der Screenshot: |
|
19.09.2011, 18:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Hm, die Partitionen sind leider weg. Mit Glück kannst du noch mit Testdisk die Partitionstabelle wiederherstellen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2011, 20:12
| #5 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden HAllo ... Keine Ahnung wie, aber ich habe mit testdisk irgwie die partitionen wiederhergestellt. Ist natürlich die Frage ob das eigentliche Problem, das zu dem Verlust geführt hat weiterhin besteht. Kann ich jetzt irgenetwas tun um das abzuklären? Vielleicht nochmal nen logfile von den wiederhergestellten Partitionen?! Danke schonmal Ake |
|
19.09.2011, 20:48
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ --> Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden |
|
19.09.2011, 21:41
| #7 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Anbei der Bericht von Malwarebytes: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7750 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 19.09.2011 22:39:19 mbam-log-2011-09-19 (22-39-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 208231 Laufzeit: 28 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully. Infizierte Dateien: c:\dokumente und einstellungen\Ake\lokale einstellungen\Temp\jar_cache3899253011983727962.tmp (Malware.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\xmldm\3452_ff_0000000189.htm (Stolen.Data) -> Quarantined and deleted successfully. c:\WINDOWS\system32\xmldm\3452_ff_0000000190.key (Stolen.Data) -> Quarantined and deleted successfully. c:\WINDOWS\system32\xmldm\3452_ff_0000000191.frm (Stolen.Data) -> Quarantined and deleted successfully. |
|
19.09.2011, 22:42
| #8 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Und der letzte Scan. Ich hoffe die beiden Logs sind aussagekräftig. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=725ef5386c7b91499ca1cc06e85a4231 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-19 09:38:54 # local_time=2011-09-19 11:38:54 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775141 100 93 639 53006060 0 0 # compatibility_mode=8192 67108863 100 0 197 197 0 0 # scanned=54342 # found=0 # cleaned=0 # scan_time=2695 |
|
20.09.2011, 08:41
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwundenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2011, 16:39
| #10 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Arbeite gerade an SP3 (keine Ahnung warum das nicht automatisch upgedatet wurde. An sich sind die automatischen Updates eingestellt.) und nutze in erster Linie Firefox und nicht IE. Bei Firefox ist die aktuellste Version vorhanden. |
|
20.09.2011, 18:28
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwundenZitat:
Der IE ist eine Systemkomponente von Windows und sollte immer so aktuell wie möglich sein.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2011, 18:44
| #12 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Hier der logfile OTL logfile created on: 21.09.2011 19:12:58 - Run 3 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\Ake\Desktop\Virengedöns Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,73 Mb Total Physical Memory | 411,66 Mb Available Physical Memory | 40,25% Memory free 2,40 Gb Paging File | 1,82 Gb Available in Paging File | 75,94% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 57,48 Gb Free Space | 77,14% Space Free | Partition Type: NTFS Drive D: | 19,04 Gb Total Space | 8,61 Gb Free Space | 45,24% Space Free | Partition Type: NTFS Drive E: | 58,59 Gb Total Space | 35,29 Gb Free Space | 60,22% Space Free | Partition Type: NTFS Drive F: | 34,18 Gb Total Space | 17,12 Gb Free Space | 50,09% Space Free | Partition Type: NTFS Drive G: | 590,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ADMIN-DEE923473 | User Name: Ake | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.19 17:06:50 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ake\Desktop\Virengedöns\OTL.exe PRC - [2011.09.06 12:22:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.14 18:43:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.29 19:58:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.06.19 17:40:24 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe ========== Modules (No Company Name) ========== MOD - [2011.09.20 23:13:39 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2011.09.20 23:13:38 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2011.09.20 23:13:38 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2011.09.20 23:13:33 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2011.09.20 23:13:30 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2011.09.20 23:13:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011.09.06 12:22:20 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.08.30 08:18:00 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\5024\components\AcroFF0246.dll MOD - [2011.06.08 23:42:15 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2011.06.08 23:42:14 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2011.06.08 23:42:13 | 004,210,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2011.06.07 22:34:16 | 000,055,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\Lokale Einstellungen\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll MOD - [2011.06.07 22:19:30 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll MOD - [2011.06.07 22:18:32 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll MOD - [2011.04.29 19:58:19 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.04.27 14:19:38 | 000,588,800 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll MOD - [2011.04.27 14:19:38 | 000,360,960 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll MOD - [2011.04.27 14:19:38 | 000,007,168 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll MOD - [2011.04.27 14:19:38 | 000,003,584 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll |
|
21.09.2011, 18:45
| #13 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Mist. Hier noch der Rest  ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.14 18:43:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 19:58:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.14 18:43:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.08.14 18:43:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.15 20:53:22 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.12.06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007.07.18 16:40:08 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2003.08.06 10:43:04 | 000,159,744 | R--- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k) DRV - [2001.11.05 14:02:30 | 001,758,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e10kx2k.sys -- (emu10kx) Creative EMU10K1/EMU10K2 Audio Driver (WDM) DRV - [2001.11.01 17:31:30 | 000,110,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2001.10.18 18:46:18 | 000,207,572 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2001.09.11 14:14:16 | 000,154,284 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2001.09.11 14:10:18 | 000,011,036 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2001.09.11 14:10:14 | 000,186,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [1999.12.17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110412194704718&tb_oid=12-04-2011&tb_mrud=12-04-2011&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.onlinefussballmanager.de" FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110412194704718&tb_oid=12-04-2011&tb_mrud=12-04-2011&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5024 [2011.08.30 08:18:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.06 12:22:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.20 19:45:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5024 [2011.08.30 08:18:00 | 000,000,000 | ---D | M] [2011.04.12 19:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Extensions [2011.06.08 16:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Firefox\Profiles\y7afh0wh.default\extensions [2011.06.08 16:32:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Firefox\Profiles\y7afh0wh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.12 21:47:42 | 000,002,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla\Firefox\Profiles\y7afh0wh.default\searchplugins\aol-web-search.xml [2011.04.12 22:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.12 22:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.12 22:24:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.06.08 23:39:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.08.30 08:18:00 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5024 [2011.09.06 12:22:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.04.12 22:24:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2002.12.31 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Lexmark X74-X75] C:\Programme\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [KiesHelper] C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{866F8893-3461-40D6-9997-BD50150BB9DC}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2011.04.12 19:03:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk E:\ O32 - Unable to obtain root file information for disk F:\ O32 - AutoRun File - [2002.12.31 14:00:00 | 000,000,112 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ake^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: Jet Detection - hkey= - key= - C:\Programme\Creative\SBAudigy\Program\ADGJDet.exe () MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: Taskbar - hkey= - key= - C:\Programme\Creative\SBAudigy\Taskbar\CTLTask.exe (Creative Technology Ltd) MsConfig - StartUpReg: TaskTray - hkey= - key= - C:\Programme\Creative\SBAudigy\Taskbar\CTLTray.exe (Creative Technology Ltd.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.20 23:12:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.09.20 20:29:28 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Ake\IETldCache [2011.09.20 20:24:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011.09.20 20:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2011.09.20 20:22:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011.09.20 19:30:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.09.20 18:20:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de [2011.09.20 18:20:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2011.09.20 18:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2011.09.20 18:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2011.09.20 18:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2011.09.20 18:08:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011.09.20 18:00:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2011.09.19 22:50:42 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.09.19 22:45:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2011.09.19 22:08:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Malwarebytes [2011.09.19 22:07:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.09.19 22:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.09.19 22:07:50 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.09.19 22:07:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.09.19 18:52:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ake\Desktop\Virengedöns [2011.09.19 13:24:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavalys [2011.09.19 13:24:30 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2011.08.30 08:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5024 [2011.08.27 10:05:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5023 [2011.04.12 21:12:43 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.21 18:42:14 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011.09.21 18:41:16 | 000,448,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.09.21 18:41:16 | 000,186,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.09.21 18:41:16 | 000,080,092 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.09.21 18:41:16 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.09.21 18:36:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.21 18:36:47 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys [2011.09.21 18:36:47 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.09.20 23:14:29 | 000,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.20 23:14:29 | 000,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.20 23:14:29 | 000,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.20 23:14:29 | 000,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000D-00001102-00000004-00531102}.rfx [2011.09.20 23:14:29 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011.09.20 23:14:29 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011.09.20 23:14:29 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.09.20 23:14:29 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.09.20 23:08:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.09.20 19:31:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.09.20 18:13:48 | 000,251,712 | RHS- | M] () -- C:\ntldr [2011.09.19 17:05:25 | 000,000,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\defogger_reenable [2011.09.17 14:33:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.09.17 14:33:46 | 000,071,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Ake\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.16 19:02:55 | 000,000,134 | -H-- | M] () -- C:\Dokumente und Einstellungen\Ake\Desktop\.~lock.Bewerbungen.odt# [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.20 19:31:33 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Startmenü\Programme\Outlook Express.lnk [2011.09.20 19:31:32 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Startmenü\Programme\Internet Explorer.lnk [2011.09.20 19:31:28 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Startmenü\Programme\Windows Media Player.lnk [2011.09.20 18:20:49 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2011.09.20 18:20:49 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2011.09.20 18:20:49 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2011.09.20 18:20:49 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2011.09.20 18:20:48 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2011.09.20 18:20:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2011.09.20 18:20:48 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2011.09.20 18:20:48 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2011.09.20 18:20:48 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2011.09.20 18:20:47 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2011.09.20 18:20:47 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2011.09.20 18:20:47 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2011.09.20 18:20:47 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2011.09.20 18:20:47 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2011.09.20 18:20:47 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2011.09.20 18:20:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2011.09.20 18:20:47 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2011.09.20 18:20:47 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf [2011.09.20 18:20:47 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2011.09.20 18:20:47 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2011.09.20 18:20:47 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2011.09.20 18:20:47 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2011.09.20 18:20:47 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2011.09.20 18:20:47 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2011.09.20 18:20:47 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2011.09.20 18:20:47 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2011.09.20 18:20:47 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2011.09.20 18:20:47 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2011.09.20 18:20:47 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2011.09.20 18:20:46 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2011.09.20 18:20:46 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2011.09.20 18:20:46 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2011.09.20 18:20:46 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2011.09.20 18:20:46 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2011.09.20 18:20:46 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2011.09.20 18:20:46 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2011.09.20 18:20:46 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2011.09.20 18:20:46 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2011.09.20 18:20:46 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2011.09.20 18:20:46 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2011.09.20 18:20:46 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2011.09.20 18:20:46 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2011.09.20 18:20:46 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl [2011.09.20 18:20:46 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl [2011.09.20 18:20:46 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl [2011.09.20 18:20:46 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl [2011.09.20 18:20:46 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl [2011.09.20 18:20:46 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2011.09.20 18:20:46 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2011.09.20 18:20:46 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2011.09.20 18:20:46 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2011.09.20 18:20:46 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl [2011.09.20 18:20:46 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2011.09.20 18:20:46 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl [2011.09.20 18:20:46 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl [2011.09.20 18:20:46 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl [2011.09.20 18:20:46 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl [2011.09.20 18:20:46 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl [2011.09.20 18:20:46 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl [2011.09.20 18:20:46 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl [2011.09.20 18:20:46 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl [2011.09.20 18:20:46 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl [2011.09.20 18:20:45 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2011.09.20 18:20:45 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2011.09.20 18:20:45 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2011.09.20 18:20:45 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2011.09.20 18:20:45 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2011.09.20 18:20:44 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2011.09.20 18:20:44 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2011.09.20 18:20:44 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2011.09.20 18:20:44 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2011.09.20 18:20:44 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2011.09.20 18:20:44 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2011.09.20 18:20:44 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2011.09.20 18:20:44 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2011.09.20 18:20:44 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2011.09.20 18:20:44 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2011.09.20 18:20:44 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2011.09.20 18:20:44 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2011.09.20 18:20:43 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2011.09.20 18:14:47 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2011.09.20 18:14:46 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2011.09.20 18:14:44 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2011.09.19 17:05:22 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\defogger_reenable [2011.09.19 11:33:44 | 366,888,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Desktop\Doku - Buddhismus.avi [2011.09.16 19:01:03 | 000,000,134 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ake\Desktop\.~lock.Bewerbungen.odt# [2011.08.05 18:47:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2011.07.01 08:38:57 | 000,000,205 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2011.06.08 23:48:39 | 000,452,656 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.06.04 13:12:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2011.05.02 22:24:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.04.16 20:10:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.04.12 21:29:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.04.12 21:29:43 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000004-00531102}.dat [2011.04.12 21:12:50 | 000,161,900 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2011.04.12 21:12:50 | 000,144,493 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2011.04.12 21:12:50 | 000,111,223 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2011.04.12 21:12:50 | 000,111,123 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat [2011.04.12 21:12:50 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2011.04.12 21:12:48 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2011.04.12 21:12:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE [2011.04.12 21:12:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2011.04.12 21:12:48 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2011.04.12 21:12:40 | 000,029,851 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2011.04.12 21:12:38 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat [2011.04.12 21:12:37 | 000,024,992 | ---- | C] () -- C:\WINDOWS\Ctres.dll [2011.04.12 21:12:37 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini [2011.04.12 21:09:11 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2011.04.12 19:49:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.04.12 19:47:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.04.12 19:45:06 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.12 19:13:03 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Ake\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.12 19:06:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.04.12 19:00:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2002.12.31 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.12.31 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002.12.31 14:00:00 | 000,448,396 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2002.12.31 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002.12.31 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002.12.31 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002.12.31 14:00:00 | 000,186,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.12.31 14:00:00 | 000,080,092 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2002.12.31 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.12.31 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002.12.31 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002.12.31 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002.12.31 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002.12.31 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002.12.31 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002.12.31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.10.14 22:39:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini [1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2011.05.15 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DAEMON Tools Lite [2011.06.08 16:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.04.12 22:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\OpenOffice.org [2011.06.07 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Samsung [2011.09.11 23:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\temp [2011.04.13 17:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Trillian [2011.05.15 20:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.07.31 09:17:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileServe Limited [2011.06.07 22:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.09.21 18:42:14 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.21 11:03:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Adobe [2011.04.16 12:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Ahead [2011.04.15 17:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Avira [2011.05.15 20:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DAEMON Tools Lite [2011.09.13 11:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\dvdcss [2011.06.08 16:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.04.12 19:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Identities [2011.04.13 16:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Macromedia [2011.09.19 22:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Malwarebytes [2011.09.11 20:32:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Microsoft [2011.04.12 19:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Mozilla [2011.04.12 22:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\OpenOffice.org [2011.06.07 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Samsung [2011.04.12 22:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Sun [2011.09.11 23:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\temp [2011.04.13 17:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Trillian [2011.06.07 22:48:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\vlc [2011.04.16 21:31:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\Winamp [2011.04.12 22:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ake\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2002.12.31 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2002.12.31 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2002.12.31 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2002.12.31 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2002.12.31 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2002.12.31 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2002.12.31 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.04.12 20:44:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.04.12 20:44:16 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.04.12 20:44:16 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
26.09.2011, 18:25
| #14 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Hier der Report von Kaspersky: 19:21:17.0609 2104 TDSS rootkit removing tool 2.6.1.0 Sep 26 2011 09:21:32 19:21:17.0734 2104 ============================================================ 19:21:17.0734 2104 Current date / time: 2011/09/26 19:21:17.0734 19:21:17.0734 2104 SystemInfo: 19:21:17.0734 2104 19:21:17.0734 2104 OS Version: 5.1.2600 ServicePack: 3.0 19:21:17.0734 2104 Product type: Workstation 19:21:17.0734 2104 ComputerName: ADMIN-DEE923473 19:21:17.0734 2104 UserName: Ake 19:21:17.0734 2104 Windows directory: C:\WINDOWS 19:21:17.0734 2104 System windows directory: C:\WINDOWS 19:21:17.0734 2104 Processor architecture: Intel x86 19:21:17.0734 2104 Number of processors: 1 19:21:17.0734 2104 Page size: 0x1000 19:21:17.0734 2104 Boot type: Normal boot 19:21:17.0734 2104 ============================================================ 19:21:18.0984 2104 Initialize success 19:22:27.0906 3132 ============================================================ 19:22:27.0906 3132 Scan started 19:22:27.0906 3132 Mode: Manual; 19:22:27.0906 3132 ============================================================ 19:22:28.0265 3132 Abiosdsk - ok 19:22:28.0328 3132 abp480n5 - ok 19:22:28.0437 3132 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 19:22:28.0437 3132 ACPI - ok 19:22:28.0515 3132 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 19:22:28.0515 3132 ACPIEC - ok 19:22:28.0546 3132 adpu160m - ok 19:22:28.0609 3132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 19:22:28.0640 3132 aec - ok 19:22:28.0750 3132 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 19:22:28.0765 3132 AFD - ok 19:22:28.0812 3132 Aha154x - ok 19:22:28.0843 3132 aic78u2 - ok 19:22:28.0890 3132 aic78xx - ok 19:22:28.0937 3132 AliIde - ok 19:22:28.0984 3132 amsint - ok 19:22:29.0093 3132 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 19:22:29.0109 3132 Arp1394 - ok 19:22:29.0125 3132 asc - ok 19:22:29.0187 3132 asc3350p - ok 19:22:29.0218 3132 asc3550 - ok 19:22:29.0343 3132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:22:29.0359 3132 AsyncMac - ok 19:22:29.0437 3132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 19:22:29.0437 3132 atapi - ok 19:22:29.0468 3132 Atdisk - ok 19:22:29.0546 3132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:22:29.0562 3132 Atmarpc - ok 19:22:29.0625 3132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 19:22:29.0625 3132 audstub - ok 19:22:29.0734 3132 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 19:22:29.0734 3132 avgio - ok 19:22:29.0781 3132 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 19:22:29.0781 3132 avgntflt - ok 19:22:29.0843 3132 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 19:22:29.0859 3132 avipbb - ok 19:22:29.0953 3132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 19:22:29.0953 3132 Beep - ok 19:22:30.0046 3132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 19:22:30.0046 3132 cbidf2k - ok 19:22:30.0093 3132 cd20xrnt - ok 19:22:30.0140 3132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 19:22:30.0156 3132 Cdaudio - ok 19:22:30.0234 3132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 19:22:30.0250 3132 Cdfs - ok 19:22:30.0359 3132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 19:22:30.0375 3132 Cdrom - ok 19:22:30.0453 3132 Changer - ok 19:22:30.0531 3132 CmdIde - ok 19:22:30.0609 3132 Cpqarray - ok 19:22:30.0703 3132 ctac32k (99c09667068e2259497c273372f4bb4d) C:\WINDOWS\system32\drivers\ctac32k.sys 19:22:30.0718 3132 ctac32k - ok 19:22:30.0765 3132 ctprxy2k (b493ec482fa7b4352694cc473d22d3b7) C:\WINDOWS\system32\drivers\ctprxy2k.sys 19:22:30.0765 3132 ctprxy2k - ok 19:22:30.0828 3132 ctsfm2k (8fa23b25c33670e22ba584a0da2531b3) C:\WINDOWS\system32\drivers\ctsfm2k.sys 19:22:30.0843 3132 ctsfm2k - ok 19:22:30.0875 3132 dac2w2k - ok 19:22:30.0921 3132 dac960nt - ok 19:22:31.0015 3132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 19:22:31.0031 3132 Disk - ok 19:22:31.0156 3132 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 19:22:31.0218 3132 dmboot - ok 19:22:31.0250 3132 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 19:22:31.0265 3132 dmio - ok 19:22:31.0312 3132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 19:22:31.0312 3132 dmload - ok 19:22:31.0390 3132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 19:22:31.0406 3132 DMusic - ok 19:22:31.0468 3132 dpti2o - ok 19:22:31.0500 3132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 19:22:31.0515 3132 drmkaud - ok 19:22:31.0593 3132 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 19:22:31.0593 3132 dtsoftbus01 - ok 19:22:31.0750 3132 emu10kx (205b61a67019c7af933b6ee422a889f6) C:\WINDOWS\system32\drivers\e10kx2k.sys 19:22:31.0765 3132 emu10kx - ok 19:22:31.0843 3132 emupia (16f794ab0a5a0dcd45c69579b426a6e3) C:\WINDOWS\system32\drivers\emupia2k.sys 19:22:31.0859 3132 emupia - ok 19:22:31.0937 3132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 19:22:31.0984 3132 Fastfat - ok 19:22:32.0031 3132 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys 19:22:32.0062 3132 fasttx2k - ok 19:22:32.0140 3132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 19:22:32.0140 3132 Fdc - ok 19:22:32.0187 3132 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 19:22:32.0187 3132 Fips - ok 19:22:32.0218 3132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 19:22:32.0234 3132 Flpydisk - ok 19:22:32.0296 3132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 19:22:32.0312 3132 FltMgr - ok 19:22:32.0359 3132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 19:22:32.0375 3132 Fs_Rec - ok 19:22:32.0421 3132 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:22:32.0437 3132 Ftdisk - ok 19:22:32.0500 3132 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 19:22:32.0515 3132 gagp30kx - ok 19:22:32.0578 3132 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 19:22:32.0578 3132 gameenum - ok 19:22:32.0640 3132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 19:22:32.0656 3132 Gpc - ok 19:22:32.0718 3132 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 19:22:32.0734 3132 hidusb - ok 19:22:32.0781 3132 hpn - ok 19:22:32.0859 3132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 19:22:32.0875 3132 HTTP - ok 19:22:32.0921 3132 i2omgmt - ok 19:22:32.0953 3132 i2omp - ok 19:22:33.0015 3132 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:22:33.0015 3132 i8042prt - ok 19:22:33.0062 3132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 19:22:33.0093 3132 Imapi - ok 19:22:33.0156 3132 ini910u - ok 19:22:33.0218 3132 IntelIde - ok 19:22:33.0281 3132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 19:22:33.0296 3132 Ip6Fw - ok 19:22:33.0375 3132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:22:33.0375 3132 IpFilterDriver - ok 19:22:33.0437 3132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 19:22:33.0437 3132 IpInIp - ok 19:22:33.0484 3132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 19:22:33.0500 3132 IpNat - ok 19:22:33.0546 3132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 19:22:33.0546 3132 IPSec - ok 19:22:33.0625 3132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 19:22:33.0640 3132 IRENUM - ok 19:22:33.0687 3132 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 19:22:33.0703 3132 isapnp - ok 19:22:33.0765 3132 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:22:33.0765 3132 Kbdclass - ok 19:22:33.0828 3132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 19:22:33.0828 3132 kmixer - ok 19:22:33.0875 3132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 19:22:33.0890 3132 KSecDD - ok 19:22:33.0968 3132 lbrtfdc - ok 19:22:34.0078 3132 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 19:22:34.0093 3132 MBAMProtector - ok 19:22:34.0140 3132 MBAMSwissArmy - ok 19:22:34.0234 3132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 19:22:34.0234 3132 mnmdd - ok 19:22:34.0296 3132 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 19:22:34.0312 3132 Modem - ok 19:22:34.0359 3132 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 19:22:34.0375 3132 Mouclass - ok 19:22:34.0453 3132 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 19:22:34.0453 3132 mouhid - ok 19:22:34.0531 3132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 19:22:34.0531 3132 MountMgr - ok 19:22:34.0578 3132 mraid35x - ok 19:22:34.0656 3132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:22:34.0671 3132 MRxDAV - ok 19:22:34.0750 3132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:22:34.0781 3132 MRxSmb - ok 19:22:34.0875 3132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 19:22:34.0890 3132 Msfs - ok 19:22:34.0953 3132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 19:22:34.0953 3132 MSKSSRV - ok 19:22:35.0000 3132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:22:35.0000 3132 MSPCLOCK - ok 19:22:35.0046 3132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 19:22:35.0062 3132 MSPQM - ok 19:22:35.0109 3132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:22:35.0109 3132 mssmbios - ok 19:22:35.0156 3132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 19:22:35.0171 3132 Mup - ok 19:22:35.0265 3132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 19:22:35.0296 3132 NDIS - ok 19:22:35.0359 3132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:22:35.0359 3132 NdisTapi - ok 19:22:35.0421 3132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:22:35.0421 3132 Ndisuio - ok 19:22:35.0484 3132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:22:35.0484 3132 NdisWan - ok 19:22:35.0562 3132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 19:22:35.0562 3132 NDProxy - ok 19:22:35.0609 3132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 19:22:35.0609 3132 NetBIOS - ok 19:22:35.0656 3132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 19:22:35.0671 3132 NetBT - ok 19:22:35.0796 3132 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 19:22:35.0812 3132 NIC1394 - ok 19:22:35.0875 3132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 19:22:35.0875 3132 Npfs - ok 19:22:35.0937 3132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 19:22:36.0000 3132 Ntfs - ok 19:22:36.0093 3132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 19:22:36.0093 3132 Null - ok 19:22:36.0234 3132 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 19:22:36.0406 3132 nv - ok 19:22:36.0515 3132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:22:36.0515 3132 NwlnkFlt - ok 19:22:36.0609 3132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:22:36.0609 3132 NwlnkFwd - ok 19:22:36.0656 3132 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 19:22:36.0656 3132 ohci1394 - ok 19:22:36.0734 3132 ossrv (d653f455b176529f0427b24361139619) C:\WINDOWS\system32\drivers\ctoss2k.sys 19:22:36.0765 3132 ossrv - ok 19:22:36.0828 3132 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 19:22:36.0843 3132 Parport - ok 19:22:36.0906 3132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 19:22:36.0906 3132 PartMgr - ok 19:22:36.0953 3132 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 19:22:36.0968 3132 ParVdm - ok 19:22:37.0031 3132 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 19:22:37.0046 3132 PCI - ok 19:22:37.0093 3132 PCIDump - ok 19:22:37.0125 3132 PCIIde - ok 19:22:37.0203 3132 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 19:22:37.0218 3132 Pcmcia - ok 19:22:37.0234 3132 PDCOMP - ok 19:22:37.0281 3132 PDFRAME - ok 19:22:37.0343 3132 PDRELI - ok 19:22:37.0375 3132 PDRFRAME - ok 19:22:37.0421 3132 perc2 - ok 19:22:37.0453 3132 perc2hib - ok 19:22:37.0593 3132 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys 19:22:37.0609 3132 PfModNT - ok 19:22:37.0703 3132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 19:22:37.0703 3132 PptpMiniport - ok 19:22:37.0781 3132 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 19:22:37.0781 3132 Processor - ok 19:22:37.0843 3132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 19:22:37.0859 3132 PSched - ok 19:22:37.0906 3132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 19:22:37.0906 3132 Ptilink - ok 19:22:37.0937 3132 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 19:22:37.0968 3132 PxHelp20 - ok 19:22:38.0000 3132 ql1080 - ok 19:22:38.0062 3132 Ql10wnt - ok 19:22:38.0093 3132 ql12160 - ok 19:22:38.0140 3132 ql1240 - ok 19:22:38.0171 3132 ql1280 - ok 19:22:38.0234 3132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 19:22:38.0234 3132 RasAcd - ok 19:22:38.0296 3132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:22:38.0312 3132 Rasl2tp - ok 19:22:38.0375 3132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:22:38.0390 3132 RasPppoe - ok 19:22:38.0421 3132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 19:22:38.0421 3132 Raspti - ok 19:22:38.0484 3132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 19:22:38.0500 3132 Rdbss - ok 19:22:38.0531 3132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:22:38.0546 3132 RDPCDD - ok 19:22:38.0625 3132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 19:22:38.0640 3132 rdpdr - ok 19:22:38.0765 3132 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 19:22:38.0781 3132 RDPWD - ok 19:22:38.0859 3132 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 19:22:38.0859 3132 redbook - ok 19:22:38.0984 3132 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys 19:22:38.0984 3132 RTL8187B - ok 19:22:39.0109 3132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 19:22:39.0125 3132 Secdrv - ok 19:22:39.0187 3132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 19:22:39.0187 3132 serenum - ok 19:22:39.0218 3132 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 19:22:39.0234 3132 Serial - ok 19:22:39.0359 3132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 19:22:39.0359 3132 Sfloppy - ok 19:22:39.0437 3132 Simbad - ok 19:22:39.0484 3132 Sparrow - ok 19:22:39.0531 3132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 19:22:39.0531 3132 splitter - ok 19:22:39.0578 3132 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 19:22:39.0593 3132 sr - ok 19:22:39.0656 3132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 19:22:39.0687 3132 Srv - ok 19:22:39.0734 3132 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys 19:22:39.0750 3132 ssadbus - ok 19:22:39.0812 3132 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 19:22:39.0828 3132 ssadmdfl - ok 19:22:39.0875 3132 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 19:22:39.0875 3132 ssadmdm - ok 19:22:39.0968 3132 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 19:22:39.0968 3132 ssmdrv - ok 19:22:40.0046 3132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 19:22:40.0046 3132 swenum - ok 19:22:40.0093 3132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 19:22:40.0109 3132 swmidi - ok 19:22:40.0171 3132 symc810 - ok 19:22:40.0218 3132 symc8xx - ok 19:22:40.0250 3132 sym_hi - ok 19:22:40.0296 3132 sym_u3 - ok 19:22:40.0359 3132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 19:22:40.0375 3132 sysaudio - ok 19:22:40.0484 3132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 19:22:40.0515 3132 Tcpip - ok 19:22:40.0578 3132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 19:22:40.0578 3132 TDPIPE - ok 19:22:40.0625 3132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 19:22:40.0625 3132 TDTCP - ok 19:22:40.0734 3132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 19:22:40.0750 3132 TermDD - ok 19:22:40.0843 3132 TosIde - ok 19:22:40.0921 3132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 19:22:40.0921 3132 Udfs - ok 19:22:40.0968 3132 ultra - ok 19:22:41.0046 3132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 19:22:41.0062 3132 Update - ok 19:22:41.0140 3132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 19:22:41.0156 3132 usbehci - ok 19:22:41.0218 3132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 19:22:41.0234 3132 usbhub - ok 19:22:41.0281 3132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 19:22:41.0281 3132 usbprint - ok 19:22:41.0343 3132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 19:22:41.0359 3132 usbscan - ok 19:22:41.0375 3132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:22:41.0406 3132 USBSTOR - ok 19:22:41.0453 3132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 19:22:41.0453 3132 usbuhci - ok 19:22:41.0500 3132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 19:22:41.0500 3132 VgaSave - ok 19:22:41.0546 3132 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 19:22:41.0562 3132 ViaIde - ok 19:22:41.0609 3132 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 19:22:41.0625 3132 VolSnap - ok 19:22:41.0734 3132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 19:22:41.0750 3132 Wanarp - ok 19:22:41.0765 3132 WDICA - ok 19:22:41.0828 3132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 19:22:41.0843 3132 wdmaud - ok 19:22:42.0031 3132 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 19:22:42.0046 3132 WpdUsb - ok 19:22:42.0156 3132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 19:22:42.0171 3132 WudfPf - ok 19:22:42.0203 3132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 19:22:42.0218 3132 WudfRd - ok 19:22:42.0328 3132 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 19:22:42.0343 3132 yukonwxp - ok 19:22:42.0437 3132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 19:22:42.0531 3132 \Device\Harddisk0\DR0 - ok 19:22:42.0562 3132 MBR (0x1B8) (3f217aa00f5333ee4fc0f117341604ae) \Device\Harddisk1\DR1 19:22:42.0843 3132 \Device\Harddisk1\DR1 - ok 19:22:42.0890 3132 Boot (0x1200) (63b4656c6352f3abfb5a4145cb11ccd4) \Device\Harddisk0\DR0\Partition0 19:22:42.0890 3132 \Device\Harddisk0\DR0\Partition0 - ok 19:22:42.0906 3132 Boot (0x1200) (807d9a01bae7c62a50de7b80278a61cd) \Device\Harddisk1\DR1\Partition0 19:22:42.0906 3132 \Device\Harddisk1\DR1\Partition0 - ok 19:22:42.0921 3132 Boot (0x1200) (9cfecedb16586c295d5371db9cb0ad62) \Device\Harddisk1\DR1\Partition1 19:22:42.0937 3132 \Device\Harddisk1\DR1\Partition1 - ok 19:22:42.0953 3132 Boot (0x1200) (57d89cb56566761bc094c2aa516ec136) \Device\Harddisk1\DR1\Partition2 19:22:42.0953 3132 \Device\Harddisk1\DR1\Partition2 - ok 19:22:42.0968 3132 ============================================================ 19:22:42.0968 3132 Scan finished 19:22:42.0968 3132 ============================================================ 19:22:43.0031 3928 Detected object count: 0 19:22:43.0031 3928 Actual detected object count: 0 |
|
26.09.2011, 18:28
| #15 |
| | Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden Achso. Entschuldigung, dass ich erst jetzt wieder antworte. Liegt nicht daran, dass ich die Hilfe nicht nötig habe, sondern dass mir das world wide web dieses WE nicht zur Verfügung stand weil meine Tochter Geburtstag hatte. Also bitte nicht falsch verstehen. Danke nochmals :-) |
|
| Themen zu Komplette Festplatte nach Fund von Bootsektorvirus BOO/TDss.C verschwunden |
| 0x00000001, adobe, antivir, askbar, avira, bho, bootsektorvirus, c:\windows\system32\rundll32.exe, converter, device driver, einstellungen, explorer, festplatte, firefox, fontcache, format, google, helper, mp3, partitionen verschwunden, plug-in, problem, programme, realtek, registry, rundll, scan, software, usb, virus, virus gefunden, windows, winlogon.exe, zip-datei |
Hybrid-Darstellung
