| |
| |||||||
Log-Analyse und Auswertung: Weißer Bildschirm -Warte Sie Verbindung wird hergestelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
11.04.2012, 23:30
| #1 |
| |  Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Hallo zusammen! Habe seit kurzem das Problem wenn ich meinen Rechner hochfahren will, erscheint ein weißer Bildschirm "Warten Sie während die Verbindung hergestellt wird". Das ganze steht auch noch einmal in Englisch da. Wollte den Rechner auch über den Abgesicherten Modus starten, hatte aber den selben Effekt. --> weißer Bildschirm Habe mich dann hier eingelesen und über die CD(REATOGO-X-PE) gebootet. Danach habe ich mit OTLPE das LOG file erstellt. Ich hoffe das war bis jetzt der richtige Weg! Code:
ATTFilter OTL logfile created on: 4/12/2012 1:46:22 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 273.39 Gb Total Space | 248.17 Gb Free Space | 90.77% Space Free | Partition Type: NTFS
Drive I: | 6.06 Gb Total Space | 0.59 Gb Free Space | 9.81% Space Free | Partition Type: FAT32
Drive J: | 1.86 Gb Total Space | 1.79 Gb Free Space | 95.95% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2007/11/26 08:50:04 | 000,294,912 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2007/01/19 06:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/03/23 20:48:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/02/24 21:47:02 | 000,114,784 | ---- | M] () [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/24 21:47:00 | 000,266,338 | ---- | M] () [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/24 21:46:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/03/14 14:05:02 | 000,069,632 | ---- | M] (HP) [Boot] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/08/27 08:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/09/12 11:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007/06/26 07:53:54 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)
DRV - [2007/03/13 07:35:56 | 000,476,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/10/09 10:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/11 06:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/10/05 13:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301)
DRV - [2005/06/28 14:12:32 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/03/09 17:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\HP_Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/19 06:33:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/09 13:24:28 | 000,000,000 | ---D | M]
[2012/02/09 13:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Extensions
[2012/02/09 13:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\ml0ubmqr.default\extensions
[2012/02/09 13:24:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/03/29 14:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\staged
[2012/03/25 05:29:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml
[2012/02/12 07:20:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml
[2012/02/17 10:44:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml
[2012/03/04 09:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml
[2007/12/16 08:10:53 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml
[2012/02/09 13:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2012/02/19 06:33:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/01/29 10:02:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/29 10:02:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 10:02:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/29 10:02:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 10:02:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\HP_Besitzer_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\HP_Besitzer_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\HP_Besitzer_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programme\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\HP_Besitzer_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKU\HP_Besitzer_ON_C..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\LocalService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\NetworkService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - I:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61r1K7Zg-HMWm-14l4-knLL-DFbthPjzcAFc} -
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^HP_Besitzer^Startmenü^Programme^Autostart^DSL-Manager.lnk - C:\Programme\T-Online\DSL-Manager\DslMgr.exe - (T-Systems Enterprise Services GmbH)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: HPHUPD08 - hkey= - key= - C:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
MsConfig - StartUpReg: InfoCockpit - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
MsConfig - StartUpReg: NAV CfgWiz - hkey= - key= - File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: T-Online DSL-Manager - hkey= - key= - File not found
MsConfig - StartUpReg: ToADiMon.exe - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2012/03/29 14:50:11 | 000,233,472 | ---- | C] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
[2006/02/19 05:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/06 08:47:16 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/06 08:02:40 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/06 08:02:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/06 08:02:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/06 08:02:34 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 14:50:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 14:50:09 | 000,233,472 | ---- | M] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
[2012/03/27 12:09:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/03/27 12:08:32 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Microsoft Office Outlook 2003.lnk
[2012/03/27 12:08:15 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/27 12:08:15 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012/03/25 05:19:59 | 000,464,600 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/03/25 05:19:59 | 000,445,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 05:19:59 | 000,086,850 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/03/25 05:19:59 | 000,073,148 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 04:18:44 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 03:59:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/16 13:34:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/04/03 12:06:58 | 000,000,264 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\wklnhst.dat
[2008/12/05 07:39:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/12/05 06:27:06 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/12/05 06:27:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/12/05 06:27:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/12/05 06:27:06 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/12/05 06:27:06 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/12/05 06:27:06 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/12/05 06:27:06 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/12/05 06:27:06 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/12/05 06:27:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/12/05 06:27:06 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2008/12/05 06:27:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/12/05 06:27:06 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/12/05 06:27:06 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/12/05 06:27:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/12/05 06:27:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/12/05 06:27:06 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2008/12/05 06:27:06 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2008/12/05 06:27:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/12/05 06:27:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/05 06:24:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPS.ini
[2008/12/03 10:15:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/12/28 12:41:29 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2007/12/28 12:41:21 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2007/12/28 12:41:21 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2007/12/28 12:41:21 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006/10/30 05:11:00 | 000,001,152 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/19 12:45:50 | 000,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/19 12:45:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/15 04:50:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI
[2006/09/24 06:22:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/09/21 11:07:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\spacklsp.dll
[2006/09/18 14:36:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/18 13:07:52 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/09/18 13:07:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/02 13:57:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/02 13:36:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/01/02 13:32:45 | 000,013,625 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/02 13:32:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/02 13:27:49 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/01/02 13:25:18 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/02 13:20:42 | 000,081,173 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/02 13:20:42 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/02 13:19:39 | 000,091,456 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/02 13:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/02 13:16:03 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2006/01/02 13:16:03 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2006/01/02 13:13:28 | 000,113,626 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/02 13:13:28 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/02 13:11:22 | 000,105,702 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/01/02 13:10:25 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/02 13:07:42 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/02 13:07:42 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/01/02 13:07:42 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/02 13:07:42 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/02 13:07:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/02 13:07:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/02 13:07:42 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/01/02 13:07:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/01/02 12:54:17 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/02 12:51:07 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/01/02 12:51:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/01/02 12:50:50 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/02 14:13:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/02 14:10:36 | 000,464,600 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/11/02 14:10:36 | 000,445,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/02 14:10:36 | 000,086,850 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/11/02 14:10:36 | 000,073,148 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/02 14:08:40 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/02 14:05:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/02 14:03:38 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/20 12:19:34 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 17:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
========== LOP Check ==========
[2008/12/05 06:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2006/10/24 11:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2006/10/13 13:35:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007/11/02 05:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager
[2008/04/20 18:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited
[2008/12/05 06:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2006/11/19 08:27:19 | 000,000,000 | ---D | M] -- C:\641dbc88cc1ea253373b678c09
[2006/09/24 06:43:39 | 000,000,000 | ---D | M] -- C:\Banking
[2006/01/02 13:19:06 | 000,000,000 | ---D | M] -- C:\bin
[2006/09/19 07:02:24 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2006/09/18 13:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2006/09/19 11:00:27 | 000,000,000 | -H-D | M] -- C:\hp
[2006/09/18 14:33:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2007/01/19 10:27:55 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/03/29 14:42:37 | 000,000,000 | R--D | M] -- C:\Programme
[2006/01/02 12:51:09 | 000,000,000 | -H-D | M] -- C:\Python22
[2006/09/19 11:20:59 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2006/09/18 13:05:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006/01/02 12:50:50 | 000,000,000 | -H-D | M] -- C:\system.sav
[2006/12/16 08:06:34 | 000,000,000 | ---D | M] -- C:\temp
[2012/03/15 04:18:52 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 17:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 17:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/12/17 16:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004/08/04 00:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 00:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 00:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 00:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 00:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004/08/04 00:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 00:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/11/02 14:55:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/11/02 14:55:34 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/11/02 14:55:34 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/12/18 09:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/12/17 15:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Bitte verzeiht mir Fehler die ich evtl. gemacht habe, habe von Computern leider nur sehr wenig Ahnung. Ich hoffe Ihr könnt mir auch helfen! Vielen Dank... |
|
12.04.2012, 21:26
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKU\HP_Besitzer_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\HP_Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O20 - HKU\HP_Besitzer_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe) - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (vGHFK)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - I:\Autorun.inf -- [ FAT32 ]
[2012/03/29 14:50:11 | 000,233,472 | ---- | C] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
[2012/03/29 14:50:09 | 000,233,472 | ---- | M] (vGHFK) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
12.04.2012, 23:27
| #3 |
| | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Hallo,
__________________erstmal ein riesen Dankeschön für die schnelle Antwort! Der Rechner lässt sich wieder starten. Einziges Problem was ich noch habe ist das auf dem Desktop keine Icons angezeigt werden. Hier wäre das fix.log Die OTL Datei habe ich Upload Channel hochgeladen! PHP-Code: |
|
13.04.2012, 09:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
16.04.2012, 21:36
| #5 |
| | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Hallo, habe beide Programme wie beschrieben ausgeführt! Zuerst das logfile vom Malewarebytes Vollscan: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.12.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 HP_Besitzer :: KLAUS01 [Administrator] Schutz: Aktiviert 12.04.2012 23:56:28 mbam-log-2012-04-12 (23-56-28).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 302408 Laufzeit: 1 Stunde(n), 42 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{61r1K7Zg-HMWm-14l4-knLL-DFbthPjzcAFc} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.Agent) -> Daten: c:\dokumente und einstellungen\hp_besitzer\anwendungsdaten\y6drxuj c7ti.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CXMVSTIB\about[1].exe (Worm.KoobFace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\04132012_024750\C_Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\y6drxuj c7ti.exe (Worm.KoobFace) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0bd5a9e4274a6e49bbf6ada72aa1cb0a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-16 06:46:46
# local_time=2012-04-16 08:46:46 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 192228 31471857 0 0
# compatibility_mode=8192 67108863 100 0 381 381 0 0
# scanned=115303
# found=1
# cleaned=0
# scan_time=4624
C:\_OTL\MovedFiles.zip Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
Vielen Dank Nochmal! Grüße Stephan |
|
16.04.2012, 21:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Weißer Bildschirm -Warte Sie Verbindung wird hergestellt |
|
16.04.2012, 22:19
| #7 |
| | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Hallo, hat funktioniert habe den Rechner nocheinmal neu gestartet und jetzt sind wieder alle Icons da! Hier noch das logfile dazu: Code:
ATTFilter Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 04/16/2012 10:10:39 PM
Windows Version: Windows XP
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 109900 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 14276 files processed.
Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.
Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.
Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.
Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.
Processing the K:\ drive
Finished processing the K:\ drive. 0 files processed.
The C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Restarting Explorer.exe in order to apply changes.
Program finished at: 04/16/2012 10:11:25 PM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)
Ich hoffe das somit wieder alles in Ordnung ist!? Ich kann mich an dieser Stelle nur noch einmal Bedanken! Vielen, vielen Dank für eure Hilfe! |
|
17.04.2012, 12:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
18.04.2012, 19:46
| #9 |
| | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Hallo, habe heute den Scan mit OTL durchgeführt. Hier die OTL.txt Code:
ATTFilter OTL logfile created on: 18.04.2012 19:34:56 - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 78,18% Memory free 3,85 Gb Paging File | 3,55 Gb Available in Paging File | 92,18% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 273,39 Gb Total Space | 247,38 Gb Free Space | 90,49% Space Free | Partition Type: NTFS Drive D: | 6,06 Gb Total Space | 0,59 Gb Free Space | 9,79% Space Free | Partition Type: FAT32 Computer Name: KLAUS01 | User Name: HP_Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.18 19:27:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe PRC - [2011.11.08 21:51:22 | 000,796,080 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe PRC - [2011.11.08 21:51:22 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe PRC - [2011.11.08 21:51:20 | 001,226,152 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.04.08 16:59:26 | 000,286,720 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.17 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE PRC - [2007.10.22 13:34:20 | 000,421,888 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MInfraIS.exe PRC - [2007.01.19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2006.03.24 02:48:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2006.02.25 03:47:02 | 000,114,784 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe PRC - [2006.02.25 03:47:00 | 000,266,338 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2006.02.25 03:46:20 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe PRC - [2005.08.27 02:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_05\bin\jusched.exe ========== Modules (No Company Name) ========== MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.02.25 03:47:12 | 000,225,384 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll MOD - [2006.02.25 03:47:12 | 000,065,634 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll MOD - [2006.02.25 03:47:12 | 000,032,768 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll MOD - [2006.02.25 03:47:02 | 000,114,784 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe MOD - [2006.02.25 03:47:00 | 000,266,338 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe MOD - [2006.02.14 06:05:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006.02.14 06:05:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2007.01.19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2006.03.24 02:48:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.02.25 03:47:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.02.25 03:47:00 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.02.25 03:46:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.03.14 20:05:02 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004.10.22 11:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tsmpkt.sys -- (TSMPacket) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\dsltestSp5.sys -- (dsltestSp5) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.18 19:24:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{E914526D-40F2-4FE9-BB85-DC293C277ABD}\MpKsl98c8eff4.sys -- (MpKsl98c8eff4) DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007.03.13 13:35:56 | 000,476,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.03.08 22:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.03 23:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.03.03 23:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.12.13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2005.10.05 19:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301) DRV - [2005.06.28 20:12:32 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2005.03.09 23:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {3AA14DC7-363D-485D-AF49-341F900196B7} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{3AA14DC7-363D-485D-AF49-341F900196B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\SearchScopes,DefaultScope = {3AA14DC7-363D-485D-AF49-341F900196B7} IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\SearchScopes\{3AA14DC7-363D-485D-AF49-341F900196B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE466 IE - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.19 12:33:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.15 21:53:23 | 000,000,000 | ---D | M] [2012.02.09 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Extensions [2012.04.12 23:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions [2012.04.12 23:28:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.04.14 13:00:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml [2012.02.12 13:20:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml [2012.02.17 16:44:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml [2012.03.04 15:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml [2012.04.15 12:04:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-5.xml [2007.12.16 14:10:53 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml [2012.02.09 19:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.19 12:33:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.13 08:47:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks) O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74037B92-63E7-40CD-96A6-F0EF1D14DABA}: DhcpNameServer = 15.243.128.51 15.243.160.51 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF20080A-42C9-4596-9255-ADD7BE9B7338}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^HP_Besitzer^Startmenü^Programme^Autostart^DSL-Manager.lnk - - File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.) MsConfig - StartUpReg: HPHUPD08 - hkey= - key= - c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard) MsConfig - StartUpReg: InfoCockpit - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) MsConfig - StartUpReg: NAV CfgWiz - hkey= - key= - File not found MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: T-Online DSL-Manager - hkey= - key= - File not found MsConfig - StartUpReg: ToADiMon.exe - hkey= - key= - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.18 19:27:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe [2012.04.18 18:48:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.04.18 18:48:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2012.04.16 22:40:45 | 000,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO64.sys [2012.04.16 22:40:45 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll [2012.04.16 22:40:45 | 000,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.sys [2012.04.16 22:40:45 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys [2012.04.16 22:40:14 | 000,249,856 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll [2012.04.16 22:40:14 | 000,225,280 | ---- | C] (ANI ) -- C:\WINDOWS\System32\WlanApp.dll [2012.04.16 22:40:14 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\aIPH.dll [2012.04.16 22:40:13 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll [2012.04.16 22:40:12 | 000,667,648 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll [2012.04.16 22:40:12 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\AQCKGen.dll [2012.04.16 22:40:12 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANICtl.dll [2012.04.16 22:40:11 | 000,000,000 | ---D | C] -- C:\Programme\ANI [2012.04.16 22:22:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\Meine empfangenen Dateien [2012.04.14 19:56:34 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2 [2012.04.13 08:47:50 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.12 23:54:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Malwarebytes [2012.04.12 23:53:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.04.12 23:33:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.18 19:31:29 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Microsoft Office Outlook 2003.lnk [2012.04.18 19:27:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe [2012.04.18 19:23:57 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012.04.18 19:19:27 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2012.04.18 19:18:52 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.04.18 19:18:52 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2012.04.18 19:18:51 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.18 19:18:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.18 19:18:46 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys [2012.04.18 19:14:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.04.18 18:47:01 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.17 22:24:29 | 000,445,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.17 22:24:28 | 000,464,638 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.17 22:24:28 | 000,086,888 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.17 22:24:28 | 000,073,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.16 22:39:32 | 000,002,459 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\T-Online DataSync Outlook.lnk [2012.04.16 17:12:24 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.04.15 12:04:23 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Internet.lnk [2012.04.15 12:03:34 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Microsoft Office Excel 2003.lnk [2012.04.14 12:44:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.12 23:34:48 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012.04.12 23:03:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.03.29 20:50:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.16 22:40:45 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD [2012.04.16 22:40:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2012.04.15 12:04:23 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Internet.lnk [2012.04.12 23:38:47 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012.04.12 23:34:48 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012.04.12 23:33:21 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk [2012.02.16 19:34:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll ========== LOP Check ========== [2008.12.05 12:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2006.10.24 17:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2012.04.16 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2007.11.02 11:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online DSL-Manager [2008.04.21 00:20:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited [2008.12.05 12:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2012.04.18 19:23:57 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.27 12:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Adobe [2007.05.28 16:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\AdobeUM [2007.10.07 18:42:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\CyberLink [2008.12.05 13:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\EPSON [2007.11.10 15:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Google [2006.09.24 12:49:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Help [2006.10.24 16:55:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HP [2006.11.02 17:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HPQ [2007.07.19 15:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ICQ Toolbar [2005.10.27 01:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Identities [2007.01.28 15:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Leadertech [2009.12.14 20:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Macromedia [2012.04.12 23:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Malwarebytes [2012.02.26 16:37:28 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Microsoft [2012.02.09 19:13:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla [2006.11.02 17:03:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Real [2007.10.04 13:37:56 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SecuROM [2007.01.28 15:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sonic [2006.09.23 11:51:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sun [2006.09.24 10:08:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\T-DSL SpeedManager [2008.02.01 19:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\T-Online [2009.04.03 18:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Template [2008.12.17 17:43:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > [2011.10.23 16:54:38 | 008,188,064 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.03 23:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.03 23:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2010.12.17 22:07:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 06:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2004.11.02 20:55:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004.11.02 20:55:34 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004.11.02 20:55:34 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > Hier noch die Extras.txt Code:
ATTFilter OTL Extras logfile created on: 18.04.2012 19:34:56 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 78,18% Memory free
3,85 Gb Paging File | 3,55 Gb Available in Paging File | 92,18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 273,39 Gb Total Space | 247,38 Gb Free Space | 90,49% Space Free | Partition Type: NTFS
Drive D: | 6,06 Gb Total Space | 0,59 Gb Free Space | 9,79% Space Free | Partition Type: FAT32
Computer Name: KLAUS01 | User Name: HP_Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-2717608700-3096058131-2984273410-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\CyberLink\PowerCinema\PowerCinema.exe" = C:\Programme\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\CyberLink\PowerCinema\PCMService.exe" = C:\Programme\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Kameras 6.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.01.2012 05:36:43 | Computer Name = KLAUS01 | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
Error - 09.02.2012 13:09:45 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02c9c114.
Error - 10.02.2012 11:01:37 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
Modul user32.dll, Version 5.1.2600.5512, Fehleradresse 0x00014acd.
Error - 10.02.2012 13:09:16 | Computer Name = KLAUS01 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.02.2012 15:10:41 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
Modul user32.dll, Version 5.1.2600.5512, Fehleradresse 0x00014acd.
Error - 15.03.2012 14:19:42 | Computer Name = KLAUS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.3.7034, fehlgeschlagenes
Modul user32.dll, Version 5.1.2600.5512, Fehleradresse 0x00014acd.
Error - 12.04.2012 17:33:34 | Computer Name = KLAUS01 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 12.04.2012 17:52:29 | Computer Name = KLAUS01 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 16.04.2012 16:22:37 | Computer Name = KLAUS01 | Source = MsiInstaller | ID = 11500
Description = Produkt: Java(TM) 6 Update 30 -- Fehler 1500. Im Augenblick wird eine
weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen,
bevor Sie mit dieser Installation fortfahren können.
Error - 18.04.2012 13:30:38 | Computer Name = KLAUS01 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.40.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 13.04.2012 00:23:01 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde ViaIde
Error - 14.04.2012 06:55:05 | Computer Name = KLAUS01 | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Microsoft Office
Document Image Writer, Freigabename Drucker.
Error - 14.04.2012 06:55:15 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 15.04.2012 15:53:44 | Computer Name = KLAUS01 | Source = Print | ID = 22
Description = Die Aktualisierung der Einstellungen für den Drucker Microsoft Office
Document Image Writer,0 Treiber Microsoft Office Document Image Writer Driver Fehler
1801 ist fehlgeschlagen.
Error - 16.04.2012 13:19:06 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 16.04.2012 16:38:22 | Computer Name = KLAUS01 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
< End of report >
Vielen Dank! |
|
18.04.2012, 22:17
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
FF - user.js - File not found
[2012.04.12 23:28:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.14 13:00:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml
[2012.02.12 13:20:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml
[2012.02.17 16:44:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml
[2012.03.04 15:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml
[2012.04.15 12:04:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-5.xml
[2007.12.16 14:10:53 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml
O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2717608700-3096058131-2984273410-1008\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
[2012.04.16 22:40:45 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2012.04.16 22:40:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007.07.19 15:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ICQ Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
21.04.2012, 11:18
| #11 |
| | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Hallo, hier das OTL Logfile da sich nach dem Neustart geöffnet hat... Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\ml0ubmqr.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2717608700-3096058131-2984273410-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2717608700-3096058131-2984273410-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
C:\WINDOWS\system32\ANIO.VXD moved successfully.
C:\WINDOWS\system32\JJAKEn.dll moved successfully.
C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ICQ Toolbar folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 30130 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: HP_Besitzer
->Temp folder emptied: 1093961431 bytes
->Temporary Internet Files folder emptied: 249712137 bytes
->Java cache emptied: 29141544 bytes
->FireFox cache emptied: 61523797 bytes
->Flash cache emptied: 8225696 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 42558 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42487000 bytes
RecycleBin emptied: 79798744 bytes
Total Files Cleaned = 1.493,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: HP_Besitzer
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.40.0 log created on 04212012_090046
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Gruß Stephan |
|
21.04.2012, 17:48
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
12.05.2012, 10:29
| #13 |
| | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Hallo, sorry hat diesmal etwas länger gedauert. Hier das Log file vom TDSS-Killer. Code:
ATTFilter 10:25:55.0859 3132 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:25:56.0062 3132 ============================================================
10:25:56.0062 3132 Current date / time: 2012/05/12 10:25:56.0062
10:25:56.0062 3132 SystemInfo:
10:25:56.0062 3132
10:25:56.0062 3132 OS Version: 5.1.2600 ServicePack: 3.0
10:25:56.0062 3132 Product type: Workstation
10:25:56.0062 3132 ComputerName: KLAUS01
10:25:56.0062 3132 UserName: HP_Besitzer
10:25:56.0062 3132 Windows directory: C:\WINDOWS
10:25:56.0062 3132 System windows directory: C:\WINDOWS
10:25:56.0062 3132 Processor architecture: Intel x86
10:25:56.0062 3132 Number of processors: 2
10:25:56.0062 3132 Page size: 0x1000
10:25:56.0062 3132 Boot type: Normal boot
10:25:56.0062 3132 ============================================================
10:25:58.0359 3132 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:25:58.0453 3132 ============================================================
10:25:58.0453 3132 \Device\Harddisk0\DR0:
10:25:58.0453 3132 MBR partitions:
10:25:58.0453 3132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x222C87EA
10:25:58.0453 3132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x222C8829, BlocksNum 0xC22518
10:25:58.0453 3132 ============================================================
10:25:58.0500 3132 C: <-> \Device\Harddisk0\DR0\Partition0
10:25:58.0515 3132 D: <-> \Device\Harddisk0\DR0\Partition1
10:25:58.0515 3132 ============================================================
10:25:58.0515 3132 Initialize success
10:25:58.0515 3132 ============================================================
10:26:34.0031 2604 ============================================================
10:26:34.0031 2604 Scan started
10:26:34.0031 2604 Mode: Manual; SigCheck; TDLFS;
10:26:34.0031 2604 ============================================================
10:26:34.0578 2604 Abiosdsk - ok
10:26:34.0593 2604 abp480n5 - ok
10:26:34.0640 2604 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:26:34.0921 2604 ACPI - ok
10:26:34.0937 2604 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:26:35.0078 2604 ACPIEC - ok
10:26:35.0078 2604 adpu160m - ok
10:26:35.0109 2604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:26:35.0234 2604 aec - ok
10:26:35.0281 2604 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:26:35.0312 2604 AFD - ok
10:26:35.0312 2604 Aha154x - ok
10:26:35.0328 2604 aic78u2 - ok
10:26:35.0328 2604 aic78xx - ok
10:26:35.0375 2604 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
10:26:35.0500 2604 Alerter - ok
10:26:35.0515 2604 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
10:26:35.0656 2604 ALG - ok
10:26:35.0656 2604 AliIde - ok
10:26:35.0687 2604 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:26:35.0687 2604 AmdK8 - ok
10:26:35.0703 2604 amsint - ok
10:26:35.0734 2604 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
10:26:35.0750 2604 ANIO ( UnsignedFile.Multi.Generic ) - warning
10:26:35.0750 2604 ANIO - detected UnsignedFile.Multi.Generic (1)
10:26:35.0812 2604 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
10:26:35.0828 2604 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - warning
10:26:35.0828 2604 ANIWZCSdService - detected UnsignedFile.Multi.Generic (1)
10:26:35.0843 2604 AppMgmt - ok
10:26:35.0875 2604 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:26:36.0015 2604 Arp1394 - ok
10:26:36.0015 2604 asc - ok
10:26:36.0015 2604 asc3350p - ok
10:26:36.0031 2604 asc3550 - ok
10:26:36.0125 2604 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:26:36.0187 2604 aspnet_state - ok
10:26:36.0203 2604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:26:36.0328 2604 AsyncMac - ok
10:26:36.0343 2604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:26:36.0468 2604 atapi - ok
10:26:36.0484 2604 Atdisk - ok
10:26:36.0500 2604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:26:36.0640 2604 Atmarpc - ok
10:26:36.0687 2604 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
10:26:36.0796 2604 AudioSrv - ok
10:26:36.0843 2604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:26:36.0968 2604 audstub - ok
10:26:37.0000 2604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:26:37.0140 2604 Beep - ok
10:26:37.0187 2604 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
10:26:37.0312 2604 BITS - ok
10:26:37.0343 2604 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
10:26:37.0484 2604 Browser - ok
10:26:37.0515 2604 BVRPMPR5 (2120b6607cbbe426ce821643838ea1d3) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
10:26:37.0531 2604 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
10:26:37.0531 2604 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
10:26:37.0562 2604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:26:37.0703 2604 cbidf2k - ok
10:26:37.0703 2604 cd20xrnt - ok
10:26:37.0718 2604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:26:37.0859 2604 Cdaudio - ok
10:26:37.0875 2604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:26:38.0000 2604 Cdfs - ok
10:26:38.0046 2604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:26:38.0171 2604 Cdrom - ok
10:26:38.0171 2604 Changer - ok
10:26:38.0203 2604 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
10:26:38.0312 2604 CiSvc - ok
10:26:38.0406 2604 CLCapSvc (15bbbedd7b17bf2b6b5ce84213992969) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
10:26:38.0437 2604 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
10:26:38.0437 2604 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
10:26:38.0453 2604 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
10:26:38.0593 2604 ClipSrv - ok
10:26:38.0671 2604 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:26:38.0765 2604 clr_optimization_v2.0.50727_32 - ok
10:26:38.0796 2604 CLSched (07a0617aecf017457d7358ef178fccbd) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
10:26:38.0812 2604 CLSched ( UnsignedFile.Multi.Generic ) - warning
10:26:38.0812 2604 CLSched - detected UnsignedFile.Multi.Generic (1)
10:26:38.0812 2604 CmdIde - ok
10:26:38.0828 2604 COMSysApp - ok
10:26:38.0843 2604 Cpqarray - ok
10:26:38.0875 2604 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
10:26:39.0015 2604 CryptSvc - ok
10:26:39.0125 2604 CyberLink Media Library Service (1cfdcb99812c62e19c47896a5857d342) C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
10:26:39.0156 2604 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
10:26:39.0156 2604 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
10:26:39.0203 2604 dac2w2k - ok
10:26:39.0218 2604 dac960nt - ok
10:26:39.0265 2604 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:26:39.0343 2604 DcomLaunch - ok
10:26:39.0390 2604 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
10:26:39.0546 2604 Dhcp - ok
10:26:39.0562 2604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:26:39.0703 2604 Disk - ok
10:26:39.0703 2604 dmadmin - ok
10:26:39.0765 2604 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:26:39.0921 2604 dmboot - ok
10:26:39.0953 2604 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:26:40.0093 2604 dmio - ok
10:26:40.0125 2604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:26:40.0250 2604 dmload - ok
10:26:40.0281 2604 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
10:26:40.0406 2604 dmserver - ok
10:26:40.0453 2604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:26:40.0562 2604 DMusic - ok
10:26:40.0609 2604 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
10:26:40.0640 2604 Dnscache - ok
10:26:40.0671 2604 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
10:26:40.0796 2604 Dot3svc - ok
10:26:40.0812 2604 dpti2o - ok
10:26:40.0828 2604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:26:40.0937 2604 drmkaud - ok
10:26:40.0953 2604 dsltestSp5 - ok
10:26:40.0968 2604 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
10:26:41.0093 2604 EapHost - ok
10:26:41.0109 2604 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
10:26:41.0234 2604 ERSvc - ok
10:26:41.0265 2604 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:26:41.0328 2604 Eventlog - ok
10:26:41.0375 2604 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
10:26:41.0406 2604 EventSystem - ok
10:26:41.0421 2604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:26:41.0531 2604 Fastfat - ok
10:26:41.0578 2604 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:26:41.0609 2604 FastUserSwitchingCompatibility - ok
10:26:41.0656 2604 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
10:26:41.0781 2604 Fax - ok
10:26:41.0828 2604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:26:41.0937 2604 Fdc - ok
10:26:41.0953 2604 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:26:42.0062 2604 Fips - ok
10:26:42.0093 2604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:26:42.0203 2604 Flpydisk - ok
10:26:42.0234 2604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:26:42.0343 2604 FltMgr - ok
10:26:42.0453 2604 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:26:42.0468 2604 FontCache3.0.0.0 - ok
10:26:42.0500 2604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:26:42.0640 2604 Fs_Rec - ok
10:26:42.0640 2604 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:26:42.0781 2604 Ftdisk - ok
10:26:42.0828 2604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:26:42.0953 2604 Gpc - ok
10:26:43.0046 2604 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:26:43.0062 2604 gupdate - ok
10:26:43.0078 2604 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
10:26:43.0078 2604 gupdatem - ok
10:26:43.0125 2604 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:26:43.0140 2604 gusvc - ok
10:26:43.0156 2604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:26:43.0281 2604 HDAudBus - ok
10:26:43.0359 2604 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:26:43.0484 2604 helpsvc - ok
10:26:43.0515 2604 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
10:26:43.0640 2604 HidServ - ok
10:26:43.0671 2604 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:26:43.0796 2604 hidusb - ok
10:26:43.0859 2604 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
10:26:43.0968 2604 hkmsvc - ok
10:26:43.0968 2604 hpn - ok
10:26:44.0015 2604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:26:44.0046 2604 HTTP - ok
10:26:44.0078 2604 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
10:26:44.0203 2604 HTTPFilter - ok
10:26:44.0203 2604 i2omgmt - ok
10:26:44.0218 2604 i2omp - ok
10:26:44.0234 2604 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:26:44.0359 2604 i8042prt - ok
10:26:44.0437 2604 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:26:44.0453 2604 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:26:44.0453 2604 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:26:44.0593 2604 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:26:44.0640 2604 idsvc - ok
10:26:44.0656 2604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:26:44.0781 2604 Imapi - ok
10:26:44.0828 2604 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
10:26:44.0953 2604 ImapiService - ok
10:26:44.0968 2604 ini910u - ok
10:26:45.0218 2604 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:26:45.0359 2604 IntcAzAudAddService - ok
10:26:45.0515 2604 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:26:45.0625 2604 IntelIde - ok
10:26:45.0640 2604 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:26:45.0765 2604 intelppm - ok
10:26:45.0796 2604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:26:45.0921 2604 Ip6Fw - ok
10:26:45.0953 2604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:26:46.0093 2604 IpFilterDriver - ok
10:26:46.0109 2604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:26:46.0218 2604 IpInIp - ok
10:26:46.0250 2604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:26:46.0359 2604 IpNat - ok
10:26:46.0375 2604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:26:46.0500 2604 IPSec - ok
10:26:46.0515 2604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:26:46.0640 2604 IRENUM - ok
10:26:46.0656 2604 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:26:46.0765 2604 isapnp - ok
10:26:46.0781 2604 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:26:46.0906 2604 Kbdclass - ok
10:26:46.0906 2604 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:26:47.0031 2604 kbdhid - ok
10:26:47.0062 2604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:26:47.0171 2604 kmixer - ok
10:26:47.0203 2604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:26:47.0203 2604 KSecDD - ok
10:26:47.0250 2604 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
10:26:47.0265 2604 lanmanserver - ok
10:26:47.0296 2604 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
10:26:47.0312 2604 lanmanworkstation - ok
10:26:47.0312 2604 lbrtfdc - ok
10:26:47.0390 2604 LightScribeService (e4973b3229e0015345afbe43a8a8eb3b) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:26:47.0421 2604 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:26:47.0421 2604 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:26:47.0453 2604 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
10:26:47.0578 2604 LmHosts - ok
10:26:47.0609 2604 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
10:26:47.0734 2604 Messenger - ok
10:26:47.0812 2604 MIINPazX (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
10:26:47.0828 2604 MIINPazX ( UnsignedFile.Multi.Generic ) - warning
10:26:47.0828 2604 MIINPazX - detected UnsignedFile.Multi.Generic (1)
10:26:47.0859 2604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:26:48.0015 2604 mnmdd - ok
10:26:48.0031 2604 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
10:26:48.0171 2604 mnmsrvc - ok
10:26:48.0203 2604 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:26:48.0328 2604 Modem - ok
10:26:48.0343 2604 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:26:48.0468 2604 Mouclass - ok
10:26:48.0484 2604 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:26:48.0656 2604 mouhid - ok
10:26:48.0671 2604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:26:48.0796 2604 MountMgr - ok
10:26:48.0812 2604 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:26:48.0843 2604 MpFilter - ok
10:26:48.0843 2604 mraid35x - ok
10:26:48.0859 2604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:26:48.0984 2604 MRxDAV - ok
10:26:49.0046 2604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:26:49.0078 2604 MRxSmb - ok
10:26:49.0093 2604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:26:49.0390 2604 Msfs - ok
10:26:49.0390 2604 MSIServer - ok
10:26:49.0421 2604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:26:49.0531 2604 MSKSSRV - ok
10:26:49.0593 2604 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Programme\Microsoft Security Client\MsMpEng.exe
10:26:49.0609 2604 MsMpSvc - ok
10:26:49.0640 2604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:26:49.0750 2604 MSPCLOCK - ok
10:26:49.0750 2604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:26:49.0875 2604 MSPQM - ok
10:26:49.0906 2604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:26:50.0015 2604 mssmbios - ok
10:26:50.0093 2604 MTOnlPktAlyX (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
10:26:50.0093 2604 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
10:26:50.0093 2604 MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
10:26:50.0109 2604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:26:50.0140 2604 Mup - ok
10:26:50.0218 2604 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
10:26:50.0343 2604 napagent - ok
10:26:50.0375 2604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:26:50.0500 2604 NDIS - ok
10:26:50.0546 2604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:26:50.0562 2604 NdisTapi - ok
10:26:50.0609 2604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:26:50.0734 2604 Ndisuio - ok
10:26:50.0734 2604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:26:50.0843 2604 NdisWan - ok
10:26:50.0890 2604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:26:50.0906 2604 NDProxy - ok
10:26:50.0921 2604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:26:51.0046 2604 NetBIOS - ok
10:26:51.0062 2604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:26:51.0187 2604 NetBT - ok
10:26:51.0234 2604 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:26:51.0359 2604 NetDDE - ok
10:26:51.0359 2604 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:26:51.0484 2604 NetDDEdsdm - ok
10:26:51.0531 2604 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:51.0656 2604 Netlogon - ok
10:26:51.0687 2604 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
10:26:51.0828 2604 Netman - ok
10:26:51.0921 2604 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:26:51.0937 2604 NetTcpPortSharing - ok
10:26:51.0953 2604 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:26:52.0062 2604 NIC1394 - ok
10:26:52.0109 2604 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
10:26:52.0140 2604 Nla - ok
10:26:52.0156 2604 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:26:52.0296 2604 nm - ok
10:26:52.0343 2604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:26:52.0468 2604 Npfs - ok
10:26:52.0515 2604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:26:52.0671 2604 Ntfs - ok
10:26:52.0703 2604 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:52.0812 2604 NtLmSsp - ok
10:26:52.0875 2604 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
10:26:53.0015 2604 NtmsSvc - ok
10:26:53.0046 2604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:26:53.0187 2604 Null - ok
10:26:53.0375 2604 nv (34da533ef41bafa187a38a78146fbe49) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:26:53.0515 2604 nv - ok
10:26:53.0671 2604 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:26:53.0703 2604 NVENETFD - ok
10:26:53.0718 2604 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:26:53.0734 2604 nvnetbus - ok
10:26:53.0796 2604 NVSvc (cde37723e151f52f63a76e92bc19780b) C:\WINDOWS\system32\nvsvc32.exe
10:26:53.0812 2604 NVSvc - ok
10:26:53.0843 2604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:26:54.0046 2604 NwlnkFlt - ok
10:26:54.0062 2604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:26:54.0234 2604 NwlnkFwd - ok
10:26:54.0281 2604 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:26:54.0390 2604 ohci1394 - ok
10:26:54.0500 2604 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:26:54.0515 2604 ose - ok
10:26:54.0546 2604 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
10:26:54.0671 2604 Parport - ok
10:26:54.0671 2604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:26:54.0781 2604 PartMgr - ok
10:26:54.0812 2604 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:26:54.0968 2604 ParVdm - ok
10:26:54.0984 2604 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:26:55.0109 2604 PCI - ok
10:26:55.0109 2604 PCIDump - ok
10:26:55.0109 2604 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:26:55.0250 2604 PCIIde - ok
10:26:55.0281 2604 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:26:55.0406 2604 Pcmcia - ok
10:26:55.0406 2604 PDCOMP - ok
10:26:55.0421 2604 PDFRAME - ok
10:26:55.0421 2604 PDRELI - ok
10:26:55.0437 2604 PDRFRAME - ok
10:26:55.0437 2604 perc2 - ok
10:26:55.0437 2604 perc2hib - ok
10:26:55.0500 2604 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:26:55.0531 2604 PlugPlay - ok
10:26:55.0578 2604 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
10:26:55.0640 2604 Pml Driver HPZ12 - ok
10:26:55.0656 2604 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:55.0765 2604 PolicyAgent - ok
10:26:55.0781 2604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:26:55.0921 2604 PptpMiniport - ok
10:26:55.0937 2604 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
10:26:56.0062 2604 Processor - ok
10:26:56.0078 2604 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:56.0187 2604 ProtectedStorage - ok
10:26:56.0218 2604 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
10:26:56.0250 2604 Ps2 - ok
10:26:56.0250 2604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:26:56.0359 2604 PSched - ok
10:26:56.0375 2604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:26:56.0515 2604 Ptilink - ok
10:26:56.0531 2604 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:26:56.0562 2604 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
10:26:56.0562 2604 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
10:26:56.0562 2604 ql1080 - ok
10:26:56.0562 2604 Ql10wnt - ok
10:26:56.0578 2604 ql12160 - ok
10:26:56.0578 2604 ql1240 - ok
10:26:56.0578 2604 ql1280 - ok
10:26:56.0609 2604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:26:56.0750 2604 RasAcd - ok
10:26:56.0765 2604 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
10:26:56.0906 2604 RasAuto - ok
10:26:56.0921 2604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:26:57.0031 2604 Rasl2tp - ok
10:26:57.0078 2604 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
10:26:57.0203 2604 RasMan - ok
10:26:57.0203 2604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:26:57.0328 2604 RasPppoe - ok
10:26:57.0328 2604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:26:57.0484 2604 Raspti - ok
10:26:57.0562 2604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:26:57.0687 2604 Rdbss - ok
10:26:57.0687 2604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:26:57.0843 2604 RDPCDD - ok
10:26:57.0890 2604 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:26:57.0906 2604 RDPWD - ok
10:26:57.0921 2604 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:26:58.0046 2604 RDSessMgr - ok
10:26:58.0062 2604 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:26:58.0187 2604 redbook - ok
10:26:58.0234 2604 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
10:26:58.0359 2604 RemoteAccess - ok
10:26:58.0390 2604 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
10:26:58.0500 2604 RpcLocator - ok
10:26:58.0562 2604 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:26:58.0609 2604 RpcSs - ok
10:26:58.0656 2604 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
10:26:58.0812 2604 RSVP - ok
10:26:58.0859 2604 rt2870 (2be6b34244e2a2aaaf1e93d765483512) C:\WINDOWS\system32\DRIVERS\rt2870.sys
10:26:58.0890 2604 rt2870 - ok
10:26:58.0937 2604 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:26:59.0046 2604 rtl8139 - ok
10:26:59.0078 2604 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:26:59.0187 2604 SamSs - ok
10:26:59.0234 2604 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
10:26:59.0359 2604 SCardSvr - ok
10:26:59.0406 2604 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
10:26:59.0531 2604 Schedule - ok
10:26:59.0578 2604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:26:59.0687 2604 Secdrv - ok
10:26:59.0703 2604 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
10:26:59.0828 2604 seclogon - ok
10:26:59.0828 2604 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
10:26:59.0937 2604 SENS - ok
10:26:59.0953 2604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:27:00.0078 2604 serenum - ok
10:27:00.0109 2604 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
10:27:00.0234 2604 Serial - ok
10:27:00.0265 2604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:27:00.0375 2604 Sfloppy - ok
10:27:00.0437 2604 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
10:27:00.0562 2604 SharedAccess - ok
10:27:00.0609 2604 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:27:00.0625 2604 ShellHWDetection - ok
10:27:00.0625 2604 Simbad - ok
10:27:00.0640 2604 Sparrow - ok
10:27:00.0656 2604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:27:00.0765 2604 splitter - ok
10:27:00.0812 2604 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:27:00.0843 2604 Spooler - ok
10:27:00.0875 2604 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:27:01.0000 2604 sr - ok
10:27:01.0062 2604 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
10:27:01.0187 2604 srservice - ok
10:27:01.0234 2604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:27:01.0281 2604 Srv - ok
10:27:01.0296 2604 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
10:27:01.0437 2604 SSDPSRV - ok
10:27:01.0468 2604 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
10:27:01.0593 2604 stisvc - ok
10:27:01.0609 2604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:27:01.0734 2604 swenum - ok
10:27:01.0765 2604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:27:01.0890 2604 swmidi - ok
10:27:01.0890 2604 SwPrv - ok
10:27:01.0906 2604 symc810 - ok
10:27:01.0906 2604 symc8xx - ok
10:27:01.0921 2604 sym_hi - ok
10:27:01.0921 2604 sym_u3 - ok
10:27:01.0937 2604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:27:02.0046 2604 sysaudio - ok
10:27:02.0078 2604 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
10:27:02.0203 2604 SysmonLog - ok
10:27:02.0234 2604 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
10:27:02.0359 2604 TapiSrv - ok
10:27:02.0421 2604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:27:02.0437 2604 Tcpip - ok
10:27:02.0468 2604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:27:02.0593 2604 TDPIPE - ok
10:27:02.0609 2604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:27:02.0734 2604 TDTCP - ok
10:27:02.0750 2604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:27:02.0875 2604 TermDD - ok
10:27:02.0921 2604 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
10:27:03.0046 2604 TermService - ok
10:27:03.0093 2604 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:27:03.0109 2604 Themes - ok
10:27:03.0109 2604 TosIde - ok
10:27:03.0156 2604 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
10:27:03.0281 2604 TrkWks - ok
10:27:03.0281 2604 TSMPacket - ok
10:27:03.0328 2604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:27:03.0453 2604 Udfs - ok
10:27:03.0453 2604 ultra - ok
10:27:03.0500 2604 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
10:27:03.0515 2604 UMWdf - ok
10:27:03.0578 2604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:27:03.0718 2604 Update - ok
10:27:03.0750 2604 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
10:27:03.0875 2604 upnphost - ok
10:27:03.0906 2604 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
10:27:04.0031 2604 UPS - ok
10:27:04.0062 2604 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:27:04.0187 2604 usbaudio - ok
10:27:04.0250 2604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:27:04.0453 2604 usbccgp - ok
10:27:04.0453 2604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:27:04.0578 2604 usbehci - ok
10:27:04.0578 2604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:27:04.0687 2604 usbhub - ok
10:27:04.0703 2604 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:27:04.0828 2604 usbohci - ok
10:27:04.0843 2604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:27:04.0953 2604 usbprint - ok
10:27:04.0968 2604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:27:05.0078 2604 usbscan - ok
10:27:05.0078 2604 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:27:05.0203 2604 usbstor - ok
10:27:05.0203 2604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:27:05.0312 2604 usbuhci - ok
10:27:05.0312 2604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:27:05.0421 2604 VgaSave - ok
10:27:05.0437 2604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:27:05.0546 2604 ViaIde - ok
10:27:05.0562 2604 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:27:05.0687 2604 VolSnap - ok
10:27:05.0718 2604 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
10:27:05.0828 2604 VSS - ok
10:27:05.0859 2604 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
10:27:05.0968 2604 W32Time - ok
10:27:06.0000 2604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:27:06.0109 2604 Wanarp - ok
10:27:06.0125 2604 WDICA - ok
10:27:06.0140 2604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:27:06.0265 2604 wdmaud - ok
10:27:06.0281 2604 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
10:27:06.0406 2604 WebClient - ok
10:27:06.0484 2604 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:27:06.0609 2604 winmgmt - ok
10:27:06.0656 2604 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
10:27:06.0687 2604 WmdmPmSN - ok
10:27:06.0703 2604 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:27:06.0828 2604 WmiApSrv - ok
10:27:06.0890 2604 WN5301 (b72d232e46ff5ee2bd8f61498b748df7) C:\WINDOWS\system32\DRIVERS\wn5301.sys
10:27:06.0953 2604 WN5301 - ok
10:27:06.0968 2604 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
10:27:06.0984 2604 WpdUsb - ok
10:27:07.0000 2604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:27:07.0171 2604 WS2IFSL - ok
10:27:07.0218 2604 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
10:27:07.0343 2604 wscsvc - ok
10:27:07.0359 2604 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
10:27:07.0468 2604 wuauserv - ok
10:27:07.0531 2604 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
10:27:07.0703 2604 WZCSVC - ok
10:27:07.0718 2604 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
10:27:07.0859 2604 xmlprov - ok
10:27:07.0906 2604 xnacc (a668f64fe42b3b0d8d87ecad14963b00) C:\WINDOWS\system32\DRIVERS\xnacc.sys
10:27:07.0968 2604 xnacc - ok
10:27:07.0984 2604 MBR (0x1B8) (958338c2d641d56774cebb0acd294050) \Device\Harddisk0\DR0
10:27:08.0109 2604 \Device\Harddisk0\DR0 - ok
10:27:08.0109 2604 Boot (0x1200) (4bcf7b540463aa5bfee5727c53abcb34) \Device\Harddisk0\DR0\Partition0
10:27:08.0109 2604 \Device\Harddisk0\DR0\Partition0 - ok
10:27:08.0109 2604 Boot (0x1200) (9ccb6a6a3122ba97db1073a6f2c04e63) \Device\Harddisk0\DR0\Partition1
10:27:08.0109 2604 \Device\Harddisk0\DR0\Partition1 - ok
10:27:08.0109 2604 ============================================================
10:27:08.0109 2604 Scan finished
10:27:08.0109 2604 ============================================================
10:27:08.0218 2600 Detected object count: 11
10:27:08.0218 2600 Actual detected object count: 11
10:27:37.0203 2600 ANIO ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0203 2600 ANIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0203 2600 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0203 2600 ANIWZCSdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0218 2600 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0218 2600 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0234 2600 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0234 2600 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0234 2600 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0234 2600 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0234 2600 MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0234 2600 MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0250 2600 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0250 2600 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:37.0250 2600 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:37.0250 2600 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Stephan |
|
12.05.2012, 21:23
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm -Warte Sie Verbindung wird hergestellt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
| Themen zu Weißer Bildschirm -Warte Sie Verbindung wird hergestellt |
| .dll, 0x00000001, besitzer, bildschirm, computern, disabletaskmgr, einstellungen, explorer, fehler, firefox, format, inf/autorun.rec.1, logfile, nvidia, problem, realtek, registry, rundll, scan, security, security update, software, starten, stick, virus/trojaner, windows, windows xp, winlogon.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
