| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Extreme Internet/RechnerverlangsamungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2012, 17:11
| #1 |
 |  Extreme Internet/Rechnerverlangsamung Guten Tag, ich entschuldige mich hiermit im Voraus für alle formalen Fehler, die ich hier begehe/begehen werde. Da ich neu bin ist mir hier der genaue Ablauf nicht 100% bekannt. Ich versuche nun die Situation zu beschreiben: Zunächst ist mir der genaue Zeitpunkt des Eintretens und das Wie/Was unbekannt, da ich leider übers Wochenende nicht zuhause war und den genauen Werdegang nicht nachvollziehen kann ( da Verwandter am Rechner war). Fazit mit folgenden Symptomen ist: 1) Ein extrem verlangsamter, teilweise eingefrorener Rechner 2) Ein extrem verlangsamtes, teilweise abbrechendes Internet Antivir drüberlaufen lassen, aber 'EXP/Java.Blacole.CZ' [exploit] war das einzige, was gefunden wurde. Problem besteht weiterhin. Ich schätze, ich werde hier versch. Logs posten müssen. Es wäre freundlich, wenn ihr kurz einen DL-Link in eure Posts einfügen würdet, da sich die Suche mit meinem Inet gerade als etwas "schwierig" erweist. Danke fürs Verständnis.. mfg 1. Scan mit mbam Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: ACER-F5DADEF16C [Administrator] 21.05.2012 18:28:44 mbam-log-2012-05-21 (18-40-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244716 Laufzeit: 11 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_for_aol.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\538078.Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. (Ende) Danach meldete sich auch plötzlich avira 2x : In der Datei 'C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_for_aol.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Datei löschen In der Datei 'C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\538078.Uninstall\Uninstall.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Datei löschen 2. Scan drüberlaufen lassen Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: ACER-F5DADEF16C [Administrator] 21.05.2012 18:49:15 mbam-log-2012-05-21 (18-49-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244551 Laufzeit: 11 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von BraucheHilf (21.05.2012 um 18:06 Uhr) |
|
21.05.2012, 19:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Extreme Internet/Rechnerverlangsamung Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
23.05.2012, 15:23
| #3 |
| | Extreme Internet/RechnerverlangsamungCode:
ATTFilter # unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-21 09:26:07
# local_time=2012-05-21 11:26:07 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 37761 113150351 31156 0
# compatibility_mode=8192 67108863 100 0 473 473 0 0
# scanned=12915
# found=0
# cleaned=0
# scan_time=523
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=980e2cdd60721b4f8310ebe5aad30622
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 02:19:23
# local_time=2012-05-23 04:19:23 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 180021 113292611 173416 0
# compatibility_mode=8192 67108863 100 0 142733 142733 0 0
# scanned=158408
# found=7
# cleaned=0
# scan_time=5457
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\aTube_Catcher_Installer.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\A56E4DA7-BAB0-7891-9508-56FD958CA7ED\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\ICReinstall\Facemoods.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\is1293846689\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Ocean Technologies & Media\GG E-Sports Platform\plugins\FixedUpdatePlugin.dll probably a variant of Win32/TrojanDownloader.Agent.JOPAUPF trojan (unable to clean) 00000000000000000000000000000000 I
D:\Eigene Dateien\HL2_UK\Steam.dll.bak probably a variant of Win32/Agent.JBGSCWH trojan (unable to clean) 00000000000000000000000000000000 I
mfg |
|
23.05.2012, 20:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.05.2012, 20:35
| #5 |
| | Extreme Internet/Rechnerverlangsamung OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 21:20:54 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 631,25 Mb Available Physical Memory | 61,68% Memory free 2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,27% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,91 Gb Total Space | 20,18 Gb Free Space | 21,49% Space Free | Partition Type: NTFS Drive D: | 92,38 Gb Total Space | 59,34 Gb Free Space | 64,23% Space Free | Partition Type: FAT32 Computer Name: ACER-F5DADEF16C | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.23 21:19:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe PRC - [2009.08.05 15:32:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008.02.01 04:00:54 | 003,661,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.3\bin\postgres.exe PRC - [2004.11.09 22:36:02 | 000,497,240 | ---- | M] (America Online, Inc) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe PRC - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe PRC - [2003.06.17 17:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe ========== Modules (No Company Name) ========== MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.10.14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2009.01.28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2005.08.05 15:26:04 | 000,239,104 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll MOD - [2005.08.05 15:26:04 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax MOD - [2005.08.05 15:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax MOD - [2005.08.05 14:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax MOD - [2005.08.05 14:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax MOD - [2004.11.09 21:36:12 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\aol\ACS\DE\DialerRes.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.05.21 21:40:19 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009.08.05 15:32:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.02.01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2005.06.21 00:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2004.11.09 22:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- I:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010.09.04 15:10:53 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\PRFCC8.tmp -- (GarenaPEngine) DRV - [2010.01.30 13:41:21 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2007.04.10 13:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.06 18:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.06.13 20:09:14 | 000,969,728 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.01.25 07:56:47 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\krdpdre.sys -- (krdpdre) DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=a0ed97790000000000000019dbc2cad6 IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=30d11c04-714e-49fc-b675-c4596f09a4f5&apn_sauid=0A4B73D3-1F66-4D8B-94DD-DD0187EA0C7F IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Programme\Octoshape Streaming Services\Besitzer\octoprogram-L03-NMS1010120_SUA_001\npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.21 23:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.11 15:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2012.05.21 18:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\extensions [2012.04.11 15:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.21 21:40:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.21 21:40:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.21 17:44:43 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.05.21 21:40:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.05.21 21:40:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.05.21 21:40:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.21 21:40:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.21 21:40:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe (America Online, Inc) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF18D33F-54F0-4846-9CAB-A38BFE1176F5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.02.14 14:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "RichVideo" MsConfig - Services: "LightScribeService" MsConfig - Services: "Browser Defender Update Service" MsConfig - Services: "sdCoreService" MsConfig - Services: "sdAuxService" MsConfig - Services: "Brother XP spl Service" MsConfig - Services: "SkypeUpdate" MsConfig - Services: "SystemStore" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe - (Brother Industries, Ltd.) MsConfig - StartUpFolder: C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk - C:\Programme\AOL 9.0\aoltray.exe - (America Online, Inc.) MsConfig - StartUpFolder: C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: ApnUpdater - hkey= - key= - File not found MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DVDTray - hkey= - key= - C:\Programme\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company) MsConfig - StartUpReg: DW6 - hkey= - key= - File not found MsConfig - StartUpReg: Guard.Mail.ru.gui - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: ISTray - hkey= - key= - File not found MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe () MsConfig - StartUpReg: Performance Center - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: RealTray - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Programme\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 1 MsConfig - State: "win.ini" - 2 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - lhacm.acm File not found Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 21:19:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.05.23 20:57:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\58 [2012.05.21 23:45:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\You've Got Pictures Screensaver [2012.05.21 23:45:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache [2012.05.21 23:45:08 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe [2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2012.05.21 23:45:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime [2012.05.21 23:43:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AOL [2012.05.21 23:43:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\aolshare [2012.05.21 23:43:29 | 000,000,000 | ---D | C] -- C:\Programme\AOL 9.0 [2012.05.21 23:09:31 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.05.21 21:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.05.21 21:40:23 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.05.21 20:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Simply Super Software [2012.05.21 18:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.21 18:17:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.21 18:17:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.21 17:44:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon [2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon [2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.05.21 09:36:59 | 000,000,000 | ---D | C] -- C:\Programme\Freemium [2012.05.11 14:34:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\TubeBox [2012.05.11 14:32:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox [2012.05.11 14:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemium TubeBox [2012.05.11 14:31:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [14 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.23 21:19:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2012.05.23 20:58:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.05.23 20:58:43 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.23 17:42:35 | 000,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.05.23 17:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.23 17:40:56 | 000,000,209 | ---- | M] () -- C:\boot.ini [2012.05.23 13:42:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.21 23:45:28 | 000,000,725 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk [2012.05.21 23:45:17 | 000,000,574 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AOL 9.0.lnk [2012.05.21 23:37:12 | 000,051,750 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wklnhst.dat [2012.05.21 17:45:00 | 000,000,237 | ---- | M] () -- C:\user.js [2012.05.21 12:54:09 | 000,000,006 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2012.05.21 09:38:54 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.17 01:32:54 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini [2012.05.10 00:05:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.05.09 23:59:03 | 000,528,964 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.09 23:59:03 | 000,504,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.09 23:59:03 | 000,106,428 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.09 23:59:03 | 000,088,914 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [14 C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Desktop\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.21 23:45:17 | 000,000,574 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AOL 9.0.lnk [2012.05.21 17:44:59 | 000,000,237 | ---- | C] () -- C:\user.js [2012.05.21 10:49:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2012.02.16 18:54:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.13 01:36:36 | 000,223,446 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.11.12 18:02:15 | 000,421,475 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1214440339-484763869-839522115-1003-0.dat [2011.05.27 14:18:36 | 000,045,202 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\room_v3.dat [2011.04.16 15:06:59 | 000,046,658 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\room.dat [2011.03.10 18:29:31 | 000,248,579 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2010.11.21 15:51:12 | 000,000,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\postgresinstall.bat [2010.09.04 21:33:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI ========== LOP Check ========== [2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.01.20 19:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.01.01 16:15:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jlcm [2009.07.17 20:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLive [2012.05.21 20:07:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.08.02 14:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2011.08.01 23:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XHEO INC [2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon [2009.04.25 21:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon [2012.05.11 14:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium [2011.08.01 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HEM Data [2011.09.17 12:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HoldemManager [2012.02.17 18:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ [2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar [2009.04.17 16:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQLite [2011.10.18 17:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jens Lorek [2011.11.24 19:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PacificPoker [2010.10.03 21:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RayV [2011.08.02 00:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Roaming [2010.09.11 21:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer [2009.08.15 14:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Viewpoint [2012.01.20 19:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\{DCD48218-E972-4d0c-9E5F-43462BC13E3B} ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.04.15 19:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe [2012.05.21 23:46:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AOL [2012.05.21 17:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon [2008.02.20 23:22:05 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Brother [2008.02.14 15:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CyberLink [2009.04.25 21:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon [2008.12.25 00:02:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\dvdcss [2012.05.11 14:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Freemium [2008.04.16 17:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help [2011.08.01 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HEM Data [2011.09.17 12:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\HoldemManager [2012.02.17 18:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ [2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar [2009.04.17 16:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQLite [2008.02.14 14:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities [2008.02.15 14:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield [2011.10.18 17:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jens Lorek [2008.02.15 14:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia [2010.02.21 14:41:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes [2012.04.15 19:35:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft [2009.04.14 16:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mIRC [2012.04.11 15:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla [2011.09.05 23:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla-Cache [2011.11.24 19:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PacificPoker [2010.10.03 21:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RayV [2011.08.02 00:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Roaming [2012.04.16 15:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype [2011.08.08 00:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\skypePM [2008.02.18 18:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun [2010.10.12 19:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\teamspeak2 [2010.09.11 21:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TeamViewer [2008.10.27 18:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ventrilo [2009.08.15 14:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Viewpoint [2008.04.17 16:50:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\vlc [2008.02.17 18:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\WinRAR [2012.05.21 23:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\You've Got Pictures Screensaver < %APPDATA%\*.exe /s > [2008.09.03 17:11:11 | 000,323,936 | ---- | M] (Octoshape ApS) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe [2011.10.18 17:17:02 | 000,034,494 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_6FEFF9B68218417F98F549.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_B06349111D5E7CEE2A3C50.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_BBE843A4210D005E08B21E.exe [2012.03.06 00:24:24 | 000,009,158 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_ECF5B0A15121D905E30873.exe [2012.01.27 20:54:09 | 000,034,494 | R--- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Installer\{6B48554C-9089-4177-A38D-B8FE122F11FC}\_6FEFF9B68218417F98F549.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.08.19 16:27:39 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.02.14 15:09:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.02.14 15:09:47 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.02.14 15:09:47 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [20 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 @Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > [/code] |
|
23.05.2012, 21:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=a0ed97790000000000000019dbc2cad6
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=30d11c04-714e-49fc-b675-c4596f09a4f5&apn_sauid=0A4B73D3-1F66-4D8B-94DD-DD0187EA0C7F
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q="
[2012.05.21 17:44:43 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.14 14:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.05.21 17:44:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon
[2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon
[2012.05.21 17:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.05.21 17:44:59 | 000,000,237 | ---- | C] () -- C:\user.js
[2008.02.15 15:08:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Extreme Internet/Rechnerverlangsamung |
|
23.05.2012, 21:43
| #7 |
| | Extreme Internet/RechnerverlangsamungCode:
ATTFilter
All processes killed
========== OTL ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
File C:\WINDOWS\system32\drivers\xpsec.sys not found.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
File C:\WINDOWS\system32\drivers\xcpip.sys not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" removed from keyword.URL
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup folder moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon folder moved successfully.
C:\user.js moved successfully.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Flash cache emptied: 35 bytes
User: Besitzer
->Temp folder emptied: 6561470023 bytes
->Temporary Internet Files folder emptied: 29117068 bytes
->Java cache emptied: 22755315 bytes
->FireFox cache emptied: 149074359 bytes
->Flash cache emptied: 9790558 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 352980 bytes
User: mrpgrey
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 21690943 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24518743 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6.504,00 mb
[EMPTYFLASH]
User: All Users
->Flash cache emptied: 0 bytes
User: Besitzer
->Flash cache emptied: 0 bytes
User: Default User
User: LocalService
User: mrpgrey
User: NetworkService
User: postgres
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_223112
Files\Folders moved on Reboot...
C:\WINDOWS\temp\1e39981a moved successfully.
C:\WINDOWS\temp\1e4d8fcc moved successfully.
C:\WINDOWS\temp\2c96148e moved successfully.
C:\WINDOWS\temp\c9d8ca moved successfully.
Registry entries deleted on Reboot...
Sry 4 Doppelpost, habs nun nochmal ohne Guard gemacht. Code:
ATTFilter
All processes killed
========== OTL ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
File C:\WINDOWS\system32\drivers\xpsec.sys not found.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
File C:\WINDOWS\system32\drivers\xcpip.sys not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=a0ed97790000000000000019dbc2cad6" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=a0ed97790000000000000019dbc2cad6&q=" removed from keyword.URL
File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-484763869-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Babylon\ not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Babylon\ not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon\ not found.
File C:\user.js not found.
Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ Toolbar\ not found.
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Flash cache emptied: 35 bytes
User: Besitzer
->Temp folder emptied: 916853 bytes
->Temporary Internet Files folder emptied: 8694633 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39320039 bytes
->Flash cache emptied: 947 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33505 bytes
User: mrpgrey
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66349 bytes
RecycleBin emptied: 574 bytes
Total Files Cleaned = 47,00 mb
[EMPTYFLASH]
User: All Users
->Flash cache emptied: 0 bytes
User: Besitzer
->Flash cache emptied: 0 bytes
User: Default User
User: LocalService
User: mrpgrey
User: NetworkService
User: postgres
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_233349
Files\Folders moved on Reboot...
C:\WINDOWS\temp\25b5db7f moved successfully.
C:\WINDOWS\temp\5fc344f3 moved successfully.
C:\WINDOWS\temp\714bc546 moved successfully.
C:\WINDOWS\temp\de24e5c moved successfully.
Registry entries deleted on Reboot...
Geändert von BraucheHilf (23.05.2012 um 22:33 Uhr) |
|
24.05.2012, 11:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2012, 11:33
| #9 |
| | Extreme Internet/RechnerverlangsamungCode:
ATTFilter
12:29:24.0953 5904 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
12:29:25.0203 5904 ============================================================
12:29:25.0203 5904 Current date / time: 2012/05/24 12:29:25.0203
12:29:25.0203 5904 SystemInfo:
12:29:25.0203 5904
12:29:25.0203 5904 OS Version: 5.1.2600 ServicePack: 3.0
12:29:25.0203 5904 Product type: Workstation
12:29:25.0203 5904 ComputerName: ACER-F5DADEF16C
12:29:25.0203 5904 UserName: Besitzer
12:29:25.0203 5904 Windows directory: C:\WINDOWS
12:29:25.0203 5904 System windows directory: C:\WINDOWS
12:29:25.0203 5904 Processor architecture: Intel x86
12:29:25.0203 5904 Number of processors: 2
12:29:25.0203 5904 Page size: 0x1000
12:29:25.0203 5904 Boot type: Normal boot
12:29:25.0203 5904 ============================================================
12:29:26.0671 5904 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:29:26.0734 5904 ============================================================
12:29:26.0734 5904 \Device\Harddisk0\DR0:
12:29:26.0734 5904 MBR partitions:
12:29:26.0734 5904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBBD13E4
12:29:26.0750 5904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xBBD1462, BlocksNum 0xB8CC95F
12:29:26.0750 5904 ============================================================
12:29:26.0750 5904 D: <-> \Device\Harddisk0\DR0\Partition1
12:29:26.0765 5904 C: <-> \Device\Harddisk0\DR0\Partition0
12:29:26.0765 5904 ============================================================
12:29:26.0765 5904 Initialize success
12:29:26.0765 5904 ============================================================
12:30:18.0734 4480 ============================================================
12:30:18.0734 4480 Scan started
12:30:18.0734 4480 Mode: Manual; SigCheck; TDLFS;
12:30:18.0734 4480 ============================================================
12:30:19.0062 4480 3xHybrid (b985bd6230ac8cc7526d89ef92ce05be) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
12:30:19.0234 4480 3xHybrid - ok
12:30:19.0234 4480 Abiosdsk - ok
12:30:19.0250 4480 abp480n5 - ok
12:30:19.0296 4480 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:30:19.0406 4480 ACPI - ok
12:30:19.0453 4480 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:30:20.0218 4480 ACPIEC - ok
12:30:20.0218 4480 adpu160m - ok
12:30:20.0250 4480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:30:20.0375 4480 aec - ok
12:30:20.0406 4480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:30:20.0437 4480 AFD - ok
12:30:20.0437 4480 Aha154x - ok
12:30:20.0437 4480 aic78u2 - ok
12:30:20.0453 4480 aic78xx - ok
12:30:20.0484 4480 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
12:30:20.0640 4480 Alerter - ok
12:30:20.0656 4480 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
12:30:20.0718 4480 ALG - ok
12:30:20.0718 4480 AliIde - ok
12:30:20.0765 4480 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:30:20.0765 4480 AmdK8 - ok
12:30:20.0765 4480 amsint - ok
12:30:20.0875 4480 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe
12:30:20.0890 4480 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
12:30:20.0890 4480 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
12:30:20.0937 4480 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:30:20.0953 4480 AntiVirService ( UnsignedFile.Multi.Generic ) - warning
12:30:20.0953 4480 AntiVirService - detected UnsignedFile.Multi.Generic (1)
12:30:21.0031 4480 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
12:30:21.0031 4480 AOL ACS - ok
12:30:21.0078 4480 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
12:30:21.0140 4480 AppMgmt - ok
12:30:21.0156 4480 asc - ok
12:30:21.0156 4480 asc3350p - ok
12:30:21.0171 4480 asc3550 - ok
12:30:21.0296 4480 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:30:21.0375 4480 aspnet_state - ok
12:30:21.0390 4480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:30:21.0515 4480 AsyncMac - ok
12:30:21.0531 4480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:30:21.0687 4480 atapi - ok
12:30:21.0703 4480 Atdisk - ok
12:30:21.0718 4480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:30:21.0875 4480 Atmarpc - ok
12:30:21.0921 4480 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
12:30:22.0078 4480 AudioSrv - ok
12:30:22.0109 4480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:30:22.0250 4480 audstub - ok
12:30:22.0281 4480 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
12:30:22.0296 4480 avgio - ok
12:30:22.0328 4480 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:30:22.0375 4480 avgntflt - ok
12:30:22.0406 4480 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:30:22.0406 4480 avipbb - ok
12:30:22.0453 4480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:30:22.0609 4480 Beep - ok
12:30:22.0656 4480 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
12:30:22.0875 4480 BITS - ok
12:30:22.0906 4480 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe
12:30:22.0906 4480 Brother XP spl Service - ok
12:30:22.0968 4480 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
12:30:23.0125 4480 Browser - ok
12:30:23.0156 4480 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
12:30:23.0156 4480 BrScnUsb - ok
12:30:23.0187 4480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:30:23.0343 4480 cbidf2k - ok
12:30:23.0359 4480 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:30:23.0515 4480 CCDECODE - ok
12:30:23.0531 4480 cd20xrnt - ok
12:30:23.0531 4480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:30:23.0687 4480 Cdaudio - ok
12:30:23.0703 4480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:30:23.0875 4480 Cdfs - ok
12:30:23.0890 4480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:30:24.0046 4480 Cdrom - ok
12:30:24.0046 4480 Changer - ok
12:30:24.0078 4480 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
12:30:24.0234 4480 CiSvc - ok
12:30:24.0265 4480 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
12:30:24.0437 4480 ClipSrv - ok
12:30:24.0640 4480 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:24.0859 4480 clr_optimization_v2.0.50727_32 - ok
12:30:24.0890 4480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:24.0953 4480 clr_optimization_v4.0.30319_32 - ok
12:30:24.0953 4480 CmdIde - ok
12:30:24.0953 4480 COMSysApp - ok
12:30:24.0968 4480 Cpqarray - ok
12:30:25.0000 4480 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
12:30:25.0156 4480 CryptSvc - ok
12:30:25.0156 4480 dac2w2k - ok
12:30:25.0171 4480 dac960nt - ok
12:30:25.0218 4480 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:30:25.0281 4480 DcomLaunch - ok
12:30:25.0312 4480 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
12:30:25.0484 4480 Dhcp - ok
12:30:25.0515 4480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:30:25.0656 4480 Disk - ok
12:30:25.0656 4480 dmadmin - ok
12:30:25.0718 4480 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
12:30:25.0921 4480 dmboot - ok
12:30:25.0937 4480 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
12:30:26.0062 4480 dmio - ok
12:30:26.0078 4480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:30:26.0250 4480 dmload - ok
12:30:26.0281 4480 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
12:30:26.0421 4480 dmserver - ok
12:30:26.0437 4480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:30:26.0593 4480 DMusic - ok
12:30:26.0625 4480 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
12:30:26.0640 4480 Dnscache - ok
12:30:26.0687 4480 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
12:30:26.0828 4480 Dot3svc - ok
12:30:26.0828 4480 dpti2o - ok
12:30:26.0843 4480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:30:26.0984 4480 drmkaud - ok
12:30:27.0000 4480 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
12:30:27.0156 4480 EapHost - ok
12:30:27.0234 4480 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
12:30:27.0250 4480 ehRecvr - ok
12:30:27.0296 4480 ehSched (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
12:30:27.0312 4480 ehSched - ok
12:30:27.0343 4480 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
12:30:27.0500 4480 ERSvc - ok
12:30:27.0546 4480 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:30:27.0578 4480 Eventlog - ok
12:30:27.0640 4480 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
12:30:27.0671 4480 EventSystem - ok
12:30:27.0718 4480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:30:27.0875 4480 Fastfat - ok
12:30:27.0921 4480 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:30:27.0937 4480 FastUserSwitchingCompatibility - ok
12:30:28.0000 4480 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
12:30:28.0156 4480 Fax - ok
12:30:28.0171 4480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:30:28.0328 4480 Fdc - ok
12:30:28.0375 4480 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
12:30:28.0531 4480 Fips - ok
12:30:28.0593 4480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:30:28.0765 4480 Flpydisk - ok
12:30:28.0812 4480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:30:28.0968 4480 FltMgr - ok
12:30:29.0140 4480 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:30:29.0156 4480 FontCache3.0.0.0 - ok
12:30:29.0171 4480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:30:29.0328 4480 Fs_Rec - ok
12:30:29.0343 4480 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:30:29.0484 4480 Ftdisk - ok
12:30:29.0609 4480 GarenaPEngine - ok
12:30:29.0640 4480 GGSAFERDriver - ok
12:30:29.0656 4480 GMSIPCI - ok
12:30:29.0687 4480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:30:29.0843 4480 Gpc - ok
12:30:29.0890 4480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:30:30.0015 4480 HDAudBus - ok
12:30:30.0062 4480 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:30:30.0218 4480 helpsvc - ok
12:30:30.0218 4480 HidServ - ok
12:30:30.0234 4480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:30:30.0375 4480 HidUsb - ok
12:30:30.0421 4480 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
12:30:30.0578 4480 hkmsvc - ok
12:30:30.0578 4480 hpn - ok
12:30:30.0625 4480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:30:30.0671 4480 HTTP - ok
12:30:30.0687 4480 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
12:30:30.0796 4480 HTTPFilter - ok
12:30:30.0796 4480 i2omgmt - ok
12:30:30.0812 4480 i2omp - ok
12:30:30.0843 4480 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:30:30.0984 4480 i8042prt - ok
12:30:31.0078 4480 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:30:31.0125 4480 idsvc - ok
12:30:31.0140 4480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:30:31.0265 4480 Imapi - ok
12:30:31.0312 4480 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
12:30:31.0468 4480 ImapiService - ok
12:30:31.0468 4480 ini910u - ok
12:30:31.0796 4480 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:30:31.0984 4480 IntcAzAudAddService - ok
12:30:32.0078 4480 IntelIde - ok
12:30:32.0109 4480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:30:32.0265 4480 Ip6Fw - ok
12:30:32.0296 4480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:30:32.0453 4480 IpFilterDriver - ok
12:30:32.0484 4480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:30:32.0625 4480 IpInIp - ok
12:30:32.0640 4480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:30:32.0796 4480 IpNat - ok
12:30:32.0812 4480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:30:32.0984 4480 IPSec - ok
12:30:33.0000 4480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:30:33.0062 4480 IRENUM - ok
12:30:33.0078 4480 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:30:33.0218 4480 isapnp - ok
12:30:33.0359 4480 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
12:30:33.0375 4480 JavaQuickStarterService - ok
12:30:33.0375 4480 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:30:33.0531 4480 Kbdclass - ok
12:30:33.0531 4480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:30:33.0703 4480 kmixer - ok
12:30:33.0812 4480 krdpdre - ok
12:30:33.0859 4480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:30:33.0875 4480 KSecDD - ok
12:30:33.0921 4480 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
12:30:33.0953 4480 lanmanserver - ok
12:30:33.0984 4480 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
12:30:34.0000 4480 lanmanworkstation - ok
12:30:34.0015 4480 lbrtfdc - ok
12:30:34.0078 4480 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
12:30:34.0093 4480 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:30:34.0093 4480 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:30:34.0109 4480 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
12:30:34.0281 4480 LmHosts - ok
12:30:34.0343 4480 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
12:30:34.0375 4480 McrdSvc - ok
12:30:34.0375 4480 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
12:30:34.0515 4480 Messenger - ok
12:30:34.0546 4480 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
12:30:34.0562 4480 MHN ( UnsignedFile.Multi.Generic ) - warning
12:30:34.0562 4480 MHN - detected UnsignedFile.Multi.Generic (1)
12:30:34.0578 4480 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:30:34.0578 4480 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
12:30:34.0578 4480 MHNDRV - detected UnsignedFile.Multi.Generic (1)
12:30:34.0609 4480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:30:34.0765 4480 mnmdd - ok
12:30:34.0796 4480 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
12:30:34.0953 4480 mnmsrvc - ok
12:30:34.0984 4480 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
12:30:35.0140 4480 Modem - ok
12:30:35.0156 4480 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:30:35.0312 4480 Mouclass - ok
12:30:35.0343 4480 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:30:35.0484 4480 mouhid - ok
12:30:35.0500 4480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:30:35.0656 4480 MountMgr - ok
12:30:35.0687 4480 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:30:35.0703 4480 MozillaMaintenance - ok
12:30:35.0718 4480 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:30:35.0859 4480 MPE - ok
12:30:35.0859 4480 mraid35x - ok
12:30:35.0906 4480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:30:36.0031 4480 MRxDAV - ok
12:30:36.0093 4480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:30:36.0125 4480 MRxSmb - ok
12:30:36.0156 4480 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
12:30:36.0312 4480 MSDTC - ok
12:30:36.0328 4480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:30:36.0468 4480 Msfs - ok
12:30:36.0468 4480 MSIServer - ok
12:30:36.0484 4480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:30:36.0625 4480 MSKSSRV - ok
12:30:36.0703 4480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:30:36.0859 4480 MSPCLOCK - ok
12:30:36.0875 4480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:30:37.0031 4480 MSPQM - ok
12:30:37.0046 4480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:30:37.0187 4480 mssmbios - ok
12:30:37.0218 4480 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:30:37.0343 4480 MSTEE - ok
12:30:37.0421 4480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:30:37.0484 4480 Mup - ok
12:30:37.0515 4480 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:30:37.0703 4480 NABTSFEC - ok
12:30:37.0750 4480 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
12:30:37.0859 4480 napagent - ok
12:30:37.0937 4480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:30:38.0093 4480 NDIS - ok
12:30:38.0125 4480 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:30:38.0281 4480 NdisIP - ok
12:30:38.0328 4480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:30:38.0343 4480 NdisTapi - ok
12:30:38.0375 4480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:30:38.0515 4480 Ndisuio - ok
12:30:38.0531 4480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:30:38.0703 4480 NdisWan - ok
12:30:38.0750 4480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:30:38.0796 4480 NDProxy - ok
12:30:38.0828 4480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:30:38.0953 4480 NetBIOS - ok
12:30:38.0968 4480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:30:39.0093 4480 NetBT - ok
12:30:39.0156 4480 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:30:39.0312 4480 NetDDE - ok
12:30:39.0312 4480 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
12:30:39.0453 4480 NetDDEdsdm - ok
12:30:39.0484 4480 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:39.0625 4480 Netlogon - ok
12:30:39.0640 4480 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
12:30:39.0781 4480 Netman - ok
12:30:39.0890 4480 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:30:39.0890 4480 NetTcpPortSharing - ok
12:30:39.0937 4480 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
12:30:39.0968 4480 Nla - ok
12:30:40.0015 4480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:30:40.0156 4480 Npfs - ok
12:30:40.0203 4480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:30:40.0375 4480 Ntfs - ok
12:30:40.0390 4480 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:40.0546 4480 NtLmSsp - ok
12:30:40.0609 4480 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
12:30:40.0750 4480 NtmsSvc - ok
12:30:40.0781 4480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:30:40.0906 4480 Null - ok
12:30:41.0171 4480 nv (10458bfc0968e7e69d77f292942b27b1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:30:41.0281 4480 nv - ok
12:30:41.0390 4480 NVSvc (f6fca6047879de7a2964757eb8b2101b) C:\WINDOWS\system32\nvsvc32.exe
12:30:41.0406 4480 NVSvc - ok
12:30:41.0437 4480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:30:41.0578 4480 NwlnkFlt - ok
12:30:41.0593 4480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:30:41.0765 4480 NwlnkFwd - ok
12:30:41.0812 4480 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
12:30:41.0937 4480 Parport - ok
12:30:41.0968 4480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:30:42.0140 4480 PartMgr - ok
12:30:42.0171 4480 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:30:42.0296 4480 ParVdm - ok
12:30:42.0296 4480 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
12:30:42.0468 4480 PCI - ok
12:30:42.0468 4480 PCIDump - ok
12:30:42.0484 4480 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:30:42.0625 4480 PCIIde - ok
12:30:42.0656 4480 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:30:42.0875 4480 Pcmcia - ok
12:30:42.0875 4480 PDCOMP - ok
12:30:42.0875 4480 PDFRAME - ok
12:30:42.0890 4480 PDRELI - ok
12:30:42.0890 4480 PDRFRAME - ok
12:30:42.0890 4480 perc2 - ok
12:30:42.0906 4480 perc2hib - ok
12:30:43.0031 4480 pgsql-8.3 - ok
12:30:43.0093 4480 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
12:30:43.0125 4480 PlugPlay - ok
12:30:43.0218 4480 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:43.0343 4480 PolicyAgent - ok
12:30:43.0375 4480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:30:43.0500 4480 PptpMiniport - ok
12:30:43.0515 4480 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
12:30:43.0656 4480 Processor - ok
12:30:43.0671 4480 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:43.0796 4480 ProtectedStorage - ok
12:30:43.0812 4480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:30:43.0968 4480 PSched - ok
12:30:44.0000 4480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:30:44.0125 4480 Ptilink - ok
12:30:44.0156 4480 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:30:44.0171 4480 PxHelp20 - ok
12:30:44.0171 4480 ql1080 - ok
12:30:44.0171 4480 Ql10wnt - ok
12:30:44.0187 4480 ql12160 - ok
12:30:44.0187 4480 ql1240 - ok
12:30:44.0187 4480 ql1280 - ok
12:30:44.0218 4480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:30:44.0343 4480 RasAcd - ok
12:30:44.0375 4480 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
12:30:44.0546 4480 RasAuto - ok
12:30:44.0562 4480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:30:44.0687 4480 Rasl2tp - ok
12:30:44.0734 4480 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
12:30:44.0859 4480 RasMan - ok
12:30:44.0875 4480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:30:45.0015 4480 RasPppoe - ok
12:30:45.0031 4480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:30:45.0171 4480 Raspti - ok
12:30:45.0203 4480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:30:45.0328 4480 Rdbss - ok
12:30:45.0328 4480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:30:45.0468 4480 RDPCDD - ok
12:30:45.0500 4480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:30:45.0625 4480 rdpdr - ok
12:30:45.0687 4480 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:30:45.0718 4480 RDPWD - ok
12:30:45.0750 4480 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
12:30:45.0890 4480 RDSessMgr - ok
12:30:46.0015 4480 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:30:46.0171 4480 redbook - ok
12:30:46.0187 4480 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
12:30:46.0328 4480 RemoteAccess - ok
12:30:46.0359 4480 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
12:30:46.0500 4480 RemoteRegistry - ok
12:30:46.0625 4480 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Programme\CyberLink\Shared Files\RichVideo.exe
12:30:46.0640 4480 RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:30:46.0640 4480 RichVideo - detected UnsignedFile.Multi.Generic (1)
12:30:46.0671 4480 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
12:30:46.0812 4480 RpcLocator - ok
12:30:46.0859 4480 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
12:30:46.0875 4480 RpcSs - ok
12:30:46.0921 4480 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
12:30:47.0046 4480 RSVP - ok
12:30:47.0093 4480 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:30:47.0125 4480 RTLE8023xp - ok
12:30:47.0171 4480 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
12:30:47.0312 4480 SamSs - ok
12:30:47.0343 4480 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
12:30:47.0484 4480 SCardSvr - ok
12:30:47.0531 4480 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
12:30:47.0703 4480 Schedule - ok
12:30:47.0718 4480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:30:47.0781 4480 Secdrv - ok
12:30:47.0796 4480 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
12:30:47.0921 4480 seclogon - ok
12:30:47.0937 4480 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
12:30:48.0078 4480 SENS - ok
12:30:48.0109 4480 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
12:30:48.0265 4480 Serial - ok
12:30:48.0296 4480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:30:48.0437 4480 Sfloppy - ok
12:30:48.0484 4480 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
12:30:48.0609 4480 SharedAccess - ok
12:30:48.0656 4480 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:30:48.0671 4480 ShellHWDetection - ok
12:30:48.0687 4480 Simbad - ok
12:30:48.0750 4480 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
12:30:48.0765 4480 SkypeUpdate - ok
12:30:48.0796 4480 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:30:48.0937 4480 SLIP - ok
12:30:48.0937 4480 Sparrow - ok
12:30:48.0953 4480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:30:49.0109 4480 splitter - ok
12:30:49.0140 4480 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:30:49.0156 4480 Spooler - ok
12:30:49.0171 4480 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
12:30:49.0234 4480 sr - ok
12:30:49.0265 4480 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
12:30:49.0343 4480 srservice - ok
12:30:49.0375 4480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:30:49.0421 4480 Srv - ok
12:30:49.0437 4480 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
12:30:49.0500 4480 SSDPSRV - ok
12:30:49.0546 4480 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:30:49.0546 4480 ssmdrv - ok
12:30:49.0609 4480 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
12:30:49.0718 4480 stisvc - ok
12:30:49.0750 4480 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:30:49.0890 4480 streamip - ok
12:30:49.0906 4480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:30:50.0031 4480 swenum - ok
12:30:50.0046 4480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:30:50.0187 4480 swmidi - ok
12:30:50.0187 4480 SwPrv - ok
12:30:50.0187 4480 symc810 - ok
12:30:50.0203 4480 symc8xx - ok
12:30:50.0203 4480 sym_hi - ok
12:30:50.0203 4480 sym_u3 - ok
12:30:50.0234 4480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:30:50.0375 4480 sysaudio - ok
12:30:50.0406 4480 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
12:30:50.0546 4480 SysmonLog - ok
12:30:50.0640 4480 SystemStore (1a78d70d7a02c920a18843426682899b) C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
12:30:50.0656 4480 SystemStore ( UnsignedFile.Multi.Generic ) - warning
12:30:50.0656 4480 SystemStore - detected UnsignedFile.Multi.Generic (1)
12:30:50.0703 4480 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
12:30:50.0812 4480 TapiSrv - ok
12:30:50.0875 4480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:30:50.0921 4480 Tcpip - ok
12:30:50.0953 4480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:30:51.0109 4480 TDPIPE - ok
12:30:51.0125 4480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:30:51.0250 4480 TDTCP - ok
12:30:51.0312 4480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:30:51.0421 4480 TermDD - ok
12:30:51.0484 4480 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
12:30:51.0640 4480 TermService - ok
12:30:51.0640 4480 TfFsMon - ok
12:30:51.0640 4480 TfNetMon - ok
12:30:51.0656 4480 TfSysMon - ok
12:30:51.0687 4480 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
12:30:51.0703 4480 Themes - ok
12:30:51.0750 4480 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
12:30:51.0812 4480 TlntSvr - ok
12:30:51.0812 4480 TosIde - ok
12:30:51.0843 4480 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
12:30:52.0000 4480 TrkWks - ok
12:30:52.0031 4480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:30:52.0156 4480 Udfs - ok
12:30:52.0171 4480 ultra - ok
12:30:52.0203 4480 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
12:30:52.0218 4480 UMWdf - ok
12:30:52.0281 4480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:30:52.0421 4480 Update - ok
12:30:52.0468 4480 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
12:30:52.0531 4480 upnphost - ok
12:30:52.0562 4480 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
12:30:52.0703 4480 UPS - ok
12:30:52.0718 4480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:30:52.0875 4480 usbccgp - ok
12:30:52.0906 4480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:30:53.0046 4480 usbehci - ok
12:30:53.0078 4480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:30:53.0218 4480 usbhub - ok
12:30:53.0234 4480 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:30:53.0343 4480 usbohci - ok
12:30:53.0359 4480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:30:53.0484 4480 usbprint - ok
12:30:53.0500 4480 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:30:53.0625 4480 usbstor - ok
12:30:53.0640 4480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:30:53.0750 4480 VgaSave - ok
12:30:53.0765 4480 ViaIde - ok
12:30:53.0781 4480 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
12:30:53.0906 4480 VolSnap - ok
12:30:53.0968 4480 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
12:30:54.0015 4480 VSS - ok
12:30:54.0062 4480 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
12:30:54.0187 4480 W32Time - ok
12:30:54.0218 4480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:30:54.0343 4480 Wanarp - ok
12:30:54.0375 4480 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
12:30:54.0406 4480 wanatw - ok
12:30:54.0406 4480 WDICA - ok
12:30:54.0437 4480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:30:54.0578 4480 wdmaud - ok
12:30:54.0609 4480 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
12:30:54.0765 4480 WebClient - ok
12:30:54.0843 4480 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:30:54.0953 4480 winmgmt - ok
12:30:55.0000 4480 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
12:30:55.0015 4480 WmdmPmSN - ok
12:30:55.0093 4480 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
12:30:55.0125 4480 Wmi - ok
12:30:55.0156 4480 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:30:55.0265 4480 WmiApSrv - ok
12:30:55.0453 4480 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:30:55.0515 4480 WPFFontCache_v0400 - ok
12:30:55.0578 4480 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:30:55.0703 4480 WS2IFSL - ok
12:30:55.0750 4480 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
12:30:55.0875 4480 wscsvc - ok
12:30:55.0921 4480 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:30:56.0031 4480 WSTCODEC - ok
12:30:56.0046 4480 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
12:30:56.0156 4480 wuauserv - ok
12:30:56.0218 4480 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
12:30:56.0375 4480 WZCSVC - ok
12:30:56.0390 4480 xcpip - ok
12:30:56.0406 4480 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
12:30:56.0531 4480 xmlprov - ok
12:30:56.0531 4480 xpsec - ok
12:30:56.0562 4480 MBR (0x1B8) (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk0\DR0
12:30:56.0562 4480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:30:56.0562 4480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:30:56.0640 4480 Boot (0x1200) (b137f492af53146361b746e889df95bb) \Device\Harddisk0\DR0\Partition0
12:30:56.0640 4480 \Device\Harddisk0\DR0\Partition0 - ok
12:30:56.0656 4480 Boot (0x1200) (c6ae6dc64faf9b3d8a9ccac454dd624f) \Device\Harddisk0\DR0\Partition1
12:30:56.0656 4480 \Device\Harddisk0\DR0\Partition1 - ok
12:30:56.0656 4480 ============================================================
12:30:56.0656 4480 Scan finished
12:30:56.0656 4480 ============================================================
12:30:56.0781 1812 Detected object count: 8
12:30:56.0781 1812 Actual detected object count: 8
12:31:51.0015 1812 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:51.0015 1812 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:51.0015 1812 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:51.0015 1812 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:51.0015 1812 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0015 1812 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:51.0031 1812 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0031 1812 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:51.0031 1812 SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:51.0031 1812 SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:51.0031 1812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
12:31:51.0031 1812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
|
|
24.05.2012, 21:42
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/RechnerverlangsamungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2012, 15:51
| #11 |
| | Extreme Internet/Rechnerverlangsamung besser später als nie.. Code:
ATTFilter
16:47:56.0750 3608 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
16:47:57.0312 3608 ============================================================
16:47:57.0312 3608 Current date / time: 2012/05/28 16:47:57.0312
16:47:57.0312 3608 SystemInfo:
16:47:57.0312 3608
16:47:57.0312 3608 OS Version: 5.1.2600 ServicePack: 3.0
16:47:57.0312 3608 Product type: Workstation
16:47:57.0312 3608 ComputerName: ACER-F5DADEF16C
16:47:57.0312 3608 UserName: Besitzer
16:47:57.0312 3608 Windows directory: C:\WINDOWS
16:47:57.0312 3608 System windows directory: C:\WINDOWS
16:47:57.0312 3608 Processor architecture: Intel x86
16:47:57.0312 3608 Number of processors: 2
16:47:57.0312 3608 Page size: 0x1000
16:47:57.0312 3608 Boot type: Normal boot
16:47:57.0312 3608 ============================================================
16:48:00.0453 3608 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:48:00.0546 3608 Drive \Device\Harddisk6\DR13 - Size: 0x1DD60000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:48:00.0546 3608 ============================================================
16:48:00.0546 3608 \Device\Harddisk0\DR0:
16:48:00.0546 3608 MBR partitions:
16:48:00.0546 3608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBBD13E4
16:48:00.0562 3608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xBBD1462, BlocksNum 0xB8CC95F
16:48:00.0562 3608 \Device\Harddisk6\DR13:
16:48:00.0562 3608 MBR partitions:
16:48:00.0562 3608 \Device\Harddisk6\DR13\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0xEEAE0
16:48:00.0562 3608 ============================================================
16:48:00.0562 3608 D: <-> \Device\Harddisk0\DR0\Partition1
16:48:00.0593 3608 C: <-> \Device\Harddisk0\DR0\Partition0
16:48:00.0593 3608 ============================================================
16:48:00.0593 3608 Initialize success
16:48:00.0593 3608 ============================================================
16:48:04.0281 2116 ============================================================
16:48:04.0281 2116 Scan started
16:48:04.0281 2116 Mode: Manual; SigCheck; TDLFS;
16:48:04.0281 2116 ============================================================
16:48:05.0218 2116 3xHybrid (b985bd6230ac8cc7526d89ef92ce05be) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
16:48:06.0500 2116 3xHybrid - ok
16:48:06.0515 2116 Abiosdsk - ok
16:48:06.0515 2116 abp480n5 - ok
16:48:06.0562 2116 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:48:07.0343 2116 ACPI - ok
16:48:07.0359 2116 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:48:07.0531 2116 ACPIEC - ok
16:48:07.0531 2116 adpu160m - ok
16:48:07.0578 2116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:48:07.0750 2116 aec - ok
16:48:07.0765 2116 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:48:07.0812 2116 AFD - ok
16:48:07.0812 2116 Aha154x - ok
16:48:07.0828 2116 aic78u2 - ok
16:48:07.0828 2116 aic78xx - ok
16:48:07.0859 2116 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
16:48:08.0031 2116 Alerter - ok
16:48:08.0046 2116 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
16:48:08.0125 2116 ALG - ok
16:48:08.0125 2116 AliIde - ok
16:48:08.0156 2116 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:48:08.0203 2116 AmdK8 - ok
16:48:08.0203 2116 amsint - ok
16:48:08.0296 2116 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe
16:48:08.0312 2116 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
16:48:08.0312 2116 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
16:48:08.0359 2116 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe
16:48:08.0390 2116 AntiVirService ( UnsignedFile.Multi.Generic ) - warning
16:48:08.0390 2116 AntiVirService - detected UnsignedFile.Multi.Generic (1)
16:48:08.0453 2116 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
16:48:08.0468 2116 AOL ACS - ok
16:48:08.0515 2116 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
16:48:08.0593 2116 AppMgmt - ok
16:48:08.0609 2116 asc - ok
16:48:08.0609 2116 asc3350p - ok
16:48:08.0609 2116 asc3550 - ok
16:48:08.0734 2116 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:48:08.0750 2116 aspnet_state - ok
16:48:08.0781 2116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:48:08.0921 2116 AsyncMac - ok
16:48:08.0937 2116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:48:09.0109 2116 atapi - ok
16:48:09.0109 2116 Atdisk - ok
16:48:09.0125 2116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:48:09.0312 2116 Atmarpc - ok
16:48:09.0343 2116 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
16:48:09.0515 2116 AudioSrv - ok
16:48:09.0546 2116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:48:09.0718 2116 audstub - ok
16:48:09.0750 2116 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:48:09.0765 2116 avgio - ok
16:48:09.0796 2116 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:48:09.0859 2116 avgntflt - ok
16:48:09.0890 2116 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:48:09.0906 2116 avipbb - ok
16:48:09.0921 2116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:48:10.0109 2116 Beep - ok
16:48:10.0156 2116 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
16:48:10.0406 2116 BITS - ok
16:48:10.0421 2116 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe
16:48:10.0468 2116 Brother XP spl Service - ok
16:48:10.0500 2116 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
16:48:10.0687 2116 Browser - ok
16:48:10.0906 2116 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
16:48:10.0937 2116 BrScnUsb - ok
16:48:10.0968 2116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:48:11.0140 2116 cbidf2k - ok
16:48:11.0156 2116 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:48:11.0328 2116 CCDECODE - ok
16:48:11.0328 2116 cd20xrnt - ok
16:48:11.0359 2116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:48:11.0531 2116 Cdaudio - ok
16:48:11.0562 2116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:48:11.0750 2116 Cdfs - ok
16:48:11.0781 2116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:48:11.0953 2116 Cdrom - ok
16:48:11.0953 2116 Changer - ok
16:48:11.0984 2116 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
16:48:12.0140 2116 CiSvc - ok
16:48:12.0187 2116 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
16:48:12.0390 2116 ClipSrv - ok
16:48:12.0484 2116 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:12.0562 2116 clr_optimization_v2.0.50727_32 - ok
16:48:12.0625 2116 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:12.0703 2116 clr_optimization_v4.0.30319_32 - ok
16:48:12.0703 2116 CmdIde - ok
16:48:12.0718 2116 COMSysApp - ok
16:48:12.0718 2116 Cpqarray - ok
16:48:12.0750 2116 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
16:48:12.0890 2116 CryptSvc - ok
16:48:12.0906 2116 dac2w2k - ok
16:48:12.0906 2116 dac960nt - ok
16:48:12.0968 2116 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:48:13.0046 2116 DcomLaunch - ok
16:48:13.0078 2116 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
16:48:13.0265 2116 Dhcp - ok
16:48:13.0281 2116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:48:13.0484 2116 Disk - ok
16:48:13.0484 2116 dmadmin - ok
16:48:13.0546 2116 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:48:13.0750 2116 dmboot - ok
16:48:13.0765 2116 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:48:13.0921 2116 dmio - ok
16:48:13.0937 2116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:48:14.0109 2116 dmload - ok
16:48:14.0140 2116 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
16:48:14.0312 2116 dmserver - ok
16:48:14.0328 2116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:48:14.0484 2116 DMusic - ok
16:48:14.0515 2116 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
16:48:14.0562 2116 Dnscache - ok
16:48:14.0625 2116 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
16:48:14.0781 2116 Dot3svc - ok
16:48:14.0781 2116 dpti2o - ok
16:48:14.0781 2116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:48:14.0953 2116 drmkaud - ok
16:48:15.0046 2116 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
16:48:15.0234 2116 EapHost - ok
16:48:15.0734 2116 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
16:48:15.0937 2116 ehRecvr - ok
16:48:16.0000 2116 ehSched (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe
16:48:16.0062 2116 ehSched - ok
16:48:16.0125 2116 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
16:48:16.0281 2116 ERSvc - ok
16:48:16.0312 2116 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:48:16.0343 2116 Eventlog - ok
16:48:16.0406 2116 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
16:48:16.0484 2116 EventSystem - ok
16:48:16.0515 2116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:48:16.0703 2116 Fastfat - ok
16:48:16.0734 2116 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:48:16.0796 2116 FastUserSwitchingCompatibility - ok
16:48:16.0843 2116 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
16:48:17.0015 2116 Fax - ok
16:48:17.0031 2116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:48:17.0203 2116 Fdc - ok
16:48:17.0234 2116 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:48:17.0390 2116 Fips - ok
16:48:17.0406 2116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:48:17.0578 2116 Flpydisk - ok
16:48:17.0609 2116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:48:17.0750 2116 FltMgr - ok
16:48:17.0859 2116 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:48:17.0875 2116 FontCache3.0.0.0 - ok
16:48:17.0906 2116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:48:18.0062 2116 Fs_Rec - ok
16:48:18.0078 2116 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:48:18.0234 2116 Ftdisk - ok
16:48:18.0312 2116 GarenaPEngine - ok
16:48:18.0359 2116 GGSAFERDriver - ok
16:48:18.0359 2116 GMSIPCI - ok
16:48:18.0421 2116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:48:18.0593 2116 Gpc - ok
16:48:18.0625 2116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:48:18.0765 2116 HDAudBus - ok
16:48:18.0796 2116 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:48:18.0968 2116 helpsvc - ok
16:48:18.0984 2116 HidServ - ok
16:48:19.0015 2116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:48:19.0234 2116 HidUsb - ok
16:48:19.0265 2116 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
16:48:19.0421 2116 hkmsvc - ok
16:48:19.0421 2116 hpn - ok
16:48:19.0468 2116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:48:19.0531 2116 HTTP - ok
16:48:19.0546 2116 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
16:48:19.0718 2116 HTTPFilter - ok
16:48:19.0718 2116 i2omgmt - ok
16:48:19.0718 2116 i2omp - ok
16:48:19.0750 2116 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:48:19.0906 2116 i8042prt - ok
16:48:20.0000 2116 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:48:20.0062 2116 idsvc - ok
16:48:20.0078 2116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:48:20.0218 2116 Imapi - ok
16:48:20.0250 2116 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
16:48:20.0406 2116 ImapiService - ok
16:48:20.0406 2116 ini910u - ok
16:48:20.0703 2116 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:48:20.0984 2116 IntcAzAudAddService - ok
16:48:21.0062 2116 IntelIde - ok
16:48:21.0093 2116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:48:21.0281 2116 Ip6Fw - ok
16:48:21.0296 2116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:48:21.0468 2116 IpFilterDriver - ok
16:48:21.0500 2116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:48:21.0656 2116 IpInIp - ok
16:48:21.0671 2116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:48:21.0828 2116 IpNat - ok
16:48:21.0843 2116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:48:22.0031 2116 IPSec - ok
16:48:22.0046 2116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:48:22.0109 2116 IRENUM - ok
16:48:22.0125 2116 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:48:22.0296 2116 isapnp - ok
16:48:22.0437 2116 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
16:48:22.0453 2116 JavaQuickStarterService - ok
16:48:22.0468 2116 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:48:22.0656 2116 Kbdclass - ok
16:48:22.0671 2116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:48:22.0828 2116 kmixer - ok
16:48:22.0921 2116 krdpdre - ok
16:48:22.0953 2116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:48:23.0046 2116 KSecDD - ok
16:48:23.0093 2116 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
16:48:23.0125 2116 lanmanserver - ok
16:48:23.0156 2116 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
16:48:23.0203 2116 lanmanworkstation - ok
16:48:23.0203 2116 lbrtfdc - ok
16:48:23.0281 2116 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
16:48:23.0281 2116 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0281 2116 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:48:23.0312 2116 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
16:48:23.0468 2116 LmHosts - ok
16:48:23.0531 2116 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
16:48:23.0562 2116 McrdSvc - ok
16:48:23.0593 2116 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
16:48:23.0765 2116 Messenger - ok
16:48:23.0796 2116 MHN (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll
16:48:23.0812 2116 MHN ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0812 2116 MHN - detected UnsignedFile.Multi.Generic (1)
16:48:23.0828 2116 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:48:23.0828 2116 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0828 2116 MHNDRV - detected UnsignedFile.Multi.Generic (1)
16:48:23.0859 2116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:48:23.0984 2116 mnmdd - ok
16:48:24.0031 2116 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
16:48:24.0218 2116 mnmsrvc - ok
16:48:24.0250 2116 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:48:24.0421 2116 Modem - ok
16:48:24.0437 2116 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:48:24.0625 2116 Mouclass - ok
16:48:24.0656 2116 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:48:24.0796 2116 mouhid - ok
16:48:24.0796 2116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:48:24.0968 2116 MountMgr - ok
16:48:25.0015 2116 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
16:48:25.0046 2116 MozillaMaintenance - ok
16:48:25.0046 2116 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:48:25.0218 2116 MPE - ok
16:48:25.0218 2116 mraid35x - ok
16:48:25.0250 2116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:48:25.0390 2116 MRxDAV - ok
16:48:25.0453 2116 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:48:25.0531 2116 MRxSmb - ok
16:48:25.0546 2116 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
16:48:25.0703 2116 MSDTC - ok
16:48:25.0718 2116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:48:25.0875 2116 Msfs - ok
16:48:25.0875 2116 MSIServer - ok
16:48:25.0906 2116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:48:26.0046 2116 MSKSSRV - ok
16:48:26.0046 2116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:48:26.0187 2116 MSPCLOCK - ok
16:48:26.0218 2116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:48:26.0359 2116 MSPQM - ok
16:48:26.0390 2116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:48:26.0562 2116 mssmbios - ok
16:48:26.0609 2116 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:48:26.0750 2116 MSTEE - ok
16:48:26.0781 2116 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:48:26.0828 2116 Mup - ok
16:48:26.0843 2116 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:48:26.0984 2116 NABTSFEC - ok
16:48:27.0031 2116 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
16:48:27.0187 2116 napagent - ok
16:48:27.0234 2116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:48:27.0390 2116 NDIS - ok
16:48:27.0406 2116 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:48:27.0562 2116 NdisIP - ok
16:48:27.0593 2116 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:48:27.0625 2116 NdisTapi - ok
16:48:27.0656 2116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:48:27.0812 2116 Ndisuio - ok
16:48:27.0828 2116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:48:27.0984 2116 NdisWan - ok
16:48:28.0000 2116 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:48:28.0046 2116 NDProxy - ok
16:48:28.0078 2116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:48:28.0203 2116 NetBIOS - ok
16:48:28.0234 2116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:48:28.0390 2116 NetBT - ok
16:48:28.0437 2116 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:48:28.0593 2116 NetDDE - ok
16:48:28.0609 2116 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
16:48:28.0750 2116 NetDDEdsdm - ok
16:48:28.0781 2116 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:28.0953 2116 Netlogon - ok
16:48:28.0984 2116 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
16:48:29.0140 2116 Netman - ok
16:48:29.0250 2116 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:29.0265 2116 NetTcpPortSharing - ok
16:48:29.0312 2116 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
16:48:29.0359 2116 Nla - ok
16:48:29.0390 2116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:48:29.0546 2116 Npfs - ok
16:48:29.0625 2116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:48:29.0781 2116 Ntfs - ok
16:48:29.0796 2116 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:29.0937 2116 NtLmSsp - ok
16:48:29.0984 2116 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
16:48:30.0140 2116 NtmsSvc - ok
16:48:30.0171 2116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:48:30.0328 2116 Null - ok
16:48:30.0593 2116 nv (10458bfc0968e7e69d77f292942b27b1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:48:30.0812 2116 nv - ok
16:48:30.0921 2116 NVSvc (f6fca6047879de7a2964757eb8b2101b) C:\WINDOWS\system32\nvsvc32.exe
16:48:30.0953 2116 NVSvc - ok
16:48:31.0015 2116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:48:31.0171 2116 NwlnkFlt - ok
16:48:31.0187 2116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:48:31.0343 2116 NwlnkFwd - ok
16:48:31.0421 2116 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:48:31.0437 2116 ose - ok
16:48:31.0453 2116 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
16:48:31.0609 2116 Parport - ok
16:48:31.0640 2116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:48:31.0796 2116 PartMgr - ok
16:48:31.0828 2116 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:48:31.0953 2116 ParVdm - ok
16:48:31.0953 2116 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:48:32.0109 2116 PCI - ok
16:48:32.0109 2116 PCIDump - ok
16:48:32.0125 2116 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:48:32.0281 2116 PCIIde - ok
16:48:32.0312 2116 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:48:32.0437 2116 Pcmcia - ok
16:48:32.0437 2116 PDCOMP - ok
16:48:32.0437 2116 PDFRAME - ok
16:48:32.0453 2116 PDRELI - ok
16:48:32.0453 2116 PDRFRAME - ok
16:48:32.0453 2116 perc2 - ok
16:48:32.0453 2116 perc2hib - ok
16:48:32.0593 2116 pgsql-8.3 - ok
16:48:32.0625 2116 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
16:48:32.0640 2116 PlugPlay - ok
16:48:32.0671 2116 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:32.0812 2116 PolicyAgent - ok
16:48:32.0828 2116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:48:32.0984 2116 PptpMiniport - ok
16:48:33.0000 2116 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
16:48:33.0156 2116 Processor - ok
16:48:33.0171 2116 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:33.0296 2116 ProtectedStorage - ok
16:48:33.0312 2116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:48:33.0437 2116 PSched - ok
16:48:33.0453 2116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:48:33.0578 2116 Ptilink - ok
16:48:33.0625 2116 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:48:33.0625 2116 PxHelp20 - ok
16:48:33.0640 2116 ql1080 - ok
16:48:33.0640 2116 Ql10wnt - ok
16:48:33.0640 2116 ql12160 - ok
16:48:33.0656 2116 ql1240 - ok
16:48:33.0656 2116 ql1280 - ok
16:48:33.0656 2116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:48:33.0781 2116 RasAcd - ok
16:48:33.0828 2116 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
16:48:33.0968 2116 RasAuto - ok
16:48:34.0000 2116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:48:34.0218 2116 Rasl2tp - ok
16:48:34.0265 2116 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
16:48:34.0437 2116 RasMan - ok
16:48:34.0437 2116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:48:34.0593 2116 RasPppoe - ok
16:48:34.0625 2116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:48:34.0750 2116 Raspti - ok
16:48:34.0781 2116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:48:34.0937 2116 Rdbss - ok
16:48:34.0953 2116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:48:35.0062 2116 RDPCDD - ok
16:48:35.0093 2116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:48:35.0218 2116 rdpdr - ok
16:48:35.0265 2116 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:48:35.0312 2116 RDPWD - ok
16:48:35.0359 2116 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
16:48:35.0500 2116 RDSessMgr - ok
16:48:35.0531 2116 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:48:35.0671 2116 redbook - ok
16:48:35.0703 2116 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
16:48:35.0843 2116 RemoteAccess - ok
16:48:35.0859 2116 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
16:48:36.0015 2116 RemoteRegistry - ok
16:48:36.0140 2116 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Programme\CyberLink\Shared Files\RichVideo.exe
16:48:36.0156 2116 RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:48:36.0156 2116 RichVideo - detected UnsignedFile.Multi.Generic (1)
16:48:36.0171 2116 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
16:48:36.0328 2116 RpcLocator - ok
16:48:36.0390 2116 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
16:48:36.0421 2116 RpcSs - ok
16:48:36.0453 2116 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
16:48:36.0593 2116 RSVP - ok
16:48:36.0640 2116 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:48:36.0687 2116 RTLE8023xp - ok
16:48:36.0718 2116 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
16:48:36.0875 2116 SamSs - ok
16:48:36.0921 2116 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
16:48:37.0078 2116 SCardSvr - ok
16:48:37.0125 2116 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
16:48:37.0265 2116 Schedule - ok
16:48:37.0296 2116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:48:37.0359 2116 Secdrv - ok
16:48:37.0390 2116 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
16:48:37.0578 2116 seclogon - ok
16:48:37.0593 2116 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
16:48:37.0750 2116 SENS - ok
16:48:37.0781 2116 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
16:48:37.0921 2116 Serial - ok
16:48:37.0937 2116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:48:38.0093 2116 Sfloppy - ok
16:48:38.0156 2116 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
16:48:38.0296 2116 SharedAccess - ok
16:48:38.0343 2116 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:48:38.0359 2116 ShellHWDetection - ok
16:48:38.0359 2116 Simbad - ok
16:48:38.0437 2116 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
16:48:38.0453 2116 SkypeUpdate - ok
16:48:38.0500 2116 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:48:38.0671 2116 SLIP - ok
16:48:38.0671 2116 Sparrow - ok
16:48:38.0687 2116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:48:38.0828 2116 splitter - ok
16:48:38.0875 2116 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:48:38.0906 2116 Spooler - ok
16:48:38.0937 2116 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:48:39.0000 2116 sr - ok
16:48:39.0046 2116 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
16:48:39.0109 2116 srservice - ok
16:48:39.0140 2116 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:48:39.0187 2116 Srv - ok
16:48:39.0234 2116 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
16:48:39.0296 2116 SSDPSRV - ok
16:48:39.0328 2116 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:48:39.0343 2116 ssmdrv - ok
16:48:39.0406 2116 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
16:48:39.0562 2116 stisvc - ok
16:48:39.0609 2116 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:48:39.0781 2116 streamip - ok
16:48:39.0796 2116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:48:39.0921 2116 swenum - ok
16:48:39.0937 2116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:48:40.0078 2116 swmidi - ok
16:48:40.0078 2116 SwPrv - ok
16:48:40.0093 2116 symc810 - ok
16:48:40.0093 2116 symc8xx - ok
16:48:40.0093 2116 sym_hi - ok
16:48:40.0109 2116 sym_u3 - ok
16:48:40.0125 2116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:48:40.0250 2116 sysaudio - ok
16:48:40.0281 2116 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
16:48:40.0453 2116 SysmonLog - ok
16:48:40.0546 2116 SystemStore (1a78d70d7a02c920a18843426682899b) C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
16:48:40.0562 2116 SystemStore ( UnsignedFile.Multi.Generic ) - warning
16:48:40.0562 2116 SystemStore - detected UnsignedFile.Multi.Generic (1)
16:48:40.0609 2116 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
16:48:40.0750 2116 TapiSrv - ok
16:48:40.0796 2116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:48:40.0843 2116 Tcpip - ok
16:48:40.0890 2116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:48:41.0046 2116 TDPIPE - ok
16:48:41.0046 2116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:48:41.0187 2116 TDTCP - ok
16:48:41.0218 2116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:48:41.0375 2116 TermDD - ok
16:48:41.0421 2116 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
16:48:41.0578 2116 TermService - ok
16:48:41.0578 2116 TfFsMon - ok
16:48:41.0593 2116 TfNetMon - ok
16:48:41.0593 2116 TfSysMon - ok
16:48:41.0640 2116 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
16:48:41.0640 2116 Themes - ok
16:48:41.0687 2116 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
16:48:41.0750 2116 TlntSvr - ok
16:48:41.0750 2116 TosIde - ok
16:48:41.0796 2116 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
16:48:41.0937 2116 TrkWks - ok
16:48:41.0968 2116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:48:42.0109 2116 Udfs - ok
16:48:42.0125 2116 ultra - ok
16:48:42.0156 2116 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
16:48:42.0203 2116 UMWdf - ok
16:48:42.0250 2116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:48:42.0390 2116 Update - ok
16:48:42.0437 2116 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
16:48:42.0515 2116 upnphost - ok
16:48:42.0546 2116 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
16:48:42.0718 2116 UPS - ok
16:48:42.0765 2116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:48:42.0906 2116 usbccgp - ok
16:48:42.0953 2116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:48:43.0078 2116 usbehci - ok
16:48:43.0093 2116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:48:43.0250 2116 usbhub - ok
16:48:43.0265 2116 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:48:43.0406 2116 usbohci - ok
16:48:43.0421 2116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:48:43.0593 2116 usbprint - ok
16:48:43.0609 2116 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:48:43.0765 2116 usbstor - ok
16:48:43.0765 2116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:48:43.0875 2116 VgaSave - ok
16:48:43.0890 2116 ViaIde - ok
16:48:43.0921 2116 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:48:44.0109 2116 VolSnap - ok
16:48:44.0171 2116 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
16:48:44.0265 2116 VSS - ok
16:48:44.0312 2116 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
16:48:44.0453 2116 W32Time - ok
16:48:44.0484 2116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:48:44.0640 2116 Wanarp - ok
16:48:44.0687 2116 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:48:44.0734 2116 wanatw - ok
16:48:44.0734 2116 WDICA - ok
16:48:44.0750 2116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:48:44.0890 2116 wdmaud - ok
16:48:44.0921 2116 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
16:48:45.0093 2116 WebClient - ok
16:48:45.0187 2116 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:48:45.0328 2116 winmgmt - ok
16:48:45.0359 2116 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
16:48:45.0390 2116 WmdmPmSN - ok
16:48:45.0453 2116 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
16:48:45.0531 2116 Wmi - ok
16:48:45.0562 2116 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:48:45.0703 2116 WmiApSrv - ok
16:48:45.0875 2116 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:48:45.0921 2116 WPFFontCache_v0400 - ok
16:48:45.0968 2116 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:48:46.0109 2116 WS2IFSL - ok
16:48:46.0312 2116 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
16:48:46.0500 2116 wscsvc - ok
16:48:46.0578 2116 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:48:46.0703 2116 WSTCODEC - ok
16:48:46.0718 2116 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
16:48:46.0875 2116 wuauserv - ok
16:48:47.0296 2116 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
16:48:47.0500 2116 WZCSVC - ok
16:48:47.0500 2116 xcpip - ok
16:48:47.0531 2116 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
16:48:47.0687 2116 xmlprov - ok
16:48:47.0687 2116 xpsec - ok
16:48:47.0703 2116 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
16:48:48.0203 2116 \Device\Harddisk0\DR0 - ok
16:48:48.0218 2116 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR13
16:48:49.0187 2116 \Device\Harddisk6\DR13 - ok
16:48:49.0203 2116 Boot (0x1200) (b137f492af53146361b746e889df95bb) \Device\Harddisk0\DR0\Partition0
16:48:49.0218 2116 \Device\Harddisk0\DR0\Partition0 - ok
16:48:49.0250 2116 Boot (0x1200) (c50d5712cef1a0b1dcb6fe8945cb8afd) \Device\Harddisk0\DR0\Partition1
16:48:49.0250 2116 \Device\Harddisk0\DR0\Partition1 - ok
16:48:49.0265 2116 Boot (0x1200) (eca493ba57436cb4a85cd0f9f24e0487) \Device\Harddisk6\DR13\Partition0
16:48:49.0265 2116 \Device\Harddisk6\DR13\Partition0 - ok
16:48:49.0265 2116 ============================================================
16:48:49.0265 2116 Scan finished
16:48:49.0265 2116 ============================================================
16:48:49.0375 2636 Detected object count: 7
16:48:49.0375 2636 Actual detected object count: 7
16:48:53.0281 2636 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0281 2636 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:53.0296 2636 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:53.0296 2636 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:53.0296 2636 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:53.0296 2636 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:53.0296 2636 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:53.0296 2636 SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:53.0296 2636 SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:49:02.0171 3532 Deinitialize success
|
|
29.05.2012, 08:18
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 12:37
| #13 |
| | Extreme Internet/Rechnerverlangsamung Combofix Logfile: Code:
ATTFilter ComboFix 12-05-30.02 - Besitzer 30.05.2012 13:14:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.540 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\DFC5A2B2.TMP
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\~ygw.tmp
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Desktopicon
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Roaming
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Roaming\HoldemManager\config\FTPRushTables.xml
c:\dokumente und einstellungen\Besitzer\WINDOWS
c:\dokumente und einstellungen\mrpgrey\ntuser.tmp
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-30 ))))))))))))))))))))))))))))))
.
.
2012-05-28 12:49 . 2012-05-28 12:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-24 13:44 . 2012-05-24 13:44 1409 ----a-w- c:\windows\QTFont.for
2012-05-23 21:18 . 2012-05-23 21:18 -------- d-----w- c:\programme\AOL 9.0 VR
2012-05-23 20:31 . 2012-05-23 20:31 -------- d-----w- C:\_OTL
2012-05-21 21:44 . 2004-05-10 19:05 153088 ----a-w- c:\windows\system32\jgdwmie.dll
2012-05-21 21:44 . 2004-05-10 19:05 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-05-21 21:43 . 2012-05-23 21:25 -------- d-----w- c:\programme\Gemeinsame Dateien\aolshare
2012-05-21 21:43 . 2012-05-23 12:10 -------- d-----w- c:\programme\AOL 9.0
2012-05-21 18:11 . 2012-05-21 18:11 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
2012-05-21 07:37 . 2012-05-21 07:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-21 07:36 . 2012-05-21 07:37 -------- d-----w- c:\programme\Freemium
2012-05-11 12:32 . 2012-05-11 12:32 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox
2012-05-11 12:31 . 2012-05-11 12:31 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Freemium
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 20:20 . 2011-06-24 16:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-10 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-10 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-05-21 19:40 . 2012-04-11 13:11 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\programme\AOL 9.0 VRa\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"HostManager"="c:\programme\Gemeinsame Dateien\AOL\1337806936\ee\AOLSoftware.exe" [2006-09-26 50736]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-05-21 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 16:42 933888 ------w- c:\programme\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 ------w- c:\programme\Ahead\ODD Toolkit\dvdtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33 214648 ----a-w- c:\programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-05-21 21:45 98304 ----a-w- c:\programme\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 17:02 49152 ------w- c:\programme\Brother\Brmfl05a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"LightScribeService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"SystemStore"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\Gamers.IRC\\mirc.exe"=
"c:\\Programme\\Octoshape Streaming Services\\Besitzer\\OctoshapeClient.exe"=
"c:\\Programme\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\Eigene Dateien\\HL2_UK\\hl2.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1337806936\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GarenaPEngine;GarenaPEngine;c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\programme\Garena\safedrv.sys [x]
R3 krdpdre;krdpdre;c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-21 129976]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys [x]
R4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SystemStore;System Store;c:\programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-04-24 14848]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-06-13 969728]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.hardId - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15481
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnUpdater - c:\programme\Ask.com\Updater\Updater.exe
MSConfigStartUp-DW6 - c:\programme\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Guard.Mail.ru - c:\programme\Guard-ICQ\GuardICQ.exe
MSConfigStartUp-ICQ - c:\programme\ICQ7.7\ICQ.exe
MSConfigStartUp-ISTray - c:\programme\Spyware Doctor\pctsTray.exe
MSConfigStartUp-Performance Center - c:\programme\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-RealTray - c:\programme\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-Steam - c:\programme\Steam\Steam.exe
AddRemove-AIM LINK - c:\progra~1\GEMEIN~1\aolshare\AIM\UNWISE.EXE
AddRemove-The Weather Channel Desktop 6 - c:\programme\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-William Hill Poker - c:\poker\William Hill Poker\_SetupPoker_585002_en.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 13:27
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3928)
c:\programme\Gemeinsame Dateien\AOL\ACS\WLHook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\programme\AOL 9.0 VRa\waol.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\windows\eHome\ehmsas.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\programme\PostgreSQL\8.3\bin\postgres.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\programme\AOL 9.0 VRa\shellmon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-30 13:31:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-05-30 11:31
.
Vor Suchlauf: 19 Verzeichnis(se), 26.127.790.080 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 26.635.870.208 Bytes frei
.
- - End Of File - - 001490D74EF8294F043D1BE2691434CB
|
|
30.05.2012, 12:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Extreme Internet/Rechnerverlangsamung Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.hardId - a0ed97790000000000000019dbc2cad6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15481
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 13:11
| #15 |
| | Extreme Internet/Rechnerverlangsamung Combofix Logfile: Code:
ATTFilter ComboFix 12-05-30.02 - Besitzer 30.05.2012 13:59:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.631 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Besitzer\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-28 bis 2012-05-30 ))))))))))))))))))))))))))))))
.
.
2012-05-28 12:49 . 2012-05-28 12:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-24 13:44 . 2012-05-24 13:44 1409 ----a-w- c:\windows\QTFont.for
2012-05-23 21:18 . 2012-05-23 21:18 -------- d-----w- c:\programme\AOL 9.0 VR
2012-05-23 20:31 . 2012-05-23 20:31 -------- d-----w- C:\_OTL
2012-05-21 21:44 . 2004-05-10 19:05 153088 ----a-w- c:\windows\system32\jgdwmie.dll
2012-05-21 21:44 . 2004-05-10 19:05 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-05-21 21:43 . 2012-05-23 21:25 -------- d-----w- c:\programme\Gemeinsame Dateien\aolshare
2012-05-21 21:43 . 2012-05-23 12:10 -------- d-----w- c:\programme\AOL 9.0
2012-05-21 18:11 . 2012-05-21 18:11 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
2012-05-21 07:37 . 2012-05-21 07:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-21 07:36 . 2012-05-21 07:37 -------- d-----w- c:\programme\Freemium
2012-05-11 12:32 . 2012-05-11 12:32 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Freemium TubeBox
2012-05-11 12:31 . 2012-05-11 12:31 -------- d-----w- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Freemium
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 20:20 . 2011-06-24 16:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-10 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-10 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-05-21 19:40 . 2012-04-11 13:11 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\programme\AOL 9.0 VRa\AOL.EXE" [2007-06-21 50480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-17 50688]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"HostManager"="c:\programme\Gemeinsame Dateien\AOL\1337806936\ee\AOLSoftware.exe" [2006-09-26 50736]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-05-21 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^DOKUME~1^ALLUSE~1^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokume~1\ALLUSE~1\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 16:42 933888 ------w- c:\programme\Brother\ControlCenter2\brctrcen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2004-09-03 08:58 65536 ------w- c:\programme\Ahead\ODD Toolkit\dvdtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33 214648 ----a-w- c:\programme\Octoshape Streaming Services\Besitzer\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-05-21 21:45 98304 ----a-w- c:\programme\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 17:02 49152 ------w- c:\programme\Brother\Brmfl05a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"LightScribeService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"SystemStore"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\Gamers.IRC\\mirc.exe"=
"c:\\Programme\\Octoshape Streaming Services\\Besitzer\\OctoshapeClient.exe"=
"c:\\Programme\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\Eigene Dateien\\HL2_UK\\hl2.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1337806936\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.07.2009 15:31 108289]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programme\PostgreSQL\8.3\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [13.06.2006 22:04 969728]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp --> c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programme\Garena\safedrv.sys --> c:\programme\Garena\safedrv.sys [?]
S3 krdpdre;krdpdre;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys --> c:\dokume~1\Besitzer\LOKALE~1\Temp\krdpdre.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [21.05.2012 21:40 129976]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 08:50 158856]
S4 SystemStore;System Store;c:\programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [24.04.2012 14:21 14848]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5uwxdfjn.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-30 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\PRFCC8.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2012-05-30 14:09:04
ComboFix-quarantined-files.txt 2012-05-30 12:09
ComboFix2.txt 2012-05-30 11:31
.
Vor Suchlauf: 19 Verzeichnis(se), 26.588.549.120 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 26.586.636.288 Bytes frei
.
- - End Of File - - A5E764DFB50DB304A6F659A0CB319937
|
|
| Themen zu Extreme Internet/Rechnerverlangsamung |
| 100%, ablauf, adware.adon, beschreiben, dateisystem, einfügen, einzige, exploit, extrem, fehler, folge, folgende, freundlich, guten, heuristiks/extra, heuristiks/shuriken, install.exe, interne, nachvollziehen, neu, poste, posten, posts, punkt, pup.adware.installcore, pup.toolbardownloader, rechner, situation, unbekannt, versuche, woche, würde, würdet, übers |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
