| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
12.06.2012, 16:15
| #1 |
 |  Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Hallo, bin auch von dem genannten Trojaner betroffen. Ich hab die Anweisungen bis zum Erstellen einer Logfile befolgt, aber jetzt komme ich nicht mehr weiter. In der Anleitung steht ja, dass OTL.txt und Extras.txt erstellt werden sollen. um es dann anschlißend zu posten, allerdings heißt das erstellte Dokument bei mir nur OTL.txt. Muss ich den Scan nochmal ausführen? Oder habe ich etwas falsch gemacht? Danke im voraus! |
|
14.06.2012, 14:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
14.06.2012, 19:51
| #3 |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Nein, leider nicht.
__________________Ich krieg den PC in keinem abgesicherten Modus mehr hoch, der springt sofort auf den "Virus-Bildschirm" um. Deshalb ja auch kein Internet, weshalb ich eben die Geschichte mit dem OTLPE-Stick versuchen wollte (habe ein ASUS Netbook). |
|
15.06.2012, 12:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Dann poste erstmal das Log von OTLPE. Die Extras brauch ich noch nicht
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.06.2012, 14:26
| #5 |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Hier ist das Logfile, bin mir allerdings nicht sicher, ob es das Richtige ist. Denn als Frage tauchte folgende auf: "Do you wish to load remote user profile(s) for scanning" Habe dann Ja gewählt, allerdings gab es dann versch. Auswahlmöglichkeiten. LocalService NetworkService Susa (Der Name meines Netbooks) systemprofile Habe das Logfile von LocalService erstellt. Allerdings ist unten das Häkchen bei "Automatically load all remaining users", meint das, dass das Logfile von allen 4 Möglichkeiten ist? Tut mir Leid, kenne mich wirklich kaum aus, bin mir nicht mal sicher, ob man Logfiles so postet. OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/12/2012 5:58:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,015.00 Mb Total Physical Memory | 821.00 Mb Available Physical Memory | 81.00% Memory free
903.00 Mb Paging File | 837.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68.45 Gb Total Space | 43.40 Gb Free Space | 63.41% Space Free | Partition Type:
NTFS
Drive D: | 120.03 Mb Total Space | 102.83 Mb Free Space | 85.67% Space Free | Partition
Type: FAT
Drive E: | 68.45 Gb Total Space | 68.37 Gb Free Space | 99.90% Space Free | Partition Type:
NTFS
Drive X: | 1.96 Gb Total Space | 1.62 Gb Free Space | 82.56% Space Free | Partition Type:
FAT
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On |
File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/05/04 12:41:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] --
C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/22 10:39:49 | 000,124,832 | ---- | M] (Yuna Software) [Auto] --
C:\Programme\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe --
(MsgPlusService)
SRV - [2011/10/24 16:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] --
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe --
(Apple Mobile Device)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] --
C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] --
C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] --
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/01/12 10:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand] --
C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 10:41:42 | 000,810,144 | ---- | M] (ESET) [Auto] -- C:\Programme\ESET\ESET
NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] --
C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] --
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/08/19 06:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2011/08/19 06:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2011/08/19 06:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2011/08/19 06:25:26 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand]
-- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/12/21 09:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto] --
C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 09:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System] --
C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 07:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System] --
C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/04/28 02:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto]
-- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/12/14 22:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] --
C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/14 22:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] --
C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/03/30 05:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for
Realtek HD Audio (WDM)
DRV - [2009/03/13 17:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel
| On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel
| On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/18 21:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.)
[Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/08/19 10:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 10:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/24 05:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/29 23:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/08 09:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008/03/10 06:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 05:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel |
On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable"
= 0
IE - HKU\Susa_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=547
8c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms}
IE - HKU\Susa_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=547
8c092-88bb-467a-b0cf-623070b41ac8&sp=hp&searchtype=hp
IE - HKU\Susa_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=547
8c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms}
IE - HKU\Susa_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=547
8c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms}
IE - HKU\Susa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0
IE - HKU\Susa_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer:
C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla
Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:
C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416:
C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft
Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com:
C:\Programme\congstar\Internet-Manager\Bin\addon [2010/04/01 08:29:34 | 000,000,000 | ---D |
M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components:
C:\Programme\Mozilla Firefox\components [2012/05/04 12:41:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins:
C:\Programme\Mozilla Firefox\plugins [2012/04/20 12:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com:
C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/05/27 16:07:02 |
000,000,000 | ---D | M]
[2012/04/20 12:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla
Firefox\extensions
[2011/04/08 15:24:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla
Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/05/04 12:41:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla
firefox\components\browsercomps.dll
[2011/04/26 17:51:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) --
C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 12:42:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla
firefox\searchplugins\amazondotcom-de.xml
[2012/04/20 12:42:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla
firefox\searchplugins\bing.xml
[2012/04/20 12:42:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla
firefox\searchplugins\eBay-de.xml
[2012/04/20 12:42:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla
firefox\searchplugins\leo_ende_de.xml
[2011/10/19 04:30:25 | 000,000,158 | ---- | M] () -- C:\Programme\mozilla
firefox\searchplugins\Search the web.src
[2012/04/20 12:42:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla
firefox\searchplugins\wikipedia-de.xml
[2012/04/20 12:42:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla
firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) -
C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems
Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} -
C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - File not
found
O3 - HKU\Susa_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068}
- No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application
Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer
Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer
Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Programme\Yuna Software\Messenger Plus!
for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
(Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java
Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics
Incorporated)
O4 - HKU\Susa_ON_C..\Run: [98432FF2] C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Lnzbbbs\uxatluul.exe ()
O4 - HKU\Susa_ON_C..\Run: [Browser Infrastructure Helper] C:\Dokumente und
Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.exe
(Smartbar)
O4 - HKU\Susa_ON_C..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\Susa_ON_C..\Run: [quqav.exe] File not found
O4 - HKU\Susa_ON_C..\Run: [vasja] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\
SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
(ASUSTeK Computer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth
Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee
Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee,
Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\MCtlSvc.lnk =
C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
O4 - Startup: C:\Dokumente und
Einstellungen\Susa\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk =
C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting =
1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
DisableRegistryTools = 1
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit
= 1
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr
= 1
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -
C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll
(Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24}
hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
(UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4}
hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.o
cx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
(MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -
C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -
C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -
C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -
C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -
C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -
C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -
C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft
Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft
Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft
Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/12 16:51:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT --
[ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [
FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/06/11 15:35:39 | 000,000,000 | ---D | C] -- C:\Programme\Lame For Audacity
[2012/06/11 15:14:40 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Lnzbbbs
[2012/06/08 08:19:51 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Audacity
[2012/06/08 08:17:16 | 000,000,000 | ---D | C] -- C:\Programme\Audacity
[2012/06/08 07:51:39 | 000,000,000 | ---D | C] -- C:\Programme\mp3DirectCut
[2012/05/27 16:24:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Messenger Plus! for Skype
[2012/05/27 16:23:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Susa\Lokale
Einstellungen\Anwendungsdaten\Smartbar
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/12 10:36:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/12 10:35:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/08 08:17:59 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Audacity.lnk
[2012/06/08 08:17:59 | 000,000,654 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Desktop\Audacity.lnk
[2012/06/08 07:51:40 | 000,000,702 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Desktop\mp3DirectCut.lnk
[2012/06/05 11:32:45 | 000,853,064 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\dVaXNLpoyUspEqeua
[2012/06/03 08:08:10 | 000,016,038 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\EQdGVQOvojpOaNAtgqa
[2012/05/31 16:27:40 | 002,864,488 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\oexTuJsNaQleos
[2012/05/31 09:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/29 14:50:13 | 004,158,016 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\xeqAoyutflrXnNvxUtJO
[2012/05/28 07:44:14 | 000,020,778 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\UTAOJrjsgqoDsO
[2012/05/28 06:29:21 | 000,019,421 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\OtAVfNTveOLslravegsA
[2012/05/27 14:18:13 | 000,015,380 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\dsJEGqdravVxyQlrTv
[2012/05/27 11:49:41 | 000,011,316 | ---- | M] () -- C:\Dokumente und
Einstellungen\Susa\Eigene Dateien\leNpoaqftdEjAXu
[2012/05/18 17:24:35 | 000,449,842 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/18 17:24:35 | 000,433,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/18 17:24:35 | 000,081,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/18 17:24:35 | 000,068,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/08 08:17:59 | 000,000,654 | ---- | C] () -- C:\Dokumente und
Einstellungen\Susa\Desktop\Audacity.lnk
[2012/06/08 08:17:58 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Audacity.lnk
[2012/06/08 07:51:40 | 000,000,702 | ---- | C] () -- C:\Dokumente und
Einstellungen\Susa\Desktop\mp3DirectCut.lnk
[2012/02/26 14:32:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/24 14:30:00 | 000,005,632 | ---- | C] () -- C:\Dokumente und
Einstellungen\Susa\Lokale
Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 08:43:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/16 13:53:09 | 000,041,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/03 12:42:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 10:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/06 10:40:28 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/06/23 13:44:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/23 12:27:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009/06/23 12:27:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009/06/23 12:22:04 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/06/23 12:22:04 | 000,000,008 | ---- | C] () --
C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/06/23 12:20:27 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/06/23 12:20:27 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/06/23 12:18:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/05/12 17:45:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/12 17:44:46 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/12 16:53:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/12 16:49:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/12 16:38:35 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/05/12 16:38:30 | 000,449,842 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009/05/12 16:38:30 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009/05/12 16:38:30 | 000,081,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009/05/12 16:38:30 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009/05/12 16:38:23 | 000,433,470 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/12 16:38:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/05/12 16:38:23 | 000,068,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/12 16:38:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/05/12 16:38:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/05/12 16:38:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/05/12 16:38:22 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/05/12 16:38:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/05/12 16:38:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/05/12 16:38:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/05/12 16:38:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/05/12 16:38:15 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/02/26 02:50:32 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2008/09/02 01:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2012/06/11 15:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Audacity
[2012/06/11 15:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Cuumw
[2012/02/27 15:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\DVDVideoSoft
[2012/06/11 15:36:15 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012/02/19 09:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Internet-Manager
[2012/06/11 15:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Lnzbbbs
[2011/10/19 04:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\OpenOffice.org
[2012/06/11 15:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\PhotoScape
[2012/06/11 15:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\QuickScan
[2012/06/11 15:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\Ryow
[2012/06/11 15:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Susa\Anwendungsdaten\toolplugin
[2011/05/27 16:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\ESET
[2010/12/26 17:23:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\IsolatedStorage
[2011/01/04 20:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Last.fm
[2012/05/28 05:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Messenger Plus!
[2012/05/27 16:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Messenger Plus! for Skype
[2009/10/06 10:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Ralink Driver
[2010/12/26 18:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
========== Purity Check ==========
< End of report >
|
|
15.06.2012, 15:19
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Log ist unbrauchbar. Poste es bitte OHNE Zeilenumbrüche.
__________________ --> Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? |
|
16.06.2012, 13:49
| #7 |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Genauso spuckt mir der Scan es aber als Textdatei aus, hab es nur kopiert. Wie soll ich die Zeilenumbrüche da rauskriegen? |
|
17.06.2012, 20:58
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Nimm einen bsseren Texteditor, sowas wie Notepad++ Oder pack die Logdatei erstmal in den Anhang
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.06.2012, 22:15
| #9 |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Hier ist es erstmal als Anhang  |
|
18.06.2012, 10:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - File not found
O3 - HKU\Susa_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\Susa_ON_C..\Run: [98432FF2] C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Lnzbbbs\uxatluul.exe ()
O4 - HKU\Susa_ON_C..\Run: [Browser Infrastructure Helper] C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKU\Susa_ON_C..\Run: [quqav.exe] File not found
O4 - HKU\Susa_ON_C..\Run: [vasja] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Susa_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/12 16:51:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
:Files
C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Cuumw
C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Lnzbbbs
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2012, 20:00
| #11 | |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Wow, ich bin grade echt geflasht, Windows fährt tatsächlich wieder hoch! Habe den Qurantäne-Ordner wie beschrieben hochgeladen, Logfile nach dem Fix gibts hintendran. Vielen vielen vielen vielen Dank, wirklich! Ich bin wirklich erleichtert, jetzt kann ich nur hoffen, dass meine Dateien gerettet werden können, dann wäre mein Glück perfekt. Dankeschön! Zitat:
|
|
21.06.2012, 21:19
| #12 |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Soo hat jetzt doch alles geklappt Diesmal kam jetzt OTL.txt und Extras.txt, ich poste vorsichtshalber einfach mal beides: OTL.txt: Code:
ATTFilter OTL logfile created on: 21.06.2012 21:29:37 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Dokumente und Einstellungen\Susa\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,17 Mb Total Physical Memory | 512,70 Mb Available Physical Memory | 50,50% Memory free 2,38 Gb Paging File | 1,98 Gb Available in Paging File | 82,90% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 68,45 Gb Total Space | 42,75 Gb Free Space | 62,45% Space Free | Partition Type: NTFS Drive D: | 68,45 Gb Total Space | 68,37 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Computer Name: NAME-BQC30SBMP9 | User Name: Susa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.21 21:12:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Susa\Desktop\OTL.exe PRC - [2012.04.27 16:50:00 | 000,603,536 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK32.EXE PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012.01.22 16:39:49 | 000,124,832 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.08.30 10:30:10 | 000,060,688 | ---- | M] (ZTE) -- C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe PRC - [2011.08.30 10:30:08 | 000,220,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe PRC - [2011.08.30 10:30:06 | 000,036,624 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.10.06 15:53:42 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe PRC - [2009.07.27 16:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe PRC - [2009.06.25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2009.04.16 19:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe PRC - [2009.04.16 18:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe PRC - [2009.03.25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe PRC - [2009.03.13 16:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe PRC - [2008.09.02 07:26:16 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.09.02 07:26:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.14 14:00:00 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe ========== Modules (No Company Name) ========== MOD - [2012.06.20 03:45:43 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.06.20 03:45:40 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.06.20 03:45:39 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012.06.20 03:45:23 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2012.06.20 03:45:22 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.06.20 03:45:19 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.06.20 03:45:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2012.06.20 03:45:02 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.05.11 16:33:57 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.08.30 10:30:08 | 000,220,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe MOD - [2011.08.30 10:30:06 | 000,036,624 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe MOD - [2011.08.30 10:16:06 | 000,098,816 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\itapi.dll MOD - [2011.08.30 10:15:58 | 000,043,008 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\audio.dll MOD - [2011.08.30 10:15:50 | 000,055,296 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\coder.dll MOD - [2011.08.30 10:15:50 | 000,035,840 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll MOD - [2011.08.30 10:15:46 | 000,027,136 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\log.dll MOD - [2011.08.30 10:14:30 | 000,020,992 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll MOD - [2011.05.06 05:03:32 | 000,594,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll MOD - [2011.05.06 05:02:40 | 000,341,504 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll MOD - [2010.10.14 11:37:52 | 000,971,776 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll MOD - [2010.10.14 11:37:52 | 000,080,688 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll MOD - [2009.07.27 16:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe MOD - [2009.06.25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe MOD - [2009.06.25 10:15:22 | 000,135,168 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Enumeration.dll MOD - [2009.06.23 18:39:09 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2009.06.23 18:39:09 | 000,029,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll MOD - [2009.04.13 18:08:40 | 000,136,464 | ---- | M] () -- C:\Programme\ASUS\Eee Storage\EcaremeDLL.dll MOD - [2009.03.23 17:55:50 | 000,176,128 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Parser.dll MOD - [2009.03.23 17:53:46 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\ClientSocket.dll MOD - [2008.09.02 07:25:26 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2008.09.02 07:23:22 | 000,040,960 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.05.04 18:41:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.22 16:39:49 | 000,124,832 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Programme\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService) SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2011.08.19 12:25:26 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2010.04.28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 04:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009.03.30 11:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.03.13 23:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009.03.02 07:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2008.11.19 03:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf) DRV - [2008.08.19 16:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.08.19 16:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.07.24 11:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.05.30 05:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.04.08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008.03.10 12:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008.02.04 11:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=5478c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=5478c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms} IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=5478c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms} IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=5478c092-88bb-467a-b0cf-623070b41ac8&sp=hp&searchtype=hp IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=5478c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms} IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=5478c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms} IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=5478c092-88bb-467a-b0cf-623070b41ac8&sp=addr&q={searchTerms} IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-173427524-1861343638-2735064652-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.04 18:41:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.20 18:43:10 | 000,000,000 | ---D | M] [2010.12.26 16:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Mozilla\Extensions [2012.06.19 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\extensions [2012.05.28 22:16:52 | 000,000,000 | ---D | M] ("Messenger Plus! Community Smartbar") -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\extensions\helperbar@helperbar.com [2011.10.19 10:30:25 | 000,000,000 | ---D | M] (toolplugin) -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\extensions\welcome@toolmin.com [2012.05.27 22:24:16 | 000,002,422 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\searchplugins\aLUqyGoVjtlupgsJ [2012.04.20 18:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.08 21:24:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.05.04 18:41:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.04.26 23:51:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.04.20 18:42:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.20 18:42:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.20 18:42:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.20 18:42:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.19 10:30:25 | 000,000,158 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search the web.src [2012.04.20 18:42:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.20 18:42:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.19 06:17:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Programme\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-173427524-1861343638-2735064652-1005..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MCtlSvc.lnk = C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) O4 - Startup: C:\Dokumente und Einstellungen\Susa\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51EA980D-FFE8-4339-B4E9-8ADB5C4FC833}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3a07b19f-690e-11e0-980f-0025d3e50b4a}\Shell - "" = AutoRun O33 - MountPoints2\{3a07b19f-690e-11e0-980f-0025d3e50b4a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3a07b19f-690e-11e0-980f-0025d3e50b4a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3a07b1a0-690e-11e0-980f-0025d3e50b4a}\Shell - "" = AutoRun O33 - MountPoints2\{3a07b1a0-690e-11e0-980f-0025d3e50b4a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3a07b1a0-690e-11e0-980f-0025d3e50b4a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 21:12:16 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Susa\Desktop\OTL.exe [2012.06.19 22:08:16 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.06.19 22:07:17 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Susa\Desktop\esetsmartinstaller_enu.exe [2012.06.19 06:17:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.18 22:41:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Malwarebytes [2012.06.18 22:41:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.18 22:41:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.18 22:41:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.18 22:41:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.18 20:39:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinZip [2012.06.18 20:38:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.06.18 20:38:06 | 000,000,000 | ---D | C] -- C:\Programme\WinZip [2012.06.11 21:35:39 | 000,000,000 | ---D | C] -- C:\Programme\Lame For Audacity [2012.06.08 14:19:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Audacity [2012.06.08 14:17:16 | 000,000,000 | ---D | C] -- C:\Programme\Audacity [2012.06.08 13:51:39 | 000,000,000 | ---D | C] -- C:\Programme\mp3DirectCut [2012.05.27 22:24:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! for Skype [2012.05.27 22:23:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\Smartbar [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.21 21:12:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Susa\Desktop\OTL.exe [2012.06.21 20:21:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.21 20:21:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.20 04:03:06 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.20 03:46:15 | 000,449,842 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.20 03:46:15 | 000,433,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.20 03:46:15 | 000,081,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.20 03:46:15 | 000,068,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.20 03:40:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.19 22:07:21 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Susa\Desktop\esetsmartinstaller_enu.exe [2012.06.19 00:18:19 | 000,003,172 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\loooogs [2012.06.18 22:41:31 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 20:39:02 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk [2012.06.18 20:39:02 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk [2012.06.18 20:36:56 | 055,555,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Desktop\winzip.exe [2012.06.08 14:17:59 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Desktop\Audacity.lnk [2012.06.08 13:51:40 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Desktop\mp3DirectCut.lnk [2012.06.05 17:32:45 | 000,853,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\dVaXNLpoyUspEqeua [2012.06.03 14:08:10 | 000,016,038 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\EQdGVQOvojpOaNAtgqa [2012.05.31 22:27:40 | 002,864,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\oexTuJsNaQleos [2012.05.29 20:50:13 | 004,158,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\xeqAoyutflrXnNvxUtJO [2012.05.28 13:44:14 | 000,020,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\UTAOJrjsgqoDsO [2012.05.28 12:29:21 | 000,019,421 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\OtAVfNTveOLslravegsA [2012.05.27 20:18:13 | 000,015,380 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\dsJEGqdravVxyQlrTv [2012.05.27 17:49:41 | 000,011,316 | ---- | M] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\leNpoaqftdEjAXu [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.19 00:18:18 | 000,003,172 | ---- | C] () -- C:\Dokumente und Einstellungen\Susa\Eigene Dateien\loooogs [2012.06.18 22:41:31 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 20:39:02 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk [2012.06.18 20:38:53 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk [2012.06.18 20:36:44 | 055,555,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Susa\Desktop\winzip.exe [2012.06.08 14:17:59 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\Susa\Desktop\Audacity.lnk [2012.06.08 14:17:58 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Audacity.lnk [2012.06.08 13:51:40 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\Susa\Desktop\mp3DirectCut.lnk [2012.02.26 20:32:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.24 20:30:00 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.28 14:43:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.01.16 19:53:09 | 000,041,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.01.03 18:42:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.12.26 16:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat ========== LOP Check ========== [2010.12.26 23:23:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage [2011.01.05 02:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2012.05.28 11:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2012.05.27 22:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! for Skype [2009.10.06 16:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver [2012.06.18 20:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.12.27 00:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.06.11 21:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Audacity [2012.02.27 21:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\DVDVideoSoft [2012.06.11 21:36:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.02.19 15:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Internet-Manager [2011.10.19 10:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\OpenOffice.org [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\PhotoScape [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\QuickScan [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Ryow [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\toolplugin ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.19 23:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Adobe [2011.12.27 16:17:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Apple Computer [2012.06.11 21:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Audacity [2012.02.27 21:31:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\DVDVideoSoft [2012.06.11 21:36:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\DVDVideoSoftIEHelpers [2009.05.12 22:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Identities [2009.06.23 18:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\InstallShield [2012.02.19 15:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Internet-Manager [2010.12.26 22:09:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Macromedia [2012.06.18 22:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Malwarebytes [2012.04.25 18:15:42 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Microsoft [2010.12.26 16:22:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Mozilla [2011.10.19 10:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\OpenOffice.org [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\PhotoScape [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\QuickScan [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Ryow [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Skype [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\skypePM [2011.04.26 23:50:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Sun [2012.06.11 21:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\toolplugin < %APPDATA%\*.exe /s > [2011.12.09 23:31:46 | 008,197,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.05.13 00:44:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.05.13 00:44:19 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.05.13 00:44:19 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.06.2012 21:29:37 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Dokumente und Einstellungen\Susa\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 512,70 Mb Available Physical Memory | 50,50% Memory free
2,38 Gb Paging File | 1,98 Gb Available in Paging File | 82,90% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,45 Gb Total Space | 42,75 Gb Free Space | 62,45% Space Free | Partition Type: NTFS
Drive D: | 68,45 Gb Total Space | 68,37 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Computer Name: NAME-BQC30SBMP9 | User Name: Susa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-173427524-1861343638-2735064652-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\Update_74af.exe" = C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\Update_74af.exe:*:Enabled:InstallCore™ -- (Yuna Software)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{651CA61C-6803-4E74-8CA6-9DA721F1D24E}" = iDumpPod2iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E96C20F3-A941-4232-9675-E97E61A9D0F4}" = Messenger Plus! Community Smartbar
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASUS VIBE" = ASUS VIBE
"Audacity_is1" = Audacity 2.0
"Eee Docking_is1" = Eee Docking 1.3.6.0
"Eee Storage" = Eee Storage
"EeePC_1005HA" = EeePC_1005HA Screen Saver
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"toolplugin" = toolplugin
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.06.2012 16:44:26 | Computer Name = NAME-BQC30SBMP9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.06.2012 16:44:26 | Computer Name = NAME-BQC30SBMP9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
Error - 20.06.2012 16:44:26 | Computer Name = NAME-BQC30SBMP9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
Error - 20.06.2012 16:44:28 | Computer Name = NAME-BQC30SBMP9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.06.2012 16:44:28 | Computer Name = NAME-BQC30SBMP9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4188
Error - 20.06.2012 16:44:28 | Computer Name = NAME-BQC30SBMP9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4188
Error - 21.06.2012 15:22:03 | Computer Name = NAME-BQC30SBMP9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.50.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.06.2012 15:22:03 | Computer Name = NAME-BQC30SBMP9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.50.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.06.2012 15:24:08 | Computer Name = NAME-BQC30SBMP9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.50.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.06.2012 15:24:10 | Computer Name = NAME-BQC30SBMP9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.50.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 16.05.2012 11:47:35 | Computer Name = NAME-BQC30SBMP9 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 16.05.2012 11:47:35 | Computer Name = NAME-BQC30SBMP9 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 16.05.2012 11:47:36 | Computer Name = NAME-BQC30SBMP9 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 16.05.2012 11:47:36 | Computer Name = NAME-BQC30SBMP9 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 16.05.2012 11:48:17 | Computer Name = NAME-BQC30SBMP9 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 16.05.2012 11:48:17 | Computer Name = NAME-BQC30SBMP9 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 19.06.2012 00:36:17 | Computer Name = NAME-BQC30SBMP9 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
Error - 19.06.2012 14:40:39 | Computer Name = NAME-BQC30SBMP9 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 19.06.2012 14:40:42 | Computer Name = NAME-BQC30SBMP9 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
atapi PCIIde
< End of report >
|
|
01.07.2012, 22:25
| #13 |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Ich poste das einfach mal wieder in diesem [code].. Code:
ATTFilter 23:16:52.0343 1840 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
23:16:52.0609 1840 ============================================================
23:16:52.0609 1840 Current date / time: 2012/07/01 23:16:52.0609
23:16:52.0609 1840 SystemInfo:
23:16:52.0609 1840
23:16:52.0609 1840 OS Version: 5.1.2600 ServicePack: 3.0
23:16:52.0609 1840 Product type: Workstation
23:16:52.0609 1840 ComputerName: NAME-BQC30SBMP9
23:16:52.0609 1840 UserName: Susa
23:16:52.0609 1840 Windows directory: C:\WINDOWS
23:16:52.0609 1840 System windows directory: C:\WINDOWS
23:16:52.0609 1840 Processor architecture: Intel x86
23:16:52.0609 1840 Number of processors: 2
23:16:52.0609 1840 Page size: 0x1000
23:16:52.0609 1840 Boot type: Normal boot
23:16:52.0609 1840 ============================================================
23:16:55.0875 1840 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:16:55.0890 1840 ============================================================
23:16:55.0890 1840 \Device\Harddisk0\DR0:
23:16:55.0921 1840 MBR partitions:
23:16:55.0921 1840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88E80A9
23:16:55.0921 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88E80E8, BlocksNum 0x88E4227
23:16:55.0921 1840 ============================================================
23:16:55.0968 1840 C: <-> \Device\Harddisk0\DR0\Partition0
23:16:56.0062 1840 D: <-> \Device\Harddisk0\DR0\Partition1
23:16:56.0109 1840 ============================================================
23:16:56.0109 1840 Initialize success
23:16:56.0109 1840 ============================================================
23:17:19.0359 2580 ============================================================
23:17:19.0359 2580 Scan started
23:17:19.0359 2580 Mode: Manual;
23:17:19.0359 2580 ============================================================
23:17:19.0984 2580 Abiosdsk - ok
23:17:20.0000 2580 abp480n5 - ok
23:17:20.0046 2580 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:17:20.0062 2580 ACPI - ok
23:17:20.0078 2580 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:17:20.0093 2580 ACPIEC - ok
23:17:20.0109 2580 adpu160m - ok
23:17:20.0156 2580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:17:20.0156 2580 aec - ok
23:17:20.0218 2580 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:17:20.0234 2580 AFD - ok
23:17:20.0234 2580 Aha154x - ok
23:17:20.0265 2580 aic78u2 - ok
23:17:20.0281 2580 aic78xx - ok
23:17:20.0328 2580 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:17:20.0328 2580 Alerter - ok
23:17:20.0359 2580 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:17:20.0359 2580 ALG - ok
23:17:20.0375 2580 AliIde - ok
23:17:20.0609 2580 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:17:20.0671 2580 Ambfilt - ok
23:17:20.0765 2580 amsint - ok
23:17:20.0875 2580 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:17:20.0875 2580 Apple Mobile Device - ok
23:17:20.0890 2580 AppMgmt - ok
23:17:21.0109 2580 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
23:17:21.0156 2580 AR5416 - ok
23:17:21.0281 2580 asc - ok
23:17:21.0296 2580 asc3350p - ok
23:17:21.0312 2580 asc3550 - ok
23:17:21.0421 2580 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:17:21.0453 2580 aspnet_state - ok
23:17:21.0484 2580 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
23:17:21.0484 2580 AsusACPI - ok
23:17:21.0515 2580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:17:21.0515 2580 AsyncMac - ok
23:17:21.0578 2580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:17:21.0578 2580 atapi - ok
23:17:21.0593 2580 Atdisk - ok
23:17:21.0671 2580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:17:21.0671 2580 Atmarpc - ok
23:17:21.0718 2580 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:17:21.0734 2580 AudioSrv - ok
23:17:21.0781 2580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:17:21.0781 2580 audstub - ok
23:17:21.0937 2580 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Programme\Microsoft\BingBar\BBSvc.EXE
23:17:21.0953 2580 BBSvc - ok
23:17:22.0015 2580 BBUpdate (785de7abda13309d6065305542829e76) C:\Programme\Microsoft\BingBar\SeaPort.EXE
23:17:22.0031 2580 BBUpdate - ok
23:17:22.0078 2580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:17:22.0078 2580 Beep - ok
23:17:22.0171 2580 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
23:17:22.0218 2580 BITS - ok
23:17:22.0250 2580 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\WINDOWS\system32\drivers\BMLoad.sys
23:17:22.0265 2580 BMLoad - ok
23:17:22.0343 2580 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
23:17:22.0359 2580 Bonjour Service - ok
23:17:22.0421 2580 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:17:22.0421 2580 Browser - ok
23:17:22.0531 2580 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
23:17:22.0562 2580 btaudio - ok
23:17:22.0609 2580 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
23:17:22.0609 2580 BTDriver - ok
23:17:22.0781 2580 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:17:22.0812 2580 BTKRNL - ok
23:17:22.0921 2580 btwdins (e43f7709f36444681978f9dc067a976b) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:17:22.0937 2580 btwdins - ok
23:17:22.0968 2580 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:17:22.0984 2580 BTWDNDIS - ok
23:17:23.0015 2580 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
23:17:23.0015 2580 btwhid - ok
23:17:23.0031 2580 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
23:17:23.0031 2580 BTWUSB - ok
23:17:23.0078 2580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:17:23.0078 2580 cbidf2k - ok
23:17:23.0109 2580 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:17:23.0109 2580 CCDECODE - ok
23:17:23.0125 2580 cd20xrnt - ok
23:17:23.0171 2580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:17:23.0171 2580 Cdaudio - ok
23:17:23.0187 2580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:17:23.0203 2580 Cdfs - ok
23:17:23.0234 2580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:17:23.0234 2580 Cdrom - ok
23:17:23.0250 2580 Changer - ok
23:17:23.0281 2580 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:17:23.0281 2580 CiSvc - ok
23:17:23.0296 2580 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:17:23.0296 2580 ClipSrv - ok
23:17:23.0390 2580 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:23.0437 2580 clr_optimization_v2.0.50727_32 - ok
23:17:23.0484 2580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:17:23.0484 2580 CmBatt - ok
23:17:23.0500 2580 CmdIde - ok
23:17:23.0515 2580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:17:23.0531 2580 Compbatt - ok
23:17:23.0531 2580 COMSysApp - ok
23:17:23.0562 2580 Cpqarray - ok
23:17:23.0625 2580 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:17:23.0640 2580 CryptSvc - ok
23:17:23.0640 2580 dac2w2k - ok
23:17:23.0656 2580 dac960nt - ok
23:17:23.0750 2580 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:17:23.0765 2580 DcomLaunch - ok
23:17:23.0828 2580 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:17:23.0843 2580 Dhcp - ok
23:17:23.0875 2580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:17:23.0890 2580 Disk - ok
23:17:23.0890 2580 dmadmin - ok
23:17:24.0031 2580 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:17:24.0062 2580 dmboot - ok
23:17:24.0093 2580 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:17:24.0109 2580 dmio - ok
23:17:24.0125 2580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:17:24.0140 2580 dmload - ok
23:17:24.0140 2580 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:17:24.0156 2580 dmserver - ok
23:17:24.0203 2580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:17:24.0203 2580 DMusic - ok
23:17:24.0250 2580 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
23:17:24.0250 2580 Dnscache - ok
23:17:24.0281 2580 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:17:24.0281 2580 Dot3svc - ok
23:17:24.0296 2580 dpti2o - ok
23:17:24.0328 2580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:17:24.0328 2580 drmkaud - ok
23:17:24.0359 2580 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:17:24.0375 2580 EapHost - ok
23:17:24.0375 2580 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:17:24.0390 2580 ERSvc - ok
23:17:24.0437 2580 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:17:24.0453 2580 Eventlog - ok
23:17:24.0500 2580 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
23:17:24.0515 2580 EventSystem - ok
23:17:24.0562 2580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:17:24.0562 2580 Fastfat - ok
23:17:24.0625 2580 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:17:24.0625 2580 FastUserSwitchingCompatibility - ok
23:17:24.0671 2580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:17:24.0671 2580 Fdc - ok
23:17:24.0703 2580 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:17:24.0703 2580 Fips - ok
23:17:24.0734 2580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:17:24.0734 2580 Flpydisk - ok
23:17:24.0781 2580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:17:24.0796 2580 FltMgr - ok
23:17:24.0906 2580 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:17:24.0906 2580 FontCache3.0.0.0 - ok
23:17:24.0953 2580 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:17:24.0953 2580 fssfltr - ok
23:17:25.0125 2580 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
23:17:25.0156 2580 fsssvc - ok
23:17:25.0203 2580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:17:25.0203 2580 Fs_Rec - ok
23:17:25.0265 2580 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:17:25.0265 2580 Ftdisk - ok
23:17:25.0296 2580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:17:25.0296 2580 GEARAspiWDM - ok
23:17:25.0343 2580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:17:25.0343 2580 Gpc - ok
23:17:25.0375 2580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:17:25.0390 2580 HDAudBus - ok
23:17:25.0437 2580 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:17:25.0437 2580 helpsvc - ok
23:17:25.0468 2580 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
23:17:25.0484 2580 HidServ - ok
23:17:25.0546 2580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:17:25.0546 2580 HidUsb - ok
23:17:25.0609 2580 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:17:25.0609 2580 hkmsvc - ok
23:17:25.0625 2580 hpn - ok
23:17:25.0656 2580 HSPADataCardusbmdm (69cfe473434102d3fb12dbc7fda0d2a7) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbmdm.sys
23:17:25.0671 2580 HSPADataCardusbmdm - ok
23:17:25.0703 2580 HSPADataCardusbnmea (69cfe473434102d3fb12dbc7fda0d2a7) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbnmea.sys
23:17:25.0703 2580 HSPADataCardusbnmea - ok
23:17:25.0734 2580 HSPADataCardusbser (69cfe473434102d3fb12dbc7fda0d2a7) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbser.sys
23:17:25.0734 2580 HSPADataCardusbser - ok
23:17:25.0812 2580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:17:25.0812 2580 HTTP - ok
23:17:25.0843 2580 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:17:25.0859 2580 HTTPFilter - ok
23:17:25.0875 2580 hwdatacard - ok
23:17:25.0921 2580 i2omgmt - ok
23:17:25.0937 2580 i2omp - ok
23:17:25.0968 2580 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:17:25.0968 2580 i8042prt - ok
23:17:26.0640 2580 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:17:26.0875 2580 ialm - ok
23:17:27.0031 2580 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
23:17:27.0031 2580 iaStor - ok
23:17:27.0250 2580 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:17:27.0281 2580 idsvc - ok
23:17:27.0312 2580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:17:27.0328 2580 Imapi - ok
23:17:27.0375 2580 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:17:27.0375 2580 ImapiService - ok
23:17:27.0406 2580 ini910u - ok
23:17:28.0000 2580 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:17:28.0156 2580 IntcAzAudAddService - ok
23:17:28.0296 2580 IntelIde - ok
23:17:28.0343 2580 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:17:28.0343 2580 intelppm - ok
23:17:28.0359 2580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:17:28.0375 2580 Ip6Fw - ok
23:17:28.0375 2580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:17:28.0390 2580 IpFilterDriver - ok
23:17:28.0390 2580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:17:28.0390 2580 IpInIp - ok
23:17:28.0437 2580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:17:28.0437 2580 IpNat - ok
23:17:28.0593 2580 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Programme\iPod\bin\iPodService.exe
23:17:28.0609 2580 iPod Service - ok
23:17:28.0656 2580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:17:28.0656 2580 IPSec - ok
23:17:28.0687 2580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:17:28.0703 2580 IRENUM - ok
23:17:28.0734 2580 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:17:28.0750 2580 isapnp - ok
23:17:28.0843 2580 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Programme\Java\jre6\bin\jqs.exe
23:17:28.0859 2580 JavaQuickStarterService - ok
23:17:28.0906 2580 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:17:28.0906 2580 Kbdclass - ok
23:17:28.0968 2580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:17:28.0968 2580 kmixer - ok
23:17:29.0031 2580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:17:29.0046 2580 KSecDD - ok
23:17:29.0062 2580 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
23:17:29.0062 2580 L1c - ok
23:17:29.0125 2580 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
23:17:29.0125 2580 LanmanServer - ok
23:17:29.0156 2580 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
23:17:29.0171 2580 lanmanworkstation - ok
23:17:29.0171 2580 lbrtfdc - ok
23:17:29.0234 2580 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:17:29.0250 2580 LmHosts - ok
23:17:29.0281 2580 massfilter (d5673785903639d186dc345ff86f423f) C:\WINDOWS\system32\drivers\massfilter.sys
23:17:29.0281 2580 massfilter - ok
23:17:29.0312 2580 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:17:29.0312 2580 MBAMProtector - ok
23:17:29.0421 2580 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:17:29.0437 2580 MBAMService - ok
23:17:29.0484 2580 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:17:29.0500 2580 Messenger - ok
23:17:29.0546 2580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:17:29.0546 2580 mnmdd - ok
23:17:29.0578 2580 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:17:29.0578 2580 mnmsrvc - ok
23:17:29.0625 2580 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:17:29.0625 2580 Modem - ok
23:17:29.0812 2580 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
23:17:29.0875 2580 Monfilt - ok
23:17:29.0921 2580 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:17:29.0937 2580 Mouclass - ok
23:17:29.0984 2580 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:17:29.0984 2580 mouhid - ok
23:17:30.0031 2580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:17:30.0031 2580 MountMgr - ok
23:17:30.0125 2580 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:17:30.0140 2580 MozillaMaintenance - ok
23:17:30.0140 2580 mraid35x - ok
23:17:30.0187 2580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:17:30.0203 2580 MRxDAV - ok
23:17:30.0281 2580 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:17:30.0296 2580 MRxSmb - ok
23:17:30.0328 2580 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:17:30.0343 2580 MSDTC - ok
23:17:30.0375 2580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:17:30.0375 2580 Msfs - ok
23:17:30.0421 2580 MsgPlusService (3f3d6e8bd31b3c017d0ab24cd5ec0d05) C:\Programme\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
23:17:30.0421 2580 MsgPlusService - ok
23:17:30.0437 2580 MSIServer - ok
23:17:30.0468 2580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:17:30.0468 2580 MSKSSRV - ok
23:17:30.0500 2580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:17:30.0500 2580 MSPCLOCK - ok
23:17:30.0531 2580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:17:30.0531 2580 MSPQM - ok
23:17:30.0578 2580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:17:30.0578 2580 mssmbios - ok
23:17:30.0593 2580 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:17:30.0593 2580 MSTEE - ok
23:17:30.0640 2580 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:17:30.0640 2580 Mup - ok
23:17:30.0656 2580 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:17:30.0671 2580 NABTSFEC - ok
23:17:30.0750 2580 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:17:30.0765 2580 napagent - ok
23:17:30.0812 2580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:17:30.0828 2580 NDIS - ok
23:17:30.0859 2580 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:17:30.0859 2580 NdisIP - ok
23:17:30.0906 2580 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:17:30.0906 2580 NdisTapi - ok
23:17:30.0953 2580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:17:30.0953 2580 Ndisuio - ok
23:17:30.0968 2580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:17:30.0984 2580 NdisWan - ok
23:17:31.0031 2580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:17:31.0031 2580 NDProxy - ok
23:17:31.0046 2580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:17:31.0062 2580 NetBIOS - ok
23:17:31.0109 2580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:17:31.0125 2580 NetBT - ok
23:17:31.0156 2580 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:17:31.0171 2580 NetDDE - ok
23:17:31.0187 2580 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:17:31.0187 2580 NetDDEdsdm - ok
23:17:31.0218 2580 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:17:31.0234 2580 Netlogon - ok
23:17:31.0296 2580 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:17:31.0312 2580 Netman - ok
23:17:31.0437 2580 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:17:31.0437 2580 NetTcpPortSharing - ok
23:17:31.0515 2580 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
23:17:31.0515 2580 Nla - ok
23:17:31.0562 2580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:17:31.0562 2580 Npfs - ok
23:17:31.0656 2580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:17:31.0687 2580 Ntfs - ok
23:17:31.0687 2580 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:17:31.0703 2580 NtLmSsp - ok
23:17:31.0765 2580 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:17:31.0781 2580 NtmsSvc - ok
23:17:31.0812 2580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:17:31.0812 2580 Null - ok
23:17:31.0859 2580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:17:31.0859 2580 NwlnkFlt - ok
23:17:31.0875 2580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:17:31.0875 2580 NwlnkFwd - ok
23:17:32.0078 2580 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:17:32.0093 2580 odserv - ok
23:17:32.0156 2580 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:17:32.0171 2580 ose - ok
23:17:32.0218 2580 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
23:17:32.0218 2580 Parport - ok
23:17:32.0250 2580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:17:32.0250 2580 PartMgr - ok
23:17:32.0296 2580 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:17:32.0296 2580 ParVdm - ok
23:17:32.0328 2580 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:17:32.0328 2580 PCI - ok
23:17:32.0359 2580 PCIDump - ok
23:17:32.0375 2580 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:17:32.0375 2580 PCIIde - ok
23:17:32.0421 2580 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:17:32.0421 2580 Pcmcia - ok
23:17:32.0437 2580 PDCOMP - ok
23:17:32.0453 2580 PDFRAME - ok
23:17:32.0468 2580 PDRELI - ok
23:17:32.0484 2580 PDRFRAME - ok
23:17:32.0500 2580 perc2 - ok
23:17:32.0515 2580 perc2hib - ok
23:17:32.0593 2580 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:17:32.0609 2580 PlugPlay - ok
23:17:32.0625 2580 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:17:32.0625 2580 PolicyAgent - ok
23:17:32.0656 2580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:17:32.0671 2580 PptpMiniport - ok
23:17:32.0671 2580 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:17:32.0671 2580 ProtectedStorage - ok
23:17:32.0687 2580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:17:32.0703 2580 PSched - ok
23:17:32.0718 2580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:17:32.0718 2580 Ptilink - ok
23:17:32.0734 2580 ql1080 - ok
23:17:32.0750 2580 Ql10wnt - ok
23:17:32.0750 2580 ql12160 - ok
23:17:32.0765 2580 ql1240 - ok
23:17:32.0781 2580 ql1280 - ok
23:17:32.0812 2580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:17:32.0828 2580 RasAcd - ok
23:17:32.0859 2580 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:17:32.0859 2580 RasAuto - ok
23:17:32.0890 2580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:17:32.0890 2580 Rasl2tp - ok
23:17:32.0921 2580 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:17:32.0937 2580 RasMan - ok
23:17:32.0968 2580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:17:32.0968 2580 RasPppoe - ok
23:17:32.0984 2580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:17:32.0984 2580 Raspti - ok
23:17:33.0031 2580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:17:33.0031 2580 Rdbss - ok
23:17:33.0078 2580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:17:33.0078 2580 RDPCDD - ok
23:17:33.0140 2580 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:17:33.0140 2580 RDPWD - ok
23:17:33.0187 2580 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:17:33.0203 2580 RDSessMgr - ok
23:17:33.0250 2580 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:17:33.0250 2580 redbook - ok
23:17:33.0296 2580 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:17:33.0296 2580 RemoteAccess - ok
23:17:33.0328 2580 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:17:33.0328 2580 RpcLocator - ok
23:17:33.0437 2580 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:17:33.0453 2580 RpcSs - ok
23:17:33.0484 2580 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:17:33.0500 2580 RSVP - ok
23:17:33.0515 2580 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:17:33.0531 2580 SamSs - ok
23:17:33.0562 2580 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:17:33.0578 2580 SCardSvr - ok
23:17:33.0640 2580 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:17:33.0656 2580 Schedule - ok
23:17:33.0687 2580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:17:33.0687 2580 Secdrv - ok
23:17:33.0734 2580 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:17:33.0734 2580 seclogon - ok
23:17:33.0765 2580 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:17:33.0781 2580 SENS - ok
23:17:33.0812 2580 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
23:17:33.0812 2580 Serial - ok
23:17:33.0843 2580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:17:33.0843 2580 Sfloppy - ok
23:17:33.0921 2580 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
23:17:33.0937 2580 SharedAccess - ok
23:17:33.0984 2580 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:17:33.0984 2580 ShellHWDetection - ok
23:17:34.0000 2580 Simbad - ok
23:17:34.0031 2580 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:17:34.0046 2580 SLIP - ok
23:17:34.0046 2580 Sparrow - ok
23:17:34.0093 2580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:17:34.0093 2580 splitter - ok
23:17:34.0140 2580 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:17:34.0140 2580 Spooler - ok
23:17:34.0203 2580 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:17:34.0203 2580 sr - ok
23:17:34.0234 2580 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:17:34.0250 2580 srservice - ok
23:17:34.0296 2580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:17:34.0312 2580 Srv - ok
23:17:34.0343 2580 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:17:34.0359 2580 SSDPSRV - ok
23:17:34.0437 2580 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:17:34.0453 2580 stisvc - ok
23:17:34.0484 2580 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:17:34.0500 2580 streamip - ok
23:17:34.0531 2580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:17:34.0531 2580 swenum - ok
23:17:34.0578 2580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:17:34.0593 2580 swmidi - ok
23:17:34.0593 2580 SwPrv - ok
23:17:34.0609 2580 symc810 - ok
23:17:34.0625 2580 symc8xx - ok
23:17:34.0640 2580 sym_hi - ok
23:17:34.0656 2580 sym_u3 - ok
23:17:34.0718 2580 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:17:34.0734 2580 SynTP - ok
23:17:34.0750 2580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:17:34.0750 2580 sysaudio - ok
23:17:34.0796 2580 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:17:34.0796 2580 SysmonLog - ok
23:17:34.0859 2580 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:17:34.0859 2580 TapiSrv - ok
23:17:34.0937 2580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:17:34.0937 2580 Tcpip - ok
23:17:34.0984 2580 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\WINDOWS\system32\drivers\tcpipBM.sys
23:17:34.0984 2580 tcpipBM - ok
23:17:35.0015 2580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:17:35.0015 2580 TDPIPE - ok
23:17:35.0031 2580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:17:35.0031 2580 TDTCP - ok
23:17:35.0062 2580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:17:35.0062 2580 TermDD - ok
23:17:35.0109 2580 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:17:35.0125 2580 TermService - ok
23:17:35.0187 2580 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:17:35.0187 2580 Themes - ok
23:17:35.0203 2580 TosIde - ok
23:17:35.0250 2580 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:17:35.0265 2580 TrkWks - ok
23:17:35.0312 2580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:17:35.0312 2580 Udfs - ok
23:17:35.0312 2580 ultra - ok
23:17:35.0406 2580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:17:35.0406 2580 Update - ok
23:17:35.0453 2580 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:17:35.0468 2580 upnphost - ok
23:17:35.0484 2580 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:17:35.0500 2580 UPS - ok
23:17:35.0515 2580 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:17:35.0515 2580 USBAAPL - ok
23:17:35.0562 2580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:17:35.0562 2580 usbccgp - ok
23:17:35.0625 2580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:17:35.0625 2580 usbehci - ok
23:17:35.0671 2580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:17:35.0671 2580 usbhub - ok
23:17:35.0703 2580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:17:35.0718 2580 usbscan - ok
23:17:35.0734 2580 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:17:35.0750 2580 usbstor - ok
23:17:35.0781 2580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:17:35.0781 2580 usbuhci - ok
23:17:35.0828 2580 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:17:35.0828 2580 usbvideo - ok
23:17:35.0859 2580 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
23:17:35.0859 2580 uvclf - ok
23:17:35.0921 2580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:17:35.0921 2580 VgaSave - ok
23:17:35.0937 2580 ViaIde - ok
23:17:35.0984 2580 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:17:35.0984 2580 VolSnap - ok
23:17:36.0062 2580 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:17:36.0078 2580 VSS - ok
23:17:36.0140 2580 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:17:36.0140 2580 W32Time - ok
23:17:36.0171 2580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:17:36.0171 2580 Wanarp - ok
23:17:36.0250 2580 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:17:36.0265 2580 Wdf01000 - ok
23:17:36.0281 2580 WDICA - ok
23:17:36.0328 2580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:17:36.0343 2580 wdmaud - ok
23:17:36.0390 2580 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:17:36.0390 2580 WebClient - ok
23:17:36.0500 2580 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:17:36.0500 2580 winmgmt - ok
23:17:36.0562 2580 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:17:36.0562 2580 WmdmPmSN - ok
23:17:36.0609 2580 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:17:36.0609 2580 WmiApSrv - ok
23:17:36.0765 2580 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:17:36.0796 2580 WMPNetworkSvc - ok
23:17:36.0843 2580 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:17:36.0843 2580 WpdUsb - ok
23:17:36.0890 2580 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
23:17:36.0906 2580 wscsvc - ok
23:17:36.0921 2580 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:17:36.0937 2580 WSTCODEC - ok
23:17:36.0953 2580 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
23:17:36.0968 2580 wuauserv - ok
23:17:37.0015 2580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:17:37.0015 2580 WudfPf - ok
23:17:37.0031 2580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:17:37.0031 2580 WudfRd - ok
23:17:37.0062 2580 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:17:37.0078 2580 WudfSvc - ok
23:17:37.0156 2580 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:17:37.0171 2580 WZCSVC - ok
23:17:37.0234 2580 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:17:37.0234 2580 xmlprov - ok
23:17:37.0296 2580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:17:38.0156 2580 \Device\Harddisk0\DR0 - ok
23:17:38.0156 2580 Boot (0x1200) (26c64c34138ffaf46ce22b59d69bc2e4) \Device\Harddisk0\DR0\Partition0
23:17:38.0156 2580 \Device\Harddisk0\DR0\Partition0 - ok
23:17:38.0187 2580 Boot (0x1200) (e60ca0fe09b255faa51152c9b4ee1437) \Device\Harddisk0\DR0\Partition1
23:17:38.0187 2580 \Device\Harddisk0\DR0\Partition1 - ok
23:17:38.0187 2580 ============================================================
23:17:38.0187 2580 Scan finished
23:17:38.0187 2580 ============================================================
23:17:38.0218 3800 Detected object count: 0
23:17:38.0218 3800 Actual detected object count: 0
23:18:25.0000 3508 ============================================================
23:18:25.0000 3508 Scan started
23:18:25.0000 3508 Mode: Manual; SigCheck; TDLFS;
23:18:25.0000 3508 ============================================================
23:18:25.0171 3508 Abiosdsk - ok
23:18:25.0187 3508 abp480n5 - ok
23:18:25.0234 3508 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:18:27.0093 3508 ACPI - ok
23:18:27.0140 3508 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:18:27.0421 3508 ACPIEC - ok
23:18:27.0421 3508 adpu160m - ok
23:18:27.0531 3508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:18:27.0781 3508 aec - ok
23:18:27.0828 3508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:18:27.0875 3508 AFD - ok
23:18:27.0890 3508 Aha154x - ok
23:18:27.0890 3508 aic78u2 - ok
23:18:27.0906 3508 aic78xx - ok
23:18:27.0968 3508 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:18:28.0187 3508 Alerter - ok
23:18:28.0218 3508 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:18:28.0343 3508 ALG - ok
23:18:28.0343 3508 AliIde - ok
23:18:28.0562 3508 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:18:28.0734 3508 Ambfilt - ok
23:18:28.0843 3508 amsint - ok
23:18:28.0953 3508 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:18:28.0984 3508 Apple Mobile Device - ok
23:18:28.0984 3508 AppMgmt - ok
23:18:29.0187 3508 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
23:18:29.0312 3508 AR5416 - ok
23:18:29.0468 3508 asc - ok
23:18:29.0484 3508 asc3350p - ok
23:18:29.0500 3508 asc3550 - ok
23:18:29.0625 3508 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:18:29.0656 3508 aspnet_state - ok
23:18:29.0703 3508 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
23:18:29.0781 3508 AsusACPI - ok
23:18:29.0859 3508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:18:30.0171 3508 AsyncMac - ok
23:18:30.0218 3508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:18:30.0453 3508 atapi - ok
23:18:30.0468 3508 Atdisk - ok
23:18:30.0531 3508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:18:30.0750 3508 Atmarpc - ok
23:18:30.0828 3508 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:18:31.0078 3508 AudioSrv - ok
23:18:31.0125 3508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:18:31.0343 3508 audstub - ok
23:18:31.0484 3508 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Programme\Microsoft\BingBar\BBSvc.EXE
23:18:31.0515 3508 BBSvc - ok
23:18:31.0593 3508 BBUpdate (785de7abda13309d6065305542829e76) C:\Programme\Microsoft\BingBar\SeaPort.EXE
23:18:31.0640 3508 BBUpdate - ok
23:18:31.0671 3508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:18:31.0906 3508 Beep - ok
23:18:32.0000 3508 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
23:18:32.0281 3508 BITS - ok
23:18:32.0343 3508 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\WINDOWS\system32\drivers\BMLoad.sys
23:18:32.0468 3508 BMLoad ( UnsignedFile.Multi.Generic ) - warning
23:18:32.0468 3508 BMLoad - detected UnsignedFile.Multi.Generic (1)
23:18:32.0562 3508 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
23:18:32.0593 3508 Bonjour Service - ok
23:18:32.0656 3508 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:18:32.0890 3508 Browser - ok
23:18:33.0000 3508 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
23:18:33.0062 3508 btaudio - ok
23:18:33.0109 3508 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
23:18:33.0140 3508 BTDriver - ok
23:18:33.0250 3508 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:18:33.0343 3508 BTKRNL - ok
23:18:33.0453 3508 btwdins (e43f7709f36444681978f9dc067a976b) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:18:33.0500 3508 btwdins - ok
23:18:33.0546 3508 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:18:33.0578 3508 BTWDNDIS - ok
23:18:33.0593 3508 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
23:18:33.0625 3508 btwhid - ok
23:18:33.0640 3508 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
23:18:33.0671 3508 BTWUSB - ok
23:18:33.0718 3508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:18:33.0968 3508 cbidf2k - ok
23:18:34.0000 3508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:18:34.0250 3508 CCDECODE - ok
23:18:34.0265 3508 cd20xrnt - ok
23:18:34.0328 3508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:18:34.0562 3508 Cdaudio - ok
23:18:34.0578 3508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:18:34.0812 3508 Cdfs - ok
23:18:34.0843 3508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:18:35.0046 3508 Cdrom - ok
23:18:35.0062 3508 Changer - ok
23:18:35.0109 3508 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:18:35.0343 3508 CiSvc - ok
23:18:35.0375 3508 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:18:35.0593 3508 ClipSrv - ok
23:18:35.0703 3508 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:18:35.0734 3508 clr_optimization_v2.0.50727_32 - ok
23:18:35.0765 3508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:18:36.0015 3508 CmBatt - ok
23:18:36.0015 3508 CmdIde - ok
23:18:36.0046 3508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:18:36.0281 3508 Compbatt - ok
23:18:36.0296 3508 COMSysApp - ok
23:18:36.0312 3508 Cpqarray - ok
23:18:36.0359 3508 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:18:36.0578 3508 CryptSvc - ok
23:18:36.0593 3508 dac2w2k - ok
23:18:36.0609 3508 dac960nt - ok
23:18:36.0687 3508 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:18:36.0796 3508 DcomLaunch - ok
23:18:36.0843 3508 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:18:37.0078 3508 Dhcp - ok
23:18:37.0125 3508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:18:37.0406 3508 Disk - ok
23:18:37.0421 3508 dmadmin - ok
23:18:37.0593 3508 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:18:37.0859 3508 dmboot - ok
23:18:37.0906 3508 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:18:38.0187 3508 dmio - ok
23:18:38.0218 3508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:18:38.0453 3508 dmload - ok
23:18:38.0500 3508 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:18:38.0734 3508 dmserver - ok
23:18:38.0812 3508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:18:39.0031 3508 DMusic - ok
23:18:39.0109 3508 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
23:18:39.0203 3508 Dnscache - ok
23:18:39.0250 3508 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:18:39.0500 3508 Dot3svc - ok
23:18:39.0515 3508 dpti2o - ok
23:18:39.0562 3508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:18:39.0828 3508 drmkaud - ok
23:18:39.0843 3508 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:18:40.0093 3508 EapHost - ok
23:18:40.0125 3508 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:18:40.0359 3508 ERSvc - ok
23:18:40.0406 3508 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:18:40.0437 3508 Eventlog - ok
23:18:40.0484 3508 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
23:18:40.0578 3508 EventSystem - ok
23:18:40.0609 3508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:18:40.0843 3508 Fastfat - ok
23:18:40.0921 3508 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:18:40.0968 3508 FastUserSwitchingCompatibility - ok
23:18:41.0015 3508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:18:41.0265 3508 Fdc - ok
23:18:41.0296 3508 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:18:41.0531 3508 Fips - ok
23:18:41.0593 3508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:18:41.0812 3508 Flpydisk - ok
23:18:41.0875 3508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:18:42.0109 3508 FltMgr - ok
23:18:42.0218 3508 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:18:42.0234 3508 FontCache3.0.0.0 - ok
23:18:42.0296 3508 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:18:42.0312 3508 fssfltr - ok
23:18:42.0468 3508 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
23:18:42.0531 3508 fsssvc - ok
23:18:42.0578 3508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:18:42.0812 3508 Fs_Rec - ok
23:18:42.0906 3508 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:18:43.0140 3508 Ftdisk - ok
23:18:43.0187 3508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:18:43.0218 3508 GEARAspiWDM - ok
23:18:43.0250 3508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:18:43.0484 3508 Gpc - ok
23:18:43.0531 3508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:18:43.0734 3508 HDAudBus - ok
23:18:43.0843 3508 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:18:44.0078 3508 helpsvc - ok
23:18:44.0109 3508 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
23:18:44.0343 3508 HidServ - ok
23:18:44.0390 3508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:18:44.0609 3508 HidUsb - ok
23:18:44.0703 3508 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:18:44.0921 3508 hkmsvc - ok
23:18:44.0937 3508 hpn - ok
23:18:45.0000 3508 HSPADataCardusbmdm (69cfe473434102d3fb12dbc7fda0d2a7) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbmdm.sys
23:18:45.0093 3508 HSPADataCardusbmdm - ok
23:18:45.0125 3508 HSPADataCardusbnmea (69cfe473434102d3fb12dbc7fda0d2a7) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbnmea.sys
23:18:45.0156 3508 HSPADataCardusbnmea - ok
23:18:45.0187 3508 HSPADataCardusbser (69cfe473434102d3fb12dbc7fda0d2a7) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbser.sys
23:18:45.0203 3508 HSPADataCardusbser - ok
23:18:45.0265 3508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:18:45.0343 3508 HTTP - ok
23:18:45.0375 3508 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:18:45.0625 3508 HTTPFilter - ok
23:18:45.0640 3508 hwdatacard - ok
23:18:45.0671 3508 i2omgmt - ok
23:18:45.0687 3508 i2omp - ok
23:18:45.0750 3508 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:18:45.0984 3508 i8042prt - ok
23:18:46.0671 3508 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:18:47.0015 3508 ialm - ok
23:18:47.0171 3508 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
23:18:47.0203 3508 iaStor - ok
23:18:47.0453 3508 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:18:47.0562 3508 idsvc - ok
23:18:47.0609 3508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:18:47.0906 3508 Imapi - ok
23:18:47.0937 3508 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:18:48.0187 3508 ImapiService - ok
23:18:48.0203 3508 ini910u - ok
23:18:48.0781 3508 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:18:49.0093 3508 IntcAzAudAddService - ok
23:18:49.0218 3508 IntelIde - ok
23:18:49.0265 3508 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:18:49.0531 3508 intelppm - ok
23:18:49.0562 3508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:18:49.0828 3508 Ip6Fw - ok
23:18:49.0843 3508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:18:50.0078 3508 IpFilterDriver - ok
23:18:50.0093 3508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:18:50.0328 3508 IpInIp - ok
23:18:50.0375 3508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:18:50.0593 3508 IpNat - ok
23:18:50.0812 3508 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Programme\iPod\bin\iPodService.exe
23:18:50.0859 3508 iPod Service - ok
23:18:50.0921 3508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:18:51.0156 3508 IPSec - ok
23:18:51.0203 3508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:18:51.0328 3508 IRENUM - ok
23:18:51.0390 3508 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:18:51.0625 3508 isapnp - ok
23:18:51.0734 3508 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Programme\Java\jre6\bin\jqs.exe
23:18:51.0796 3508 JavaQuickStarterService - ok
23:18:51.0828 3508 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:18:52.0062 3508 Kbdclass - ok
23:18:52.0140 3508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:18:52.0421 3508 kmixer - ok
23:18:52.0500 3508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:18:52.0609 3508 KSecDD - ok
23:18:52.0656 3508 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
23:18:52.0703 3508 L1c - ok
23:18:52.0765 3508 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
23:18:52.0828 3508 LanmanServer - ok
23:18:52.0875 3508 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
23:18:52.0921 3508 lanmanworkstation - ok
23:18:52.0937 3508 lbrtfdc - ok
23:18:53.0000 3508 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:18:53.0296 3508 LmHosts - ok
23:18:53.0328 3508 massfilter (d5673785903639d186dc345ff86f423f) C:\WINDOWS\system32\drivers\massfilter.sys
23:18:53.0390 3508 massfilter - ok
23:18:53.0421 3508 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:18:53.0453 3508 MBAMProtector - ok
23:18:53.0562 3508 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:18:53.0609 3508 MBAMService - ok
23:18:53.0671 3508 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:18:53.0906 3508 Messenger - ok
23:18:53.0953 3508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:18:54.0187 3508 mnmdd - ok
23:18:54.0234 3508 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:18:54.0453 3508 mnmsrvc - ok
23:18:54.0500 3508 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:18:54.0718 3508 Modem - ok
23:18:54.0921 3508 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
23:18:55.0046 3508 Monfilt - ok
23:18:55.0093 3508 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:18:55.0343 3508 Mouclass - ok
23:18:55.0390 3508 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:18:55.0656 3508 mouhid - ok
23:18:55.0703 3508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:18:55.0921 3508 MountMgr - ok
23:18:56.0046 3508 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:18:56.0078 3508 MozillaMaintenance - ok
23:18:56.0078 3508 mraid35x - ok
23:18:56.0125 3508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:18:56.0359 3508 MRxDAV - ok
23:18:56.0437 3508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:18:56.0515 3508 MRxSmb - ok
23:18:56.0546 3508 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:18:56.0781 3508 MSDTC - ok
23:18:56.0875 3508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:18:57.0093 3508 Msfs - ok
23:18:57.0218 3508 MsgPlusService (3f3d6e8bd31b3c017d0ab24cd5ec0d05) C:\Programme\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
23:18:57.0250 3508 MsgPlusService - ok
23:18:57.0250 3508 MSIServer - ok
23:18:57.0281 3508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:18:57.0515 3508 MSKSSRV - ok
23:18:57.0578 3508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:18:57.0812 3508 MSPCLOCK - ok
23:18:57.0843 3508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:18:58.0062 3508 MSPQM - ok
23:18:58.0125 3508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:18:58.0343 3508 mssmbios - ok
23:18:58.0343 3508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:18:58.0562 3508 MSTEE - ok
23:18:58.0625 3508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:18:58.0656 3508 Mup - ok
23:18:58.0703 3508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:18:58.0937 3508 NABTSFEC - ok
23:18:59.0015 3508 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:18:59.0265 3508 napagent - ok
23:18:59.0328 3508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:18:59.0578 3508 NDIS - ok
23:18:59.0578 3508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:18:59.0796 3508 NdisIP - ok
23:18:59.0843 3508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:18:59.0890 3508 NdisTapi - ok
23:18:59.0937 3508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:19:00.0156 3508 Ndisuio - ok
23:19:00.0171 3508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:19:00.0390 3508 NdisWan - ok
23:19:00.0500 3508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:19:00.0531 3508 NDProxy - ok
23:19:00.0562 3508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:19:00.0765 3508 NetBIOS - ok
23:19:00.0828 3508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:19:01.0031 3508 NetBT - ok
23:19:01.0093 3508 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:19:01.0296 3508 NetDDE - ok
23:19:01.0312 3508 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:19:01.0531 3508 NetDDEdsdm - ok
23:19:01.0578 3508 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:19:01.0796 3508 Netlogon - ok
23:19:01.0906 3508 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:19:02.0125 3508 Netman - ok
23:19:02.0281 3508 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:19:02.0312 3508 NetTcpPortSharing - ok
23:19:02.0375 3508 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
23:19:02.0421 3508 Nla - ok
23:19:02.0468 3508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:19:02.0718 3508 Npfs - ok
23:19:02.0781 3508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:19:03.0015 3508 Ntfs - ok
23:19:03.0031 3508 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:19:03.0234 3508 NtLmSsp - ok
23:19:03.0312 3508 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:19:03.0531 3508 NtmsSvc - ok
23:19:03.0578 3508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:19:03.0781 3508 Null - ok
23:19:03.0859 3508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:19:04.0062 3508 NwlnkFlt - ok
23:19:04.0078 3508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:19:04.0296 3508 NwlnkFwd - ok
23:19:04.0468 3508 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:19:04.0515 3508 odserv - ok
23:19:04.0562 3508 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:19:04.0578 3508 ose - ok
23:19:04.0625 3508 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
23:19:04.0843 3508 Parport - ok
23:19:04.0890 3508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:19:05.0156 3508 PartMgr - ok
23:19:05.0203 3508 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:19:05.0437 3508 ParVdm - ok
23:19:05.0468 3508 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:19:05.0687 3508 PCI - ok
23:19:05.0703 3508 PCIDump - ok
23:19:05.0718 3508 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:19:05.0921 3508 PCIIde - ok
23:19:05.0953 3508 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:19:06.0187 3508 Pcmcia - ok
23:19:06.0187 3508 PDCOMP - ok
23:19:06.0203 3508 PDFRAME - ok
23:19:06.0218 3508 PDRELI - ok
23:19:06.0234 3508 PDRFRAME - ok
23:19:06.0250 3508 perc2 - ok
23:19:06.0250 3508 perc2hib - ok
23:19:06.0343 3508 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:19:06.0375 3508 PlugPlay - ok
23:19:06.0406 3508 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:19:06.0609 3508 PolicyAgent - ok
23:19:06.0687 3508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:19:06.0906 3508 PptpMiniport - ok
23:19:06.0906 3508 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:19:07.0125 3508 ProtectedStorage - ok
23:19:07.0140 3508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:19:07.0343 3508 PSched - ok
23:19:07.0359 3508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:19:07.0578 3508 Ptilink - ok
23:19:07.0593 3508 ql1080 - ok
23:19:07.0609 3508 Ql10wnt - ok
23:19:07.0625 3508 ql12160 - ok
23:19:07.0625 3508 ql1240 - ok
23:19:07.0640 3508 ql1280 - ok
23:19:07.0687 3508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:19:07.0890 3508 RasAcd - ok
23:19:07.0968 3508 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:19:08.0171 3508 RasAuto - ok
23:19:08.0250 3508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:19:08.0453 3508 Rasl2tp - ok
23:19:08.0593 3508 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:19:08.0796 3508 RasMan - ok
23:19:08.0859 3508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:19:09.0093 3508 RasPppoe - ok
23:19:09.0109 3508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:19:09.0312 3508 Raspti - ok
23:19:09.0359 3508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:19:09.0578 3508 Rdbss - ok
23:19:09.0671 3508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:19:09.0890 3508 RDPCDD - ok
23:19:09.0984 3508 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:19:10.0046 3508 RDPWD - ok
23:19:10.0093 3508 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:19:10.0328 3508 RDSessMgr - ok
23:19:10.0375 3508 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:19:10.0625 3508 redbook - ok
23:19:10.0671 3508 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:19:10.0875 3508 RemoteAccess - ok
23:19:10.0984 3508 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:19:11.0187 3508 RpcLocator - ok
23:19:11.0312 3508 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:19:11.0375 3508 RpcSs - ok
23:19:11.0421 3508 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:19:11.0625 3508 RSVP - ok
23:19:11.0671 3508 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:19:11.0890 3508 SamSs - ok
23:19:11.0968 3508 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:19:12.0187 3508 SCardSvr - ok
23:19:12.0281 3508 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:19:12.0500 3508 Schedule - ok
23:19:12.0562 3508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:19:12.0640 3508 Secdrv - ok
23:19:12.0687 3508 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:19:12.0890 3508 seclogon - ok
23:19:12.0953 3508 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:19:13.0171 3508 SENS - ok
23:19:13.0250 3508 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
23:19:13.0453 3508 Serial - ok
23:19:13.0546 3508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:19:13.0750 3508 Sfloppy - ok
23:19:13.0890 3508 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
23:19:14.0109 3508 SharedAccess - ok
23:19:14.0187 3508 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:19:14.0203 3508 ShellHWDetection - ok
23:19:14.0218 3508 Simbad - ok
23:19:14.0250 3508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:19:14.0468 3508 SLIP - ok
23:19:14.0484 3508 Sparrow - ok
23:19:14.0562 3508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:19:14.0765 3508 splitter - ok
23:19:14.0875 3508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:19:14.0921 3508 Spooler - ok
23:19:14.0968 3508 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:19:15.0093 3508 sr - ok
23:19:15.0125 3508 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:19:15.0218 3508 srservice - ok
23:19:15.0265 3508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:19:15.0343 3508 Srv - ok
23:19:15.0390 3508 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:19:15.0515 3508 SSDPSRV - ok
23:19:15.0593 3508 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:19:15.0843 3508 stisvc - ok
23:19:15.0890 3508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:19:16.0093 3508 streamip - ok
23:19:16.0156 3508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:19:16.0375 3508 swenum - ok
23:19:16.0421 3508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:19:16.0640 3508 swmidi - ok
23:19:16.0640 3508 SwPrv - ok
23:19:16.0656 3508 symc810 - ok
23:19:16.0671 3508 symc8xx - ok
23:19:16.0687 3508 sym_hi - ok
23:19:16.0703 3508 sym_u3 - ok
23:19:16.0765 3508 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:19:16.0796 3508 SynTP - ok
23:19:16.0812 3508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:19:17.0031 3508 sysaudio - ok
23:19:17.0093 3508 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:19:17.0296 3508 SysmonLog - ok
23:19:17.0359 3508 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:19:17.0593 3508 TapiSrv - ok
23:19:17.0703 3508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:19:17.0765 3508 Tcpip - ok
23:19:17.0796 3508 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\WINDOWS\system32\drivers\tcpipBM.sys
23:19:17.0828 3508 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
23:19:17.0828 3508 tcpipBM - detected UnsignedFile.Multi.Generic (1)
23:19:17.0859 3508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:19:18.0078 3508 TDPIPE - ok
23:19:18.0078 3508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:19:18.0296 3508 TDTCP - ok
23:19:18.0312 3508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:19:18.0531 3508 TermDD - ok
23:19:18.0593 3508 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:19:18.0796 3508 TermService - ok
23:19:18.0875 3508 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:19:18.0890 3508 Themes - ok
23:19:18.0906 3508 TosIde - ok
23:19:18.0968 3508 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:19:19.0187 3508 TrkWks - ok
23:19:19.0265 3508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:19:19.0468 3508 Udfs - ok
23:19:19.0484 3508 ultra - ok
23:19:19.0593 3508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:19:19.0812 3508 Update - ok
23:19:19.0859 3508 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:19:19.0968 3508 upnphost - ok
23:19:20.0000 3508 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:19:20.0203 3508 UPS - ok
23:19:20.0250 3508 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:19:20.0328 3508 USBAAPL - ok
23:19:20.0375 3508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:19:20.0593 3508 usbccgp - ok
23:19:20.0656 3508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:19:20.0875 3508 usbehci - ok
23:19:20.0937 3508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:19:21.0140 3508 usbhub - ok
23:19:21.0187 3508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:19:21.0406 3508 usbscan - ok
23:19:21.0421 3508 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:19:21.0656 3508 usbstor - ok
23:19:21.0687 3508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:19:21.0890 3508 usbuhci - ok
23:19:21.0968 3508 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:19:22.0187 3508 usbvideo - ok
23:19:22.0234 3508 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
23:19:22.0281 3508 uvclf - ok
23:19:22.0343 3508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:19:22.0562 3508 VgaSave - ok
23:19:22.0562 3508 ViaIde - ok
23:19:22.0671 3508 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:19:22.0875 3508 VolSnap - ok
23:19:22.0984 3508 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:19:23.0078 3508 VSS - ok
23:19:23.0140 3508 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:19:23.0406 3508 W32Time - ok
23:19:23.0453 3508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:19:23.0671 3508 Wanarp - ok
23:19:23.0796 3508 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:19:23.0843 3508 Wdf01000 - ok
23:19:23.0843 3508 WDICA - ok
23:19:23.0906 3508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:19:24.0125 3508 wdmaud - ok
23:19:24.0187 3508 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:19:24.0406 3508 WebClient - ok
23:19:24.0515 3508 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:19:24.0718 3508 winmgmt - ok
23:19:24.0781 3508 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:19:24.0828 3508 WmdmPmSN - ok
23:19:24.0859 3508 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:19:25.0078 3508 WmiApSrv - ok
23:19:25.0296 3508 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:19:25.0359 3508 WMPNetworkSvc - ok
23:19:25.0406 3508 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:19:25.0437 3508 WpdUsb - ok
23:19:25.0500 3508 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
23:19:25.0750 3508 wscsvc - ok
23:19:25.0796 3508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:19:25.0984 3508 WSTCODEC - ok
23:19:26.0046 3508 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
23:19:26.0265 3508 wuauserv - ok
23:19:26.0343 3508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:19:26.0437 3508 WudfPf - ok
23:19:26.0468 3508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:19:26.0484 3508 WudfRd - ok
23:19:26.0515 3508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:19:26.0546 3508 WudfSvc - ok
23:19:26.0640 3508 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:19:26.0906 3508 WZCSVC - ok
23:19:26.0968 3508 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:19:27.0234 3508 xmlprov - ok
23:19:27.0281 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:19:28.0343 3508 \Device\Harddisk0\DR0 - ok
23:19:28.0343 3508 Boot (0x1200) (26c64c34138ffaf46ce22b59d69bc2e4) \Device\Harddisk0\DR0\Partition0
23:19:28.0343 3508 \Device\Harddisk0\DR0\Partition0 - ok
23:19:28.0390 3508 Boot (0x1200) (e60ca0fe09b255faa51152c9b4ee1437) \Device\Harddisk0\DR0\Partition1
23:19:28.0390 3508 \Device\Harddisk0\DR0\Partition1 - ok
23:19:28.0390 3508 ============================================================
23:19:28.0390 3508 Scan finished
23:19:28.0390 3508 ============================================================
23:19:28.0531 1368 Detected object count: 2
23:19:28.0531 1368 Actual detected object count: 2
|
|
18.06.2012, 21:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Na, so schnell sind wir leider noch nicht fertig Und bei deinen verschlüsselten Daten will ich dir keine falschen Hoffnungen machen Bitte jetzt routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 18:40
| #15 |
| | Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? Egal, ich freue mich trotzdem schonmal, dass der PC wieder hochfährt Bin jetzt endlich mal dazu gekommen, die Scans auszuführen. Die Logfiles von Malwarebytes kommen mir irgendwie komisch vor (sind die aus der Leiste 'Logdateien'), es sind außerdem 5 verschiedene. Zwei davon heißen mbam.log und 3 protection.log Ich poste einfach erstmal mal die beiden mbams: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.18.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Susa :: NAME-BQC30SBMP9 [Administrator] Schutz: Aktiviert 18.06.2012 22:45:17 mbam-log-2012-06-18 (22-45-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280640 Laufzeit: 1 Stunde(n), 6 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\61048e72-4c6edbd0 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\0.21150975329172428.exe (Trojan.Ransom.GP) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\0.5057028846804744.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.19.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Susa :: NAME-BQC30SBMP9 [Administrator] Schutz: Aktiviert 19.06.2012 06:42:47 mbam-log-2012-06-19 (06-42-47).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 281153 Laufzeit: 1 Stunde(n), 11 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c0471c889bd0f428b44c95c92403f9d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-19 09:44:20
# local_time=2012-06-19 11:44:20 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 329 329 0 0
# scanned=79748
# found=8
# cleaned=0
# scan_time=5438
C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25\61e16d99-6bf24a22 Java/Exploit.CVE-2011-3544.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34\37db3fe2-10dfd1e5 Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\Cache(2)\68794868d01 JS/Kryptik.DR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\Cache(2)\73735E0Bd01 JS/Exploit.Pdfka.OXB.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\jar_cache1545927038030526494.tmp Win32/LockScreen.AFR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\Update_74af.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\ICReinstall\Update_74af.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5BT6AF2I\calc[1].exe Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c0471c889bd0f428b44c95c92403f9d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 04:32:24
# local_time=2012-06-20 06:32:24 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 67949 67949 0 0
# scanned=80341
# found=8
# cleaned=0
# scan_time=5506
C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25\61e16d99-6bf24a22 Java/Exploit.CVE-2011-3544.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34\37db3fe2-10dfd1e5 Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\Cache(2)\68794868d01 JS/Kryptik.DR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\76yjo56x.default\Cache(2)\73735E0Bd01 JS/Exploit.Pdfka.OXB.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\jar_cache1545927038030526494.tmp Win32/LockScreen.AFR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\Update_74af.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temp\ICReinstall\Update_74af.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Susa\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5BT6AF2I\calc[1].exe Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
|
|
| Themen zu Windows Verschlüsselungstrojaner - Logfile bereits erstellt - was nun? |
| anleitung, ausführen, befolgt, bereits, dokument, erstell, erstelle, erstellen, erstellt, erstellte, extras.txt, falsch, leitung, logfile, nicht mehr, otl.txt, poste, posten, scan, troja, trojaner, verschlüsselungs, verschlüsselungstrojaner, windows, windows verschlüsselungstrojaner |
Hybrid-Darstellung
