| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Dienste funktionieren nicht, keine Internetverbindung möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.09.2010, 23:23
| #1 |
 |  Windows Dienste funktionieren nicht, keine Internetverbindung möglich Guten Abend, ich möchte um Rat für die Lösung folgender Probleme bitten, die seit heute Morgen auf meinem Desktop bestehen: -das System bootet extrem langsam -eine Internetverbindung lässt sich nicht herstellen -viele Windowsdienste können nicht gestartet werden, z.b. Netzwerk- und Freigabecenter, Windows Firewall, Windows Update, etc. -keine Systemwiederherstellung möglich Folgende Maßnahmen habe ich bisher durchgeführt: -Vollständiger Systemscan mit Avira Antivir Personal: kein Fund! -cmd.exe mit sfc /scannow: keine Integritätsverletzung gefunden! -highjackthis, otl und GMER durchlaufen lassen, logs folgen. -Systemwiederherstellung mit verschiedenen Wiederherstellungspunkten fehlgeschlagen. Für Hilfe und Anleitungen zur Problemlösung wäre ich sehr dankbar. Mit freundlichen Grüßen Code:
ATTFilter OTL logfile created on: 28.09.2010 23:24:05 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 688,54 Gb Total Space | 543,48 Gb Free Space | 78,93% Space Free | Partition Type: NTFS Drive D: | 10,10 Gb Total Space | 1,38 Gb Free Space | 13,65% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PcdrNdisuio) -- C:\Windows\System32\DRIVERS\pcdrndisuio.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HCW85BDA) -- C:\WINDOWS\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV - (RtNdPt60) -- C:\WINDOWS\System32\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (PDNMp50) -- C:\WINDOWS\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\WINDOWS\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\System32\drivers\w810bus.sys (MCCI) DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.26 22:22:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 15:11:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 15:11:58 | 000,000,000 | ---D | M] [2009.11.05 18:49:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.27 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions [2010.05.07 15:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.07 15:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1ajscmj5.default\extensions\firebug@software.joehewitt.com [2010.08.30 11:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.05 20:54:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.30 11:33:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2010.03.17 17:43:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.17 17:43:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.17 17:43:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.17 17:43:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.17 17:43:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O13 - gopher Prefix: missing O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} hxxp://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Peggle/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab (PopCapLoader Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.12.12 22:03:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell - "" = AutoRun O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 23:07:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.09.28 23:07:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.09.26 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver [2010.09.26 09:40:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ScreeNet iSaver [2010.09.15 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bewerbungen [2010.09.15 14:18:59 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.15 10:49:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ARBEITSPLATZ [2010.09.10 09:46:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\button [2010.09.09 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\german [2010.09.01 13:45:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\alice [2010.08.31 19:09:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Nikon [2010.08.31 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Applause and Laugher [2010.08.31 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ambience [2010.08.31 19:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\vhosts [2010.08.30 11:33:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.30 11:33:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.30 11:33:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009.01.16 19:58:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 23:08:19 | 003,145,728 | ---- | M] () -- C:\Users\***\ntuser.dat [2010.09.28 23:00:23 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.28 23:00:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.28 23:00:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.28 23:00:17 | 3218,350,080 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 22:59:26 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{43f5bba8-01e0-11df-81a8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.09.28 22:59:26 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{43f5bba8-01e0-11df-81a8-806e6f6e6963}.TM.blf [2010.09.28 22:59:22 | 003,195,306 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.28 16:27:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.09.28 12:21:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.09.27 22:37:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.27 10:00:30 | 000,010,498 | ---- | M] () -- C:\Users\***\Documents\aachener_briefdl.docx [2010.09.27 09:58:39 | 000,011,138 | ---- | M] () -- C:\Users\***\Documents\aachener_kabelanschluss.docx [2010.09.26 18:05:36 | 000,014,848 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.25 14:28:56 | 005,621,767 | ---- | M] () -- C:\Users\***\Documents\reference-brochure-2010.pdf [2010.09.22 14:02:03 | 000,010,394 | ---- | M] () -- C:\Users\***\Documents\jobcenter_briefdl.docx [2010.09.17 09:26:10 | 000,011,136 | ---- | M] () -- C:\Users\***\Documents\betriebskosten2.docx [2010.09.16 16:55:23 | 000,670,286 | ---- | M] () -- C:\Users\***\Desktop\auszug.jpg [2010.09.16 16:00:36 | 000,016,765 | ---- | M] () -- C:\Users\***\Documents\anwalt_ebay.docx [2010.09.16 07:48:30 | 000,658,433 | ---- | M] () -- C:\Users\***\Desktop\Scannen0001.jpg [2010.09.15 23:09:40 | 000,016,748 | ---- | M] () -- C:\Users\***\Documents\anwalt_ebay2.docx [2010.09.15 17:18:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdy.DAT [2010.09.15 16:48:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\Sports [2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\Speech Enhancer [2010.09.15 16:48:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\Smooth Strings [2010.09.14 18:34:37 | 000,001,802 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.09.13 07:48:08 | 001,230,477 | ---- | M] () -- C:\Users\***\Desktop\Bewerbungsfoto.JPG [2010.09.13 06:57:38 | 000,011,668 | ---- | M] () -- C:\Users\***\Documents\bewerbungen.docx [2010.09.12 19:26:28 | 000,001,456 | ---- | M] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.09.12 15:34:50 | 000,415,767 | ---- | M] () -- C:\Users\***\Documents\lebenslauf.pdf [2010.09.09 17:17:35 | 000,000,111 | ---- | M] () -- C:\Windows\telephon.ini [2010.09.06 15:19:47 | 000,010,332 | ---- | M] () -- C:\Users\***\Documents\jobcenter_briefc6.docx [2010.09.06 15:02:25 | 000,011,054 | ---- | M] () -- C:\Users\***\Documents\betriebskosten.docx [2010.08.31 19:09:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2010.08.31 19:08:25 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk [2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Super Strings [2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\String Comparison [2010.08.31 19:08:13 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\Stingers [2010.08.31 19:08:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT [2010.08.31 19:08:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT [2010.08.31 19:08:12 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Strings [2010.08.31 19:08:12 | 000,000,268 | RH-- | M] () -- C:\Users\***\AppData\Roaming\StatusSheet [2010.08.31 10:43:08 | 000,011,611 | ---- | M] () -- C:\Users\***\Documents\Barbara Ullman1.docx jobcenter.docx [2010.08.30 16:44:15 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.27 09:59:09 | 000,010,498 | ---- | C] () -- C:\Users\***\Documents\aachener_briefdl.docx [2010.09.27 09:58:38 | 000,011,138 | ---- | C] () -- C:\Users\***\Documents\aachener_kabelanschluss.docx [2010.09.25 14:28:56 | 005,621,767 | ---- | C] () -- C:\Users\***\Documents\reference-brochure-2010.pdf [2010.09.22 14:02:02 | 000,010,394 | ---- | C] () -- C:\Users\***\Documents\jobcenter_briefdl.docx [2010.09.17 09:18:42 | 000,011,136 | ---- | C] () -- C:\Users\***\Documents\betriebskosten2.docx [2010.09.16 16:50:56 | 000,670,286 | ---- | C] () -- C:\Users\***\Desktop\auszug.jpg [2010.09.15 19:27:22 | 000,016,748 | ---- | C] () -- C:\Users\***\Documents\anwalt_ebay2.docx [2010.09.15 16:48:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\Speech Enhancer [2010.09.15 16:48:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\Smooth Strings [2010.09.13 07:46:51 | 001,230,477 | ---- | C] () -- C:\Users\***\Desktop\Bewerbungsfoto.JPG [2010.09.13 06:57:37 | 000,011,668 | ---- | C] () -- C:\Users\***\Documents\bewerbungen.docx [2010.09.12 21:55:09 | 000,658,433 | ---- | C] () -- C:\Users\***\Desktop\Scannen0001.jpg [2010.09.12 15:34:50 | 000,415,767 | ---- | C] () -- C:\Users\***\Documents\lebenslauf.pdf [2010.09.11 20:26:20 | 000,016,765 | ---- | C] () -- C:\Users\***\Documents\anwalt_ebay.docx [2010.09.09 17:17:35 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini [2010.09.09 13:31:05 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.09.06 15:19:47 | 000,010,332 | ---- | C] () -- C:\Users\***\Documents\jobcenter_briefc6.docx [2010.09.06 14:58:38 | 000,011,054 | ---- | C] () -- C:\Users\***\Documents\betriebskosten.docx [2010.08.31 19:08:25 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk [2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Super Strings [2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\String Comparison [2010.08.31 19:08:13 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Stingers [2010.08.31 19:08:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2010.08.31 19:08:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2010.08.31 19:08:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings [2010.08.31 19:08:12 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\StatusSheet [2010.08.31 19:08:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2010.08.31 10:37:01 | 000,011,611 | ---- | C] () -- C:\Users\***\Documents\Barbara Ullman1.docx jobcenter.docx [2010.08.03 11:33:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Stingers [2010.08.03 11:33:03 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Standard Tool [2010.08.03 11:31:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT [2010.07.15 17:53:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.07.15 17:53:23 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sports [2010.07.15 17:51:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool [2010.07.15 17:51:37 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Specifications [2010.07.15 17:51:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.05.31 22:09:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2009.06.03 18:29:18 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI [2009.06.03 18:13:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.06.03 18:12:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.05.27 18:01:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.14 18:19:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TMContainer00000000000000000002.regtrans-ms [2009.05.14 18:19:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TMContainer00000000000000000001.regtrans-ms [2009.05.14 18:19:42 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat [2009.05.14 18:19:42 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{da73ac2f-4095-11de-b27d-bf7f517b369e}.TM.blf [2009.05.14 18:19:42 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1 [2009.05.14 18:19:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2 [2009.01.16 19:59:31 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log [2009.01.16 19:58:41 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2009.01.16 19:58:41 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2009.01.16 19:58:41 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2008.10.02 13:09:05 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008.06.28 13:25:24 | 000,014,848 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.28 20:33:48 | 000,001,802 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.05.09 09:32:50 | 001,869,020 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.05.08 20:42:41 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.03.25 17:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll [2008.03.04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll [2007.12.12 21:57:56 | 000,002,963 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2007.12.12 21:54:34 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI [2007.12.12 21:54:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll [2007.12.12 21:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2007.12.12 21:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.07.01 15:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.09.24 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2009.06.03 18:14:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2009.04.13 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2010.07.15 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2009.10.18 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.06.03 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2010.01.19 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2010.09.26 09:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver [2008.05.28 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpinTop [2010.05.26 22:49:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2009.03.24 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2008.06.27 17:32:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teleca [2008.05.28 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2009.06.02 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thies Gerken [2009.03.24 21:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.07.31 16:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso [2008.05.08 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch [2010.09.27 22:37:16 | 000,032,534 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B8AF0F0F @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E35A81F4 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D2C51E3D @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AE68282 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.09.2010 23:24:05 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 688,54 Gb Total Space | 543,48 Gb Free Space | 78,93% Space Free | Partition Type: NTFS
Drive D: | 10,10 Gb Total Space | 1,38 Gb Free Space | 13,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1847F71B-2FAE-4FA4-A9EA-402D785F118C}" = lport=139 | protocol=6 | dir=in | app=system |
"{209ED1EA-0DD5-458F-B625-29201437CE6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30C59CD1-F4DA-4E73-80B3-ED7E2E01CAAA}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D8D576E-8758-41A0-8075-56F0447E0041}" = lport=138 | protocol=17 | dir=in | app=system |
"{437F064F-55AE-4543-9DB0-3975E5B0F77A}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A4A2B59-3A7F-4831-895F-769F42048831}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{57183347-21B1-49DF-BA54-8DA509C21606}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{70D704E5-A243-41A1-B092-CECA0B69C1E3}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
"{75FDF4DC-C985-4C49-83A7-23F76FFAA1FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{9417C674-250C-4967-BCAF-F55EAA9BA8AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{CE522DAC-0132-42EE-A728-44A39CA88840}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB994D2F-5A32-4B54-8547-A21F66FB2D1E}" = rport=139 | protocol=6 | dir=out | app=system |
"{E02479E2-D8A7-4326-BE2B-25B7EB70DF1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AC8A79A-98DC-41DE-9FA9-43B4F87A2587}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{229B094F-9640-4758-B638-995FC1268B37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{2CB2AF92-330E-4080-B3D4-59B695F53FB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C381146-2D0C-4159-9A94-7DB34B872FBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7091A608-9F5F-464B-8495-5DF58EE15F79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A4AAAC66-B600-4908-A69D-80A2B8C15F41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B3E9C747-5864-462B-ACCE-73308A195ACA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B421620D-3E2D-4D40-A4B5-0243942BA896}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E7303157-170E-4F15-9FA3-6B428E5BD533}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{1FF98999-3102-45EA-9000-F1B543E06DA1}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=6 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe |
"TCP Query User{518B6B35-B335-45FD-96BC-C2B3D426FD65}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{AC35CBA3-2129-466B-8A0F-6B2CB9B0CD5F}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=6 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe |
"UDP Query User{0CEA07D4-498B-4094-9148-10ED5FC113BB}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=17 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe |
"UDP Query User{D4A09DE1-D33D-4782-A20A-0F74710C3F6D}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{D4B50DB5-E490-491A-8DD2-4728D80C0046}C:\program files\spectracal\pattern generator\patgen.exe" = protocol=17 | dir=in | app=c:\program files\spectracal\pattern generator\patgen.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAC36425-4266-4DE4-9CB5-68FB4FB9385A}" = CalMAN Pattern Generator
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice" = Alice-Installationsdateien entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.4.1
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25180)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"TuneUp Utilities" = TuneUp Utilities
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:38:52, on 28.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\rundll32.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\mobsync.exe C:\Users\***\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - hxxp://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Peggle/Images/armhelper.ocx O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 7194 bytes Code:
ATTFilter GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-09-28 22:52:49
Windows 6.0.6002 Service Pack 2
---- Kernel code sections - GMER 1.0.15 ----
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9F06D03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F06D0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9F06D0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9F06D130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9F06D137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [747C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7481A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [747CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [747BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [747C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [747BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [747CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [747BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [747BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [747B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7484CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [747EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [747BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [747B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [747B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2548] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [747C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xDA 0x95 0xA4 0x5D ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM (size mismatch) 12877824/3932160 bytes
File C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (size mismatch) 98848/98696 bytes
File C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (size mismatch) 700720/699928 bytes
File C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 36864/24576 bytes
File C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.002 (size mismatch) 770048/655360 bytes
---- EOF - GMER 1.0.15 ----
|
|
29.09.2010, 10:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell - "" = AutoRun
O33 - MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B8AF0F0F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D2C51E3D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1AE68282
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
|
29.09.2010, 11:47
| #3 |
| | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Hallo Arne,
__________________erstmal vielen Dank für Deine Antwort und die Anleitung, folgend die Logfile nach dem fix Gruß Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a23e54-e3da-11dd-9041-9c38debfc506}\ not found.
File L:\LaunchU3.exe not found.
ADS C:\ProgramData\TEMP:B8AF0F0F deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:E35A81F4 deleted successfully.
ADS C:\ProgramData\TEMP:D2C51E3D deleted successfully.
ADS C:\ProgramData\TEMP:1AE68282 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 52322720 bytes
->Java cache emptied: 89371265 bytes
->FireFox cache emptied: 117422020 bytes
->Flash cache emptied: 395145 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 827661 bytes
RecycleBin emptied: 82648851 bytes
Total Files Cleaned = 327,00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 09292010_123309
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
29.09.2010, 13:59
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.09.2010, 15:07
| #5 |
| | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Hallo Arne, vielen Dank. Hier die Combofix Logfile. Code:
ATTFilter ComboFix 10-09-28.03 - *** 29.09.2010 15:33:39.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.2444 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Roaming\inst.exe
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.ComfyCakesSave-ms.pif
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-29 ))))))))))))))))))))))))))))))
.
2010-09-29 13:43 . 2010-09-29 13:43 -------- d-----w- c:\users\***\AppData\Local\temp
2010-09-29 13:43 . 2010-09-29 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-29 13:19 . 2010-09-29 13:19 -------- d-----w- c:\program files\CCleaner
2010-09-29 10:33 . 2010-09-29 10:33 -------- d-----w- C:\_OTL
2010-09-26 07:40 . 2010-09-26 07:40 -------- d-----w- c:\users\***\AppData\Roaming\ScreeNet iSaver
2010-09-26 07:40 . 2010-09-26 07:40 -------- d-----w- c:\users\***\AppData\Local\ScreeNet iSaver
2010-09-17 09:32 . 2010-09-17 09:32 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-15 12:19 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 12:19 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 12:18 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 12:18 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-31 17:09 . 2010-08-31 17:09 -------- d-----w- c:\users\***\AppData\Local\Nikon
2010-08-31 17:08 . 2010-08-31 17:08 -------- d-----w- c:\programdata\Applause and Laugher
2010-08-31 17:08 . 2010-08-31 17:08 -------- d-----w- c:\programdata\Ambience
2010-08-31 17:08 . 2010-08-31 17:08 -------- d-----w- c:\programdata\vhosts
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 23:15 . 2009-07-11 12:54 -------- d-----w- c:\users\***\AppData\Roaming\FileZilla
2010-09-28 10:05 . 2008-10-02 11:23 -------- d-----w- c:\programdata\FLEXnet
2010-09-26 08:44 . 2007-12-12 19:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 15:18 . 2010-07-15 15:52 -------- d-----w- c:\program files\Common Files\Nikon
2010-09-15 15:18 . 2010-07-15 15:52 -------- d-----w- c:\program files\Nikon
2010-09-15 15:18 . 2010-08-03 09:31 20 ---h--w- c:\programdata\PKP_DLdy.DAT
2010-09-15 14:48 . 2010-07-15 15:53 0 ---h--w- c:\programdata\PKP_DLdw.DAT
2010-09-15 12:22 . 2009-01-19 15:46 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 12:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 16:34 . 2008-05-28 18:33 1802 ----a-w- c:\users\***\AppData\Roaming\wklnhst.dat
2010-09-09 15:17 . 2007-12-12 20:12 -------- d-----w- c:\program files\Alice
2010-09-04 17:48 . 2009-11-08 01:11 -------- d-----w- c:\program files\FileZilla FTP Client
2010-08-31 17:11 . 2010-07-15 15:52 -------- d-----w- c:\programdata\Nikon
2010-08-31 17:09 . 2010-08-31 17:08 20 ---h--w- c:\programdata\PKP_DLet.DAT
2010-08-31 17:08 . 2010-07-15 15:54 57344 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-08-31 17:08 . 2010-08-31 17:08 20 ---h--w- c:\programdata\PKP_DLev.DAT
2010-08-31 17:08 . 2010-08-31 17:08 20 ---h--w- c:\programdata\PKP_DLes.DAT
2010-08-31 17:08 . 2010-07-15 15:51 -------- d-----w- c:\programdata\Ultima_T15
2010-08-31 17:08 . 2010-07-15 15:51 -------- d-----w- c:\programdata\EnterNHelp
2010-08-30 14:44 . 2010-07-15 15:51 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2010-08-30 09:33 . 2007-12-12 20:04 -------- d-----w- c:\program files\Java
2010-08-11 19:43 . 2007-12-12 20:05 -------- d-----w- c:\program files\Microsoft Works
2010-08-09 22:23 . 2010-08-09 22:23 39323536 ----a-w- c:\users\***\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\14998\S-CCPRO_-271WU-___DE-32BIT_.exe
2010-08-09 22:18 . 2010-07-15 15:55 49152 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-08-09 22:18 . 2010-08-09 22:18 335872 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-08-03 09:33 . 2010-08-03 09:33 -------- d-----w- c:\programdata\Vocal Transformer
2010-07-31 14:04 . 2009-01-16 17:58 47360 ----a-w- c:\users\***\AppData\Roaming\pcouffin.sys
2010-07-31 14:04 . 2009-01-16 17:58 47360 ----a-w- c:\users\***\AppData\Roaming\pcouffin.sys
2010-07-31 14:04 . 2009-01-16 17:58 -------- d-----w- c:\users\***\AppData\Roaming\Vso
2010-07-17 03:00 . 2010-05-05 18:54 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 10:33 . 2010-07-12 10:32 197688 ----a-w- c:\users\***\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc
2010-07-12 10:33 . 2010-07-12 10:32 148512 ----a-w- c:\users\***\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC
2007-12-13 04:15 . 2007-12-13 04:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Nikon Message Center 2"=c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe -s
"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-09-13 28160]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-10 1051976]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://alice.aol.de/
mStart Page = hxxp://alice.aol.de
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ajscmj5.default\
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\ProtectDisc\License Helper\NPPDLicenseHelper.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-29 15:43
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-29 15:48:19
ComboFix-quarantined-files.txt 2010-09-29 13:48
Vor Suchlauf: 7 Verzeichnis(se), 583.698.137.088 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 583.619.571.712 Bytes frei
- - End Of File - - 66E999D1EE65E0557355155932E23A6C
|
|
30.09.2010, 11:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ --> Windows Dienste funktionieren nicht, keine Internetverbindung möglich |
|
30.09.2010, 12:39
| #7 |
| | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Hallo Arne, Gmer ist bei 2 Versuchen abgestürzt und für Osam kann ich den Online Malware Scanner nicht ausführen, weil von meinem Desktop keine Internetverbindung möglich ist (siehe Problembeschreibung). Gibt es weitere Alternativen zu diesen Tools für meinen Fall und soll ich den Bootkit Remover trotzdem laufen lassen? Vielen Dank und Gruß |
|
30.09.2010, 16:31
| #9 |
| | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Hallo Arne, hier die Bootkit remover Ausagbe: 698 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> und die OSAM Logfile Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:05:49 on 30.09.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PCDRNDISUIO Usermode I/O Protocol" (PcdrNdisuio) - ? - C:\Windows\System32\DRIVERS\pcdrndisuio.sys (File not found) "PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys "PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? - (File not found | COM-object registry key not found) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx {4C39376E-FA9D-4349-BACC-D305C1750EF3} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\Windows\Downloaded Program Files\popcaploader.dll (File not found) / hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab {149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\Windows\DOWNLO~1\stg_drm.ocx / file:///C:/Program%20Files/Peggle/Images/stg_drm.ocx {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab {166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} "{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}" - ? - (File not found | COM-object registry key not found) / hxxp://dl.tvunetworks.com/TVUAx.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CC450D71-CC90-424C-8638-1F2DBAC87A54} "{CC450D71-CC90-424C-8638-1F2DBAC87A54}" - ? - (File not found | COM-object registry key not found) / file:///C:/Program%20Files/Peggle/Images/armhelper.ocx -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll <binary data> "Contribute Toolbar" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll "PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
30.09.2010, 17:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.09.2010, 17:40
| #11 |
| | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Hallo Arne, hier die File der MBRCheck.exe Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KJ253AA-ABD a6355.de
Logical Drives Mask: 0x000007bc
Kernel Drivers (total 142):
0x82C0A000 \SystemRoot\system32\ntkrnlpa.exe
0x82FC3000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068B000 \SystemRoot\system32\drivers\acpi.sys
0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E2000 \SystemRoot\system32\drivers\pci.sys
0x80709000 \SystemRoot\System32\drivers\partmgr.sys
0x80718000 \SystemRoot\system32\drivers\volmgr.sys
0x80727000 \SystemRoot\System32\drivers\volmgrx.sys
0x80771000 \SystemRoot\System32\drivers\mountmgr.sys
0x8320F000 \SystemRoot\system32\drivers\iastor.sys
0x832D6000 \SystemRoot\system32\drivers\fltmgr.sys
0x83308000 \SystemRoot\system32\drivers\fileinfo.sys
0x83318000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83322000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE09000 \SystemRoot\system32\drivers\ndis.sys
0x8AF14000 \SystemRoot\system32\drivers\msrpc.sys
0x8AF3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B000000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B312000 \SystemRoot\system32\drivers\volsnap.sys
0x8B34B000 \SystemRoot\System32\Drivers\spldr.sys
0x8B353000 \SystemRoot\System32\Drivers\mup.sys
0x8B362000 \SystemRoot\System32\drivers\ecache.sys
0x8B389000 \SystemRoot\system32\drivers\disk.sys
0x8B39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B3DC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B3E5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F60E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EE0C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EEAD000 \SystemRoot\System32\drivers\watchdog.sys
0x8EEB9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EEC4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EF02000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EF11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F000000 \SystemRoot\system32\drivers\HCW85BDA.sys
0x8F114000 \SystemRoot\system32\drivers\BdaSup.SYS
0x8F117000 \SystemRoot\system32\drivers\ks.sys
0x8F141000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F15B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F16B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F179000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F191000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8F197000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EF9E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F1C6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F1D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F1E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B1CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EFDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FDEA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF7A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EFEE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F1F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F1FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F600000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8B3F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B1EF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AF8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AFC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90200000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x83393000 \SystemRoot\system32\drivers\portcls.sys
0x8AFD5000 \SystemRoot\system32\drivers\drmk.sys
0x903F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8AE00000 \SystemRoot\System32\Drivers\Null.SYS
0x833C0000 \SystemRoot\System32\Drivers\Beep.SYS
0x833E3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x833EA000 \SystemRoot\System32\drivers\vga.sys
0x80781000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x833F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x83200000 \SystemRoot\system32\drivers\rdpencdd.sys
0x833C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x833D2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x807A2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807AB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x807C1000 \SystemRoot\system32\DRIVERS\smb.sys
0x90402000 \SystemRoot\system32\drivers\afd.sys
0x9044A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9047C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90492000 \SystemRoot\system32\DRIVERS\netbios.sys
0x904A0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x904B3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x904B9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x904F5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x904FF000 \SystemRoot\System32\Drivers\dfsc.sys
0x90516000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90538000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B105000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x90545000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9055A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x97EA0000 \SystemRoot\System32\win32k.sys
0x9055C000 \SystemRoot\System32\drivers\Dxapi.sys
0x90566000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9057D000 \SystemRoot\system32\DRIVERS\netr73.sys
0x8B3C4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x807D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x807E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x807EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x805BB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x980C0000 \SystemRoot\System32\TSDDD.dll
0x980E0000 \SystemRoot\System32\ATMFD.DLL
0x805CA000 \SystemRoot\system32\drivers\luafv.sys
0x805E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x98130000 \SystemRoot\System32\cdd.dll
0x8200D000 \SystemRoot\system32\drivers\spsys.sys
0x820BD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x820CD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x820F7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82101000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82114000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
0x82120000 \SystemRoot\system32\drivers\HTTP.sys
0x8218D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x821AA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x821C3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x821D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0C52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0C79000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0CC7000 \??\C:\Windows\system32\drivers\acedrv11.sys
0xA0D0A000 \SystemRoot\system32\drivers\peauth.sys
0xA0DE8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0DF2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1E04000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA1E19000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA1E2B000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xA1E2C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA1E42000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA1E6A000 \SystemRoot\system32\drivers\MSPQM.sys
0x77C80000 \WINDOWS\System32\ntdll.dll
Processes (total 46):
0 System Idle Process
4 System
488 C:\WINDOWS\System32\smss.exe
556 csrss.exe
612 C:\WINDOWS\System32\wininit.exe
624 csrss.exe
656 C:\WINDOWS\System32\services.exe
668 C:\WINDOWS\System32\lsass.exe
680 C:\WINDOWS\System32\lsm.exe
824 C:\WINDOWS\System32\svchost.exe
920 C:\WINDOWS\System32\svchost.exe
1020 C:\WINDOWS\System32\svchost.exe
1056 C:\WINDOWS\System32\svchost.exe
1068 C:\WINDOWS\System32\svchost.exe
1128 C:\WINDOWS\System32\audiodg.exe
1152 C:\WINDOWS\System32\winlogon.exe
1192 C:\WINDOWS\System32\svchost.exe
1208 C:\WINDOWS\System32\SLsvc.exe
1260 C:\WINDOWS\System32\svchost.exe
1652 C:\WINDOWS\explorer.exe
1732 C:\WINDOWS\System32\dwm.exe
1816 C:\WINDOWS\System32\svchost.exe
248 C:\Program Files\Avira\AntiVir Desktop\sched.exe
312 C:\WINDOWS\System32\svchost.exe
1308 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1436 C:\WINDOWS\System32\svchost.exe
1548 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1220 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1348 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1724 C:\WINDOWS\System32\svchost.exe
1800 C:\WINDOWS\System32\svchost.exe
1708 C:\WINDOWS\System32\svchost.exe
1388 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
432 WUDFHost.exe
1544 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
2648 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2660 C:\WINDOWS\System32\rundll32.exe
2688 WmiPrvSE.exe
3888 C:\WINDOWS\System32\wbem\WMIADAP.exe
3992 C:\WINDOWS\ehome\ehsched.exe
4012 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4060 C:\WINDOWS\ehome\ehrecvr.exe
3340 dllhost.exe
3020 dllhost.exe
3252 C:\Users\***\Desktop\MBRCheck.exe
3796 C:\WINDOWS\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`227ab600 (NTFS)
PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN
Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
|
|
30.09.2010, 17:50
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.09.2010, 18:25
| #13 |
| | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Hallo Arne, hab ich wie von Dir beschrieben durchgeführt, ist aber leider keine Besserung zu verzeichen. Mit freundlichen Grüßen |
|
30.09.2010, 19:10
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Mach bitte ein neues Log mit MBRCheck, ich muss überprüfen ob jetzt ein andere Prüfsumme des MBR angezeigt wird.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.09.2010, 19:25
| #15 |
| | Windows Dienste funktionieren nicht, keine Internetverbindung möglich Hallo Arne, hier die neue MBRCheck Logfile Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KJ253AA-ABD a6355.de
Logical Drives Mask: 0x000007bc
Kernel Drivers (total 141):
0x82C18000 \SystemRoot\system32\ntkrnlpa.exe
0x82FD1000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\drivers\volmgr.sys
0x8072A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80774000 \SystemRoot\System32\drivers\mountmgr.sys
0x83201000 \SystemRoot\system32\drivers\iastor.sys
0x832C8000 \SystemRoot\system32\drivers\fltmgr.sys
0x832FA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8330A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83314000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE09000 \SystemRoot\system32\drivers\ndis.sys
0x8AF14000 \SystemRoot\system32\drivers\msrpc.sys
0x8AF3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B007000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B20A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B31A000 \SystemRoot\system32\drivers\volsnap.sys
0x8B353000 \SystemRoot\System32\Drivers\spldr.sys
0x8B35B000 \SystemRoot\System32\Drivers\mup.sys
0x8B36A000 \SystemRoot\System32\drivers\ecache.sys
0x8B391000 \SystemRoot\system32\drivers\disk.sys
0x8B3A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3D9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B3E4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B3ED000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EC0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F40F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F4B0000 \SystemRoot\System32\drivers\watchdog.sys
0x8F4BC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F4C7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F505000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F514000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F60B000 \SystemRoot\system32\drivers\HCW85BDA.sys
0x8F71F000 \SystemRoot\system32\drivers\BdaSup.SYS
0x8F722000 \SystemRoot\system32\drivers\ks.sys
0x8F74C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F766000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F776000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F784000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F79C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8F7A2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F5A1000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F7D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F7DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F7F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B1D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F3E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AF7A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AF8F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F5F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F7FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F400000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AF9F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AFAC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AFE1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90000000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x83385000 \SystemRoot\system32\drivers\portcls.sys
0x833B2000 \SystemRoot\system32\drivers\drmk.sys
0x901F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B200000 \SystemRoot\System32\Drivers\Null.SYS
0x8B1F6000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AFF2000 \SystemRoot\System32\drivers\vga.sys
0x833D7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x833F8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x80784000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8078F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8079D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807A6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x807BC000 \SystemRoot\system32\DRIVERS\smb.sys
0x805B5000 \SystemRoot\system32\drivers\afd.sys
0x90200000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90232000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90248000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90256000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90269000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9026F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x902AB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x902B5000 \SystemRoot\System32\Drivers\dfsc.sys
0x902CC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x902EE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90305000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90307000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90310000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90320000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90329000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90331000 \SystemRoot\system32\DRIVERS\netr73.sys
0x903B1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x903C6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B10C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x966A0000 \SystemRoot\System32\win32k.sys
0x903D3000 \SystemRoot\System32\drivers\Dxapi.sys
0x903DD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x968C0000 \SystemRoot\System32\TSDDD.dll
0x968E0000 \SystemRoot\System32\ATMFD.DLL
0x807D0000 \SystemRoot\system32\drivers\luafv.sys
0x807EB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x96930000 \SystemRoot\System32\cdd.dll
0x9E60A000 \SystemRoot\system32\drivers\spsys.sys
0x9E6BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E6CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E6F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E6FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E711000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
0x9E71D000 \SystemRoot\system32\drivers\HTTP.sys
0x9E78A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E7A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E7C0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E7D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0C0D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0C46000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0C5E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0C85000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0CD3000 \??\C:\Windows\system32\drivers\acedrv11.sys
0xA0D16000 \SystemRoot\system32\drivers\peauth.sys
0xA0DF4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0C00000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1E04000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA1E19000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA1E2B000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xA1E2C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA1E42000 \SystemRoot\system32\drivers\MSPQM.sys
0x77820000 \WINDOWS\System32\ntdll.dll
Processes (total 44):
0 System Idle Process
4 System
468 C:\WINDOWS\System32\smss.exe
544 csrss.exe
592 C:\WINDOWS\System32\wininit.exe
604 csrss.exe
636 C:\WINDOWS\System32\services.exe
648 C:\WINDOWS\System32\lsass.exe
660 C:\WINDOWS\System32\lsm.exe
820 C:\WINDOWS\System32\svchost.exe
916 C:\WINDOWS\System32\svchost.exe
1008 C:\WINDOWS\System32\svchost.exe
1040 C:\WINDOWS\System32\svchost.exe
1052 C:\WINDOWS\System32\svchost.exe
1116 C:\WINDOWS\System32\audiodg.exe
1152 C:\WINDOWS\System32\winlogon.exe
1168 C:\WINDOWS\System32\svchost.exe
1192 C:\WINDOWS\System32\SLsvc.exe
1252 C:\WINDOWS\System32\svchost.exe
1636 C:\WINDOWS\explorer.exe
1720 C:\WINDOWS\System32\dwm.exe
1792 C:\WINDOWS\System32\svchost.exe
244 C:\Program Files\Avira\AntiVir Desktop\sched.exe
288 C:\WINDOWS\System32\svchost.exe
1276 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1440 C:\WINDOWS\System32\svchost.exe
1432 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
708 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1632 C:\WINDOWS\System32\svchost.exe
1852 C:\WINDOWS\System32\svchost.exe
1384 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
1944 WUDFHost.exe
484 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
2468 C:\WINDOWS\System32\rundll32.exe
2476 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3200 C:\WINDOWS\ehome\ehsched.exe
3244 C:\WINDOWS\ehome\ehrecvr.exe
3264 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5600 WmiPrvSE.exe
632 dllhost.exe
4036 dllhost.exe
1668 C:\Users\***\Desktop\MBRCheck.exe
972 C:\WINDOWS\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ac`227ab600 (NTFS)
PhysicalDrive0 Model Number: ST3750640AS, Rev: 3.CHN
Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
| Themen zu Windows Dienste funktionieren nicht, keine Internetverbindung möglich |
| 0 bytes, 32 bit, akamai, alternate, antivir, antivir guard, anwalt, avgntflt.sys, avira, bho, components, corp./icp, desktop, error, excel.exe, firefox, flash player, hijack, hijackthis, home, home premium, iastor.sys, install.exe, kein fund, keine internetverbindung, location, logfile, maßnahme, media center, microsoft office word, mozilla, nvlddmkm.sys, nvstor.sys, object, office 2007, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, registry, rundll, sched.exe, searchplugins, security, security update, senden, sfc /scannow, shell32.dll, software, super, system, vista, windows |
Linear-Darstellung
