|
Bundespolizei-Ukash Name Peter wurde editiert von mir! OTL logfile created on: 11.10.2011 13:37:47 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,23 Mb Total Physical Memory | 853,91 Mb Available Physical Memory | 83,45% Memory free 2,16 Gb Paging File | 2,12 Gb Available in Paging File | 98,18% Paging File free Paging file location(s): C:\pagefile.sys 1280 3500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 14,76 Gb Free Space | 50,37% Space Free | Partition Type: NTFS Drive D: | 47,39 Gb Total Space | 27,98 Gb Free Space | 59,03% Space Free | Partition Type: NTFS Drive G: | 999,70 Mb Total Space | 935,64 Mb Free Space | 93,59% Space Free | Partition Type: FAT Computer Name: BUERO3 | User Name: Peter | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.04 12:04:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2008.04.14 07:52:40 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2011.07.26 12:07:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2004.01.05 11:44:28 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2002.08.14 16:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService) SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2011.07.26 12:07:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.26 12:07:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.12 06:14:27 | 000,057,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008.02.14 11:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.01.03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.07.31 18:52:35 | 000,027,219 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2005.10.23 19:10:32 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2005.06.08 02:00:00 | 000,799,488 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdslbase.sys -- (FDSLBASE) AVM FRITZ!Card DSL (WinXP/2000) DRV - [2005.06.08 02:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2005.06.08 02:00:00 | 000,045,440 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmdsloe.sys -- (AVMDSLPPPOE) DRV - [2005.06.08 02:00:00 | 000,038,992 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmndsl.sys -- (AVMNDSL) DRV - [2004.05.14 17:24:10 | 000,622,172 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004.02.24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003.12.23 07:32:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp) DRV - [2002.08.14 16:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan) DRV - [2002.08.14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3128;https=127.0.0.1:3128;ftp=127.0.0.1:3128;socks=127.0.0.1:1080 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.01 15:04:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.07 08:28:44 | 000,000,000 | ---D | M] [2008.10.08 20:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Extensions [2011.10.01 15:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\2sq9ugw5.default\extensions [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\2sq9ugw5.default\searchplugins\conduit.xml [2008.10.08 20:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\Peter\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\2SQ9UGW5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.10.01 15:04:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.08.19 15:19:41 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.19 15:19:41 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.08.19 15:19:41 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.08.19 15:19:41 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.19 15:19:41 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.19 15:19:41 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\12.0.742.122\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\12.0.742.122\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found O4 - HKCU..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2007\MemOptimizer.exe" autostart File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!fax.lnk = File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O9 - Extra Button: Snip Dies! - {C3881663-B3FA-49F4-BA57-183B02F47280} - C:\WINDOWS\System32\snipit.dll () O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab (LSSupCtl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AD48C31-B07F-47F1-8017-93E4B7143562}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{961A8F4B-54FF-478B-98F2-A3392BE48C50}: NameServer = 192.168.2.10 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\mahmud.exe) -C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\mahmud.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.02.18 20:03:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{d763d818-c869-11da-8507-000fea412938}\Shell - "" = AutoRun O33 - MountPoints2\{d763d818-c869-11da-8507-000fea412938}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d763d818-c869-11da-8507-000fea412938}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: HP Component Manager - hkey= - key= - File not found MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - File not found MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.11 13:36:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.10.11 13:10:05 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.10.11 10:43:41 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.10.10 17:05:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.10.08 18:56:42 | 000,201,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Limberg\Anwendungsdaten\mahmud.exe [2011.10.08 09:15:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.10.07 09:15:49 | 000,002,463 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Microsoft Access.lnk [2011.10.06 20:21:48 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011.10.06 02:12:06 | 000,329,276 | ---- | M] () -- D:\Eigene Dateien\Vertragsänderung RGT Sabine.eml [2011.10.05 12:09:26 | 000,380,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Telefonliste.mdb [2011.09.26 18:11:46 | 000,018,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\UStVA2011_08_August_Willibald_Peter.elfo [2011.09.26 18:04:22 | 000,019,306 | ---- | M] () -- C:\Dokumente und Einstellungen\Limberg\UStVA2011_07_Juli_Willibald_Limberg.elfo [2011.09.26 04:04:50 | 000,319,523 | ---- | M] () -- D:\Eigene Dateien\Fa_ Hohgardt Silikonanlage 2..eml [2011.09.26 04:03:11 | 000,319,523 | ---- | M] () -- D:\Eigene Dateien\Fa_ Hohgardt Silikonanlage.eml [2011.09.25 20:05:20 | 000,062,217 | ---- | M] () -- D:\Eigene Dateien\D - Liefer- und Zahlungsbedingungen.pdf [2011.09.25 20:05:20 | 000,059,673 | ---- | M] () -- D:\Eigene Dateien\Auftrag Vertrieb43687.pdf [2011.09.25 20:05:20 | 000,034,340 | ---- | M] () -- D:\Eigene Dateien\Rechnung20111502.pdf [2011.09.25 20:05:20 | 000,030,825 | ---- | M] () -- D:\Eigene Dateien\Hülsen Hohgart.pdf [2011.09.25 20:05:19 | 000,053,491 | ---- | M] () -- D:\Eigene Dateien\Angebot Vertrieb18288A.pdf [2011.09.24 14:27:26 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Word.lnk [2011.09.13 19:34:20 | 000,021,653 | ---- | M] () -- D:\Eigene Dateien\Fw_ Einfach genial.eml [2011.09.13 19:33:51 | 000,024,776 | ---- | M] () -- D:\Eigene Dateien\Spanische Kartoffelsuppe.eml [2011.09.12 10:58:30 | 000,066,685 | ---- | M] () -- D:\Eigene Dateien\Ihre STRATO-Rechnung für Kundennummer 61831500.eml [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.08 18:56:42 | 000,201,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\mahmud.exe [2011.10.06 02:12:06 | 000,329,276 | ---- | C] () -- D:\Eigene Dateien\Vertragsänderung RGT Sabine.eml [2011.09.26 18:11:20 | 000,018,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\UStVA2011_08_August_Willibald_Limberg.elfo [2011.09.26 18:03:39 | 000,019,306 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\UStVA2011_07_Juli_Willibald_Limberg.elfo [2011.09.26 04:04:50 | 000,319,523 | ---- | C] () -- D:\Eigene Dateien\Fa_ Hohgardt Silikonanlage 2..eml [2011.09.26 04:03:11 | 000,319,523 | ---- | C] () -- D:\Eigene Dateien\Fa_ Hohgardt Silikonanlage.eml [2011.09.25 20:05:20 | 000,062,217 | ---- | C] () -- D:\Eigene Dateien\D - Liefer- und Zahlungsbedingungen.pdf [2011.09.25 20:05:20 | 000,034,340 | ---- | C] () -- D:\Eigene Dateien\Rechnung20111502.pdf [2011.09.25 20:05:20 | 000,030,825 | ---- | C] () -- D:\Eigene Dateien\Hülsen Hohgart.pdf [2011.09.25 20:05:19 | 000,059,673 | ---- | C] () -- D:\Eigene Dateien\Auftrag Vertrieb43687.pdf [2011.09.25 20:05:19 | 000,053,491 | ---- | C] () -- D:\Eigene Dateien\Angebot Vertrieb18288A.pdf [2011.09.13 19:34:20 | 000,021,653 | ---- | C] () -- D:\Eigene Dateien\Fw_ Einfach genial.eml [2011.09.13 19:33:51 | 000,024,776 | ---- | C] () -- D:\Eigene Dateien\Spanische Kartoffelsuppe.eml [2011.09.12 10:58:30 | 000,066,685 | ---- | C] () -- D:\Eigene Dateien\Ihre STRATO-Rechnung für Kundennummer 61831500.eml [2009.11.10 17:17:03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.10.30 10:54:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.10.08 19:50:14 | 000,077,832 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.06.27 18:24:10 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.24 12:06:33 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini [2008.10.08 20:18:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.04.15 09:40:43 | 000,103,535 | ---- | C] () -- C:\WINDOWS\hpoins04.dat [2008.04.15 09:40:43 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat [2008.03.30 15:09:48 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2008.02.09 21:05:35 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2008.02.09 20:34:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.01.28 18:57:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\autorun.INI [2007.04.14 02:48:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI [2006.12.01 09:35:38 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\JupZLib.dll [2006.07.31 18:42:15 | 000,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys [2006.07.31 18:42:15 | 000,027,219 | ---- | C] () -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys [2005.09.16 11:14:58 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Pokervid.INI [2005.09.16 09:05:38 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2005.09.16 09:05:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe [2005.09.16 09:00:37 | 000,000,089 | ---- | C] () -- C:\WINDOWS\vpetting.ini [2005.08.21 15:22:30 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2005.03.29 16:39:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\distlib.ini [2005.02.25 23:36:49 | 000,033,041 | ---- | C] () -- C:\WINDOWS\SnipIt-Uninstall.exe [2005.02.25 21:22:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OFFA.INI [2005.02.25 20:10:56 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.02.19 16:11:57 | 000,030,720 | ---- | C] () -- C:\WINDOWS\regtlib.exe [2005.02.18 21:51:08 | 000,001,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html [2005.02.18 21:37:29 | 000,001,295 | -H-- | C] () -- C:\WINDOWS\wcx_ftp.ini [2005.02.18 21:36:07 | 000,003,191 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2005.02.18 21:18:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2005.02.18 20:06:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.02.18 20:00:11 | 000,023,504 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.02.18 19:53:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.02.18 19:52:05 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 14:00:00 | 000,449,614 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 14:00:00 | 000,432,892 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 14:00:00 | 000,081,992 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 14:00:00 | 000,069,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.03.30 09:15:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll [2004.03.30 09:15:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll [2004.03.30 09:15:01 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll [2003.05.23 12:08:52 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2003.05.23 12:08:52 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2003.04.05 18:17:52 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2003.03.18 01:51:38 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\snipit.dll [2002.12.14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002.12.14 22:46:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll [2002.11.01 03:00:00 | 001,187,314 | ---- | C] () -- C:\WINDOWS\System32\fdslbase.bin ========== LOP Check ========== [2010.09.22 14:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate [2011.07.20 18:25:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.09.22 14:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords [2011.06.29 17:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\1072734 [2008.07.16 15:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\CommunicaEtor [2010.09.22 14:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\EasyPCGate [2011.09.13 20:32:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\elsterformular [2008.02.09 20:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\FRITZ! [2009.04.21 08:03:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\GrabIt [2008.05.08 17:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\ImagesWords [2009.08.05 16:19:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\IrfanView [2008.01.28 19:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\TuneUp Software [2011.10.08 09:15:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.20 18:25:42 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2005.02.18 20:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.02.09 20:23:52 | 000,000,000 | ---D | M] -- C:\Intel [2008.02.09 21:07:21 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.03.27 15:25:13 | 000,000,000 | ---D | M] -- C:\Offa [2011.07.20 18:25:06 | 000,000,000 | R--D | M] -- C:\Programme [2005.02.18 21:29:25 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2008.04.14 13:18:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.10.11 13:34:32 | 000,000,000 | ---D | M] -- C:\Temp [2008.10.14 19:00:01 | 000,000,000 | ---D | M] -- C:\Util [2005.09.09 15:26:37 | 000,000,000 | ---D | M] -- C:\Vaillant [2011.10.11 13:36:20 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\SoftwareDistribution\Download\e94b50580b3d9c69a3c27b7653239432\sp2gdr\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\Util\Options\i386\REGEDIT.EXE [2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2008-10-05 11:01:35 < > < End of report > ____________________________ OTL Extras logfile created on: 11.10.2011 13:37:47 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,23 Mb Total Physical Memory | 853,91 Mb Available Physical Memory | 83,45% Memory free 2,16 Gb Paging File | 2,12 Gb Available in Paging File | 98,18% Paging File free Paging file location(s): C:\pagefile.sys 1280 3500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 14,76 Gb Free Space | 50,37% Space Free | Partition Type: NTFS Drive D: | 47,39 Gb Total Space | 27,98 Gb Free Space | 59,03% Space Free | Partition Type: NTFS Drive G: | 999,70 Mb Total Space | 935,64 Mb Free Space | 93,59% Space Free | Partition Type: FAT Computer Name: BUERO3 | User Name: Limberg | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation) "C:\Util\KEN!\update.exe" = C:\Util\KEN!\update.exe:*:Enabled:update "C:\Programme\IncrediMail\bin\IMApp.exe" = C:\Programme\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail "C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail "C:\Programme\IncrediMail\bin\ImpCnt.exe" = C:\Programme\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail "C:\Temp\_ISTMP1.DIR\_INS5576._MP" = C:\Temp\_ISTMP1.DIR\_INS5576._MP:*:Enabled:InstallShield Engine ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1 "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8E00A1E0-921D-11D4-9F9F-A5A5A5A5A5A5}" = T-Concept X321 XI321 "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F23F822C-CC19-4793-A916-9C448D061475}" = Großer Reiseplaner 2003/2004 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg "{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "aEton CommunicaEor" = aEton CommunicaEor "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "conduitEngine" = Conduit Engine "ElsterFormular für Unternehmer 12.2.0.6412u" = ElsterFormular für Unternehmer "Enable S3 for USB Device" = Enable S3 for USB Device "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "hp officejet 5100 series" = hp officejet 5100 series TWAIN Data Source "hp officejet 5100 series 1109362220" = hp officejet 5100 series - 1 "HP Photo & Imaging" = HP Image Zone 4.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition "Nero BurnRights!UninstallKey" = Nero BurnRights "NeroVision!UninstallKey" = Nero Digital "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "QuickPar" = QuickPar 0.9 "Skype_is1" = Skype 3.0 "SLD CODEC PACK 1.5.3" = SLD CODEC PACK 1.5.3 "SnipItButton" = Knopf Snip Dies! für www.de.snip.pl "Totalcmd" = Total Commander (Remove or Repair) "Uninstall_is1" = Uninstall 1.0.0.1 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 29.10.2010 03:50:58 | Computer Name = BUERO3 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d. Error - 29.10.2010 03:51:03 | Computer Name = BUERO3 | Source = Application Error | ID = 1001 Description = Fehlerhafter Speicherbereich 223874319. Error - 23.03.2011 08:53:09 | Computer Name = BUERO3 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5145, fehlgeschlagenes Modul clvsd.ax, Version 3.5.0.1011, Fehleradresse 0x00039caf. Error - 23.03.2011 08:53:40 | Computer Name = BUERO3 | Source = Application Error | ID = 1001 Description = Fehlerhafter Speicherbereich 341732724. Error - 01.04.2011 03:31:34 | Computer Name = BUERO3 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 11.0.5721.5145, fehlgeschlagenes Modul clvsd.ax, Version 3.5.0.1011, Fehleradresse 0x00039caf. Error - 01.04.2011 03:32:10 | Computer Name = BUERO3 | Source = Application Error | ID = 1001 Description = Fehlerhafter Speicherbereich 341732724. Error - 25.07.2011 05:45:32 | Computer Name = BUERO3 | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\xpsp\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x8007001f Error - 27.07.2011 09:28:11 | Computer Name = BUERO3 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 28.07.2011 00:55:13 | Computer Name = BUERO3 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 23.08.2011 07:11:41 | Computer Name = BUERO3 | Source = ESENT | ID = 490 Description = svchost (944) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. [ System Events ] Error - 11.10.2011 04:59:25 | Computer Name = BUERO3 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 11.10.2011 05:15:55 | Computer Name = BUERO3 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 11.10.2011 05:16:11 | Computer Name = BUERO3 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 11.10.2011 05:16:18 | Computer Name = BUERO3 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 11.10.2011 07:37:09 | Computer Name = BUERO3 | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 11.10.2011 07:37:45 | Computer Name = BUERO3 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 11.10.2011 07:37:45 | Computer Name = BUERO3 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 11.10.2011 07:37:45 | Computer Name = BUERO3 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 11.10.2011 07:37:45 | Computer Name = BUERO3 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 11.10.2011 07:37:45 | Computer Name = BUERO3 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip < End of report > |
Malwarebytes und ESET kennste ja oder brauchste die Anleitungen dafür nochmal? Egal ich poste sie :D Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
|
kann ja momentan noch gar nich auf den desktop zugreifen ist momentan das super bundespolizei bild brauche erst noch rkill oder ?will absolut nichts falsch machen^^bald kann ich den virus aus dem ff löschen ^^so stark verbreitet bei uns in der gegend^^ |
Dann mach erstmal einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
alles kla mache des mal =) muss ich aber über eingabeaufforderung machen aber kein ding weisch mitlerweile wie das funzt^^melde mich gleich nochmal |
so erstmal vornweg gab eine meldung beim fixen Windows Internet Files ist ein Systemordner und kann nicht gelöscht werden musste ich ok klicken hier nun die OTL Log: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Limberg\Anwendungsdaten\mahmud.exe deleted successfully. File \Dokumente und Einstellungen\Limberg\Anwendungsdaten\mahmud.exe) -C:\Dokumente und Einstellungen\Limberg\Anwendungsdaten\mahmud.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d763d818-c869-11da-8507-000fea412938}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d763d818-c869-11da-8507-000fea412938}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d763d818-c869-11da-8507-000fea412938}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d763d818-c869-11da-8507-000fea412938}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d763d818-c869-11da-8507-000fea412938}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d763d818-c869-11da-8507-000fea412938}\ not found. File F:\LaunchU3.exe not found. C:\Dokumente und Einstellungen\Limberg\Anwendungsdaten\mahmud.exe moved successfully. C:\Dokumente und Einstellungen\Limberg\Anwendungsdaten\1072734 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes User: Limberg ->Temp folder emptied: 0 bytes ->FireFox cache emptied: 52081133 bytes ->Google Chrome cache emptied: 61974052 bytes ->Flash cache emptied: 41056 bytes User: LocalService ->Temp folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 25575375 bytes Session Manager Temp folder emptied: 130744662 bytes Session Manager Tmp folder emptied: 0 bytes RecycleBin emptied: 36207561 bytes Total Files Cleaned = 292,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.29.1 log created on 10112011_165902 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Wie auch immer. Wenn Windows wieder normal startet ohne BKA, machst du mit Malwarebytes und ESET bitte sofort weiter. Erst Malwarebytes, alle Funde entfernen, dann ESET. |
dann mache ich mich mal ans werk danke dir Arne =) ich denke heut schaff ichs net mehr ansonsten bekommst die logs morgen früh halbe stunde ist bisl eng für beide scans hehe :kaffee: |
so bin dann jetzt weck mbam scan läuft eset morgen früh direkt wünsche dir nen schönen abend |
Hallo zusammen ! Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7923 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12.10.2011 09:00:52 mbam-log-2011-10-12 (09-00-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 276633 Laufzeit: 1 Stunde(n), 13 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ____________________________ ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=9fcbb44bf294c74cb52175c5a5f4e257 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-12 09:30:17 # local_time=2011-10-12 11:30:17 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775129 100 94 310184 83885177 281441 0 # compatibility_mode=4096 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 187 187 0 0 # scanned=116631 # found=0 # cleaned=0 # scan_time=8436 |
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
Guten Tag zusammen, keine chance das auszuführen komme weder in den abgesicherten modus mit eingabeaufforderung rein,auch mit einer Startdiskette kann ich die eingabekonsole nicht öffnen und im normalen abgesicherten modus tut OTL rein gar nichts |
OTL Logfile: Code: OTL logfile created on: 13.10.2011 10:14:29 - Run 2 |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully. C:\Programme\Winload\prxtbWin0.dll moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Programme\Winload\prxtbWin0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Programme\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Programme\Winload\prxtbWin0.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found. File C:\Programme\Winload\prxtbWin0.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes User: Limberg ->Temp folder emptied: 0 bytes ->FireFox cache emptied: 32004564 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes Session Manager Temp folder emptied: 23620744 bytes Session Manager Tmp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 53,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.29.1 log created on 10142011_090449 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif |
15:51:07.0328 2848 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23 15:51:07.0359 2848 ============================================================ 15:51:07.0359 2848 Current date / time: 2011/10/17 15:51:07.0359 15:51:07.0359 2848 SystemInfo: 15:51:07.0359 2848 15:51:07.0359 2848 OS Version: 5.1.2600 ServicePack: 3.0 15:51:07.0359 2848 Product type: Workstation 15:51:07.0359 2848 ComputerName: BUERO3 15:51:07.0359 2848 UserName: Limberg 15:51:07.0359 2848 Windows directory: C:\WINDOWS 15:51:07.0359 2848 System windows directory: C:\WINDOWS 15:51:07.0359 2848 Processor architecture: Intel x86 15:51:07.0359 2848 Number of processors: 1 15:51:07.0359 2848 Page size: 0x1000 15:51:07.0359 2848 Boot type: Normal boot 15:51:07.0359 2848 ============================================================ 15:51:08.0421 2848 Initialize success 15:51:13.0562 2832 ============================================================ 15:51:13.0562 2832 Scan started 15:51:13.0562 2832 Mode: Manual; SigCheck; TDLFS; 15:51:13.0562 2832 ============================================================ 15:51:14.0140 2832 Abiosdsk - ok 15:51:14.0203 2832 abp480n5 - ok 15:51:14.0250 2832 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:51:15.0296 2832 ACPI - ok 15:51:15.0359 2832 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:51:15.0515 2832 ACPIEC - ok 15:51:15.0562 2832 adpu160m - ok 15:51:15.0609 2832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:51:15.0765 2832 aec - ok 15:51:15.0843 2832 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys 15:51:15.0890 2832 AFD - ok 15:51:15.0953 2832 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys 15:51:15.0968 2832 AFS2K - ok 15:51:16.0046 2832 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 15:51:16.0203 2832 agp440 - ok 15:51:16.0250 2832 Aha154x - ok 15:51:16.0265 2832 aic78u2 - ok 15:51:16.0281 2832 aic78xx - ok 15:51:16.0328 2832 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 15:51:16.0437 2832 ALCXSENS - ok 15:51:16.0515 2832 ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 15:51:16.0609 2832 ALCXWDM - ok 15:51:16.0656 2832 AliIde - ok 15:51:16.0703 2832 amsint - ok 15:51:16.0812 2832 asc - ok 15:51:16.0859 2832 asc3350p - ok 15:51:16.0875 2832 asc3550 - ok 15:51:16.0921 2832 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys 15:51:16.0937 2832 Aspi32 ( UnsignedFile.Multi.Generic ) - warning 15:51:16.0937 2832 Aspi32 - detected UnsignedFile.Multi.Generic (1) 15:51:17.0015 2832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:51:17.0171 2832 AsyncMac - ok 15:51:17.0250 2832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:51:17.0406 2832 atapi - ok 15:51:17.0453 2832 Atdisk - ok 15:51:17.0484 2832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:51:17.0656 2832 Atmarpc - ok 15:51:17.0734 2832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:51:17.0890 2832 audstub - ok 15:51:17.0984 2832 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 15:51:17.0984 2832 avgio - ok 15:51:18.0062 2832 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:51:18.0109 2832 avgntflt - ok 15:51:18.0187 2832 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:51:18.0203 2832 avipbb - ok 15:51:18.0265 2832 AVMCOWAN (fc81a3af632ab366cbff0938b5f775fe) C:\WINDOWS\system32\DRIVERS\avmcowan.sys 15:51:18.0328 2832 AVMCOWAN - ok 15:51:18.0406 2832 AVMDSLPPPOE (4460f56b12b898e75f989f290d14ab9e) C:\WINDOWS\system32\DRIVERS\avmdsloe.sys 15:51:18.0421 2832 AVMDSLPPPOE - ok 15:51:18.0500 2832 AVMNDSL (70ecb88ca41e7f658025d1d442767fe9) C:\WINDOWS\system32\DRIVERS\avmndsl.sys 15:51:18.0515 2832 AVMNDSL - ok 15:51:18.0593 2832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:51:18.0750 2832 Beep - ok 15:51:18.0812 2832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:51:18.0968 2832 cbidf2k - ok 15:51:19.0015 2832 cd20xrnt - ok 15:51:19.0046 2832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:51:19.0218 2832 Cdaudio - ok 15:51:19.0296 2832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:51:19.0437 2832 Cdfs - ok 15:51:19.0515 2832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:51:19.0656 2832 Cdrom - ok 15:51:19.0703 2832 Changer - ok 15:51:19.0734 2832 CmdIde - ok 15:51:19.0750 2832 Cpqarray - ok 15:51:19.0781 2832 dac2w2k - ok 15:51:19.0796 2832 dac960nt - ok 15:51:19.0843 2832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:51:20.0000 2832 Disk - ok 15:51:20.0093 2832 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 15:51:20.0281 2832 dmboot - ok 15:51:20.0359 2832 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\DRIVERS\dmio.sys 15:51:20.0515 2832 dmio - ok 15:51:20.0578 2832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:51:20.0750 2832 dmload - ok 15:51:20.0843 2832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:51:20.0984 2832 DMusic - ok 15:51:21.0078 2832 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 15:51:21.0218 2832 dot4 - ok 15:51:21.0296 2832 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 15:51:21.0468 2832 Dot4Print - ok 15:51:21.0531 2832 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys 15:51:21.0703 2832 Dot4Scan - ok 15:51:21.0765 2832 dot4usb (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 15:51:21.0921 2832 dot4usb - ok 15:51:21.0968 2832 dpti2o - ok 15:51:22.0015 2832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:51:22.0156 2832 drmkaud - ok 15:51:22.0250 2832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:51:22.0390 2832 Fastfat - ok 15:51:22.0484 2832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 15:51:22.0625 2832 Fdc - ok 15:51:22.0734 2832 FDSLBASE (7b6c1cd3bfecdc3f3bb023ce4dfb511b) C:\WINDOWS\system32\DRIVERS\fdslbase.sys 15:51:22.0796 2832 FDSLBASE - ok 15:51:22.0875 2832 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 15:51:23.0015 2832 Fips - ok 15:51:23.0093 2832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 15:51:23.0265 2832 Flpydisk - ok 15:51:23.0328 2832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 15:51:23.0468 2832 FltMgr - ok 15:51:23.0546 2832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:51:23.0703 2832 Fs_Rec - ok 15:51:23.0781 2832 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:51:23.0937 2832 Ftdisk - ok 15:51:24.0031 2832 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 15:51:24.0187 2832 gameenum - ok 15:51:24.0265 2832 GDTdiInterceptor (e0e0bf8cfb25659ffcd68b81a7f47f0a) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys 15:51:24.0281 2832 GDTdiInterceptor ( UnsignedFile.Multi.Generic ) - warning 15:51:24.0281 2832 GDTdiInterceptor - detected UnsignedFile.Multi.Generic (1) 15:51:24.0359 2832 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Programme\Symantec\Norton Ghost 2003\ghpciscan.sys 15:51:24.0359 2832 GhPciScan ( UnsignedFile.Multi.Generic ) - warning 15:51:24.0375 2832 GhPciScan - detected UnsignedFile.Multi.Generic (1) 15:51:24.0375 2832 GMSIPCI - ok 15:51:24.0453 2832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:51:24.0593 2832 Gpc - ok 15:51:24.0687 2832 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:51:24.0828 2832 HDAudBus - ok 15:51:24.0921 2832 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:51:25.0062 2832 HidUsb - ok 15:51:25.0187 2832 hpn - ok 15:51:25.0265 2832 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 15:51:25.0312 2832 HPZid412 - ok 15:51:25.0375 2832 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 15:51:25.0421 2832 HPZipr12 - ok 15:51:25.0484 2832 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 15:51:25.0562 2832 HPZius12 - ok 15:51:25.0640 2832 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 15:51:25.0796 2832 HTTP - ok 15:51:25.0843 2832 i2omgmt - ok 15:51:25.0859 2832 i2omp - ok 15:51:25.0906 2832 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:51:26.0062 2832 i8042prt - ok 15:51:26.0187 2832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:51:26.0343 2832 Imapi - ok 15:51:26.0390 2832 ini910u - ok 15:51:26.0609 2832 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys 15:51:26.0843 2832 IntcAzAudAddService - ok 15:51:26.0906 2832 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 15:51:27.0062 2832 IntelIde - ok 15:51:27.0156 2832 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:51:27.0312 2832 intelppm - ok 15:51:27.0390 2832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 15:51:27.0546 2832 Ip6Fw - ok 15:51:27.0625 2832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:51:27.0796 2832 IpFilterDriver - ok 15:51:27.0875 2832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:51:28.0015 2832 IpInIp - ok 15:51:28.0093 2832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:51:28.0265 2832 IpNat - ok 15:51:28.0343 2832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:51:28.0484 2832 IPSec - ok 15:51:28.0546 2832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:51:28.0703 2832 IRENUM - ok 15:51:28.0781 2832 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:51:28.0921 2832 isapnp - ok 15:51:29.0000 2832 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:51:29.0156 2832 Kbdclass - ok 15:51:29.0203 2832 KEN - ok 15:51:29.0250 2832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:51:29.0390 2832 kmixer - ok 15:51:29.0468 2832 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 15:51:29.0625 2832 KSecDD - ok 15:51:29.0671 2832 lbrtfdc - ok 15:51:29.0734 2832 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 15:51:29.0750 2832 MBAMProtector - ok 15:51:29.0796 2832 MBAMSwissArmy - ok 15:51:29.0843 2832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:51:30.0000 2832 mnmdd - ok 15:51:30.0078 2832 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 15:51:30.0218 2832 Modem - ok 15:51:30.0296 2832 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:51:30.0437 2832 Mouclass - ok 15:51:30.0531 2832 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:51:30.0687 2832 mouhid - ok 15:51:30.0750 2832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:51:30.0890 2832 MountMgr - ok 15:51:30.0953 2832 mraid35x - ok 15:51:30.0984 2832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:51:31.0140 2832 MRxDAV - ok 15:51:31.0234 2832 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:51:31.0390 2832 MRxSmb - ok 15:51:31.0484 2832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:51:31.0640 2832 Msfs - ok 15:51:31.0640 2832 MSICPL - ok 15:51:31.0703 2832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:51:31.0859 2832 MSKSSRV - ok 15:51:31.0937 2832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:51:32.0093 2832 MSPCLOCK - ok 15:51:32.0171 2832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:51:32.0312 2832 MSPQM - ok 15:51:32.0390 2832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:51:32.0546 2832 mssmbios - ok 15:51:32.0609 2832 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 15:51:32.0750 2832 Mup - ok 15:51:32.0843 2832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:51:32.0984 2832 NDIS - ok 15:51:33.0046 2832 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:51:33.0203 2832 NdisTapi - ok 15:51:33.0281 2832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:51:33.0437 2832 Ndisuio - ok 15:51:33.0500 2832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:51:33.0656 2832 NdisWan - ok 15:51:33.0750 2832 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 15:51:33.0890 2832 NDProxy - ok 15:51:33.0953 2832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:51:34.0093 2832 NetBIOS - ok 15:51:34.0187 2832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:51:34.0328 2832 NetBT - ok 15:51:34.0390 2832 NETFRITZ - ok 15:51:34.0406 2832 NETFWDSL - ok 15:51:34.0453 2832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:51:34.0609 2832 Npfs - ok 15:51:34.0625 2832 NTACCESS - ok 15:51:34.0718 2832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:51:34.0875 2832 Ntfs - ok 15:51:34.0953 2832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:51:35.0109 2832 Null - ok 15:51:35.0484 2832 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 15:51:35.0828 2832 nv - ok 15:51:35.0890 2832 NVHDA (93187e98df4b8fe95d1c058601764c75) C:\WINDOWS\system32\drivers\nvhda32.sys 15:51:35.0906 2832 NVHDA - ok 15:51:35.0984 2832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:51:36.0140 2832 NwlnkFlt - ok 15:51:36.0218 2832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:51:36.0375 2832 NwlnkFwd - ok 15:51:36.0453 2832 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 15:51:36.0593 2832 Parport - ok 15:51:36.0671 2832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:51:36.0812 2832 PartMgr - ok 15:51:36.0890 2832 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 15:51:37.0046 2832 ParVdm - ok 15:51:37.0156 2832 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 15:51:37.0312 2832 PCI - ok 15:51:37.0359 2832 PCIDump - ok 15:51:37.0390 2832 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:51:37.0546 2832 PCIIde - ok 15:51:37.0625 2832 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:51:37.0765 2832 Pcmcia - ok 15:51:37.0828 2832 PDCOMP - ok 15:51:37.0843 2832 PDFRAME - ok 15:51:37.0859 2832 PDRELI - ok 15:51:37.0875 2832 PDRFRAME - ok 15:51:37.0875 2832 perc2 - ok 15:51:37.0890 2832 perc2hib - ok 15:51:37.0968 2832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:51:38.0125 2832 PptpMiniport - ok 15:51:38.0187 2832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:51:38.0343 2832 Ptilink - ok 15:51:38.0390 2832 ql1080 - ok 15:51:38.0406 2832 Ql10wnt - ok 15:51:38.0437 2832 ql12160 - ok 15:51:38.0453 2832 ql1240 - ok 15:51:38.0468 2832 ql1280 - ok 15:51:38.0500 2832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:51:38.0656 2832 RasAcd - ok 15:51:38.0734 2832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:51:38.0875 2832 Rasl2tp - ok 15:51:38.0953 2832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:51:39.0093 2832 RasPppoe - ok 15:51:39.0171 2832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:51:39.0328 2832 Raspti - ok 15:51:39.0468 2832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:51:39.0609 2832 Rdbss - ok 15:51:39.0671 2832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:51:39.0828 2832 RDPCDD - ok 15:51:39.0921 2832 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:51:40.0062 2832 rdpdr - ok 15:51:40.0171 2832 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 15:51:40.0312 2832 RDPWD - ok 15:51:40.0390 2832 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:51:40.0531 2832 redbook - ok 15:51:40.0640 2832 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 15:51:40.0671 2832 RTLE8023xp - ok 15:51:40.0750 2832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:51:40.0906 2832 Secdrv - ok 15:51:40.0968 2832 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:51:41.0125 2832 serenum - ok 15:51:41.0187 2832 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 15:51:41.0343 2832 Serial - ok 15:51:41.0359 2832 SetupNTGLM7X - ok 15:51:41.0421 2832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 15:51:41.0578 2832 Sfloppy - ok 15:51:41.0625 2832 Simbad - ok 15:51:41.0640 2832 Sparrow - ok 15:51:41.0687 2832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:51:41.0828 2832 splitter - ok 15:51:41.0906 2832 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 15:51:42.0046 2832 sr - ok 15:51:42.0171 2832 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 15:51:42.0343 2832 Srv - ok 15:51:42.0421 2832 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:51:42.0421 2832 ssmdrv - ok 15:51:42.0515 2832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:51:42.0640 2832 swenum - ok 15:51:42.0734 2832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:51:42.0875 2832 swmidi - ok 15:51:42.0937 2832 symc810 - ok 15:51:42.0953 2832 symc8xx - ok 15:51:42.0968 2832 sym_hi - ok 15:51:42.0984 2832 sym_u3 - ok 15:51:43.0015 2832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:51:43.0156 2832 sysaudio - ok 15:51:43.0250 2832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:51:43.0296 2832 Tcpip - ok 15:51:43.0375 2832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:51:43.0515 2832 TDPIPE - ok 15:51:43.0593 2832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:51:43.0734 2832 TDTCP - ok 15:51:43.0812 2832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:51:43.0953 2832 TermDD - ok 15:51:44.0015 2832 TosIde - ok 15:51:44.0062 2832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:51:44.0203 2832 Udfs - ok 15:51:44.0250 2832 ultra - ok 15:51:44.0312 2832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:51:44.0468 2832 Update - ok 15:51:44.0562 2832 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:51:44.0703 2832 usbccgp - ok 15:51:44.0781 2832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:51:44.0921 2832 usbehci - ok 15:51:45.0000 2832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:51:45.0140 2832 usbhub - ok 15:51:45.0203 2832 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:51:45.0343 2832 usbprint - ok 15:51:45.0421 2832 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:51:45.0562 2832 usbscan - ok 15:51:45.0640 2832 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:51:45.0781 2832 USBSTOR - ok 15:51:45.0843 2832 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:51:46.0000 2832 usbuhci - ok 15:51:46.0078 2832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:51:46.0218 2832 VgaSave - ok 15:51:46.0265 2832 ViaIde - ok 15:51:46.0312 2832 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 15:51:46.0453 2832 VolSnap - ok 15:51:46.0546 2832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:51:46.0687 2832 Wanarp - ok 15:51:46.0765 2832 wceusbsh (2e8ba025d65dd49d15ea66973e2a15df) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 15:51:46.0890 2832 wceusbsh - ok 15:51:46.0937 2832 WDICA - ok 15:51:46.0984 2832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:51:47.0140 2832 wdmaud - ok 15:51:47.0250 2832 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:51:47.0421 2832 WS2IFSL - ok 15:51:47.0500 2832 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:51:47.0546 2832 WudfPf - ok 15:51:47.0609 2832 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:51:47.0640 2832 WudfRd - ok 15:51:47.0734 2832 yukonwxp (265b882e0501ac6d06f083b04af488a8) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys 15:51:47.0765 2832 yukonwxp - ok 15:51:47.0796 2832 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 15:51:47.0984 2832 \Device\Harddisk0\DR0 - ok 15:51:48.0000 2832 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR5 15:51:51.0031 2832 \Device\Harddisk1\DR5 - ok 15:51:51.0046 2832 Boot (0x1200) (08a5ad32732fa13adeebb6727ccb2836) \Device\Harddisk0\DR0\Partition0 15:51:51.0046 2832 \Device\Harddisk0\DR0\Partition0 - ok 15:51:51.0078 2832 Boot (0x1200) (ad4844f3b33b6b8da0802ceaf169c53d) \Device\Harddisk0\DR0\Partition1 15:51:51.0078 2832 \Device\Harddisk0\DR0\Partition1 - ok 15:51:51.0078 2832 Boot (0x1200) (d423f3f6b3d336a95f15b24e039ec2db) \Device\Harddisk1\DR5\Partition0 15:51:51.0078 2832 \Device\Harddisk1\DR5\Partition0 - ok 15:51:51.0078 2832 ============================================================ 15:51:51.0078 2832 Scan finished 15:51:51.0078 2832 ============================================================ 15:51:51.0203 3624 Detected object count: 3 15:51:51.0203 3624 Actual detected object count: 3 15:57:34.0687 3624 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user 15:57:34.0687 3624 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:57:34.0687 3624 GDTdiInterceptor ( UnsignedFile.Multi.Generic ) - skipped by user 15:57:34.0687 3624 GDTdiInterceptor ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:57:34.0687 3624 GhPciScan ( UnsignedFile.Multi.Generic ) - skipped by user 15:57:34.0687 3624 GhPciScan ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:57:39.0046 2368 Deinitialize success |
Zitat:
|
weiss ich nicht ob das mal auf dem rechner drauf war besitzer natürlich auch net ...soll ich die geskippten sachen löschen ? |
Hi Arne, wollte mal fragen ob es evtl ne step bei step anleitung gibt das ich die meisten Schritte selbstständig machen kann was das entfernen dieser Art Viren angeht,das ich deine Kostbare Zeit nicht wegen jeden Mist immer in Anspruch nehme :singsing: |
Wenn dann bitte diese das hier mit dem TDSS-Killer entfernen: Zitat:
|
09:11:35.0406 2864 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23 09:11:35.0500 2864 ============================================================ 09:11:35.0500 2864 Current date / time: 2011/10/19 09:11:35.0500 09:11:35.0500 2864 SystemInfo: 09:11:35.0500 2864 09:11:35.0500 2864 OS Version: 5.1.2600 ServicePack: 3.0 09:11:35.0500 2864 Product type: Workstation 09:11:35.0500 2864 ComputerName: BUERO3 09:11:35.0500 2864 UserName: Limberg 09:11:35.0500 2864 Windows directory: C:\WINDOWS 09:11:35.0500 2864 System windows directory: C:\WINDOWS 09:11:35.0500 2864 Processor architecture: Intel x86 09:11:35.0500 2864 Number of processors: 1 09:11:35.0500 2864 Page size: 0x1000 09:11:35.0500 2864 Boot type: Normal boot 09:11:35.0500 2864 ============================================================ 09:11:37.0250 2864 Initialize success 09:11:44.0843 3380 ============================================================ 09:11:44.0843 3380 Scan started 09:11:44.0843 3380 Mode: Manual; SigCheck; TDLFS; 09:11:44.0843 3380 ============================================================ 09:11:45.0140 3380 Abiosdsk - ok 09:11:45.0156 3380 abp480n5 - ok 09:11:45.0203 3380 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:11:46.0156 3380 ACPI - ok 09:11:46.0218 3380 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 09:11:46.0421 3380 ACPIEC - ok 09:11:46.0468 3380 adpu160m - ok 09:11:46.0562 3380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 09:11:46.0734 3380 aec - ok 09:11:46.0875 3380 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys 09:11:46.0937 3380 AFD - ok 09:11:47.0015 3380 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys 09:11:47.0031 3380 AFS2K - ok 09:11:47.0109 3380 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 09:11:47.0265 3380 agp440 - ok 09:11:47.0296 3380 Aha154x - ok 09:11:47.0359 3380 aic78u2 - ok 09:11:47.0375 3380 aic78xx - ok 09:11:47.0421 3380 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 09:11:47.0531 3380 ALCXSENS - ok 09:11:47.0609 3380 ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 09:11:47.0734 3380 ALCXWDM - ok 09:11:47.0843 3380 AliIde - ok 09:11:47.0906 3380 amsint - ok 09:11:47.0968 3380 asc - ok 09:11:48.0031 3380 asc3350p - ok 09:11:48.0093 3380 asc3550 - ok 09:11:48.0187 3380 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys 09:11:48.0203 3380 Aspi32 ( UnsignedFile.Multi.Generic ) - warning 09:11:48.0203 3380 Aspi32 - detected UnsignedFile.Multi.Generic (1) 09:11:48.0328 3380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:11:48.0500 3380 AsyncMac - ok 09:11:48.0562 3380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 09:11:48.0718 3380 atapi - ok 09:11:48.0765 3380 Atdisk - ok 09:11:48.0859 3380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:11:49.0031 3380 Atmarpc - ok 09:11:49.0109 3380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 09:11:49.0265 3380 audstub - ok 09:11:49.0343 3380 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 09:11:49.0359 3380 avgio - ok 09:11:49.0437 3380 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 09:11:49.0468 3380 avgntflt - ok 09:11:49.0531 3380 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 09:11:49.0546 3380 avipbb - ok 09:11:49.0625 3380 AVMCOWAN (fc81a3af632ab366cbff0938b5f775fe) C:\WINDOWS\system32\DRIVERS\avmcowan.sys 09:11:49.0687 3380 AVMCOWAN - ok 09:11:49.0750 3380 AVMDSLPPPOE (4460f56b12b898e75f989f290d14ab9e) C:\WINDOWS\system32\DRIVERS\avmdsloe.sys 09:11:49.0781 3380 AVMDSLPPPOE - ok 09:11:49.0859 3380 AVMNDSL (70ecb88ca41e7f658025d1d442767fe9) C:\WINDOWS\system32\DRIVERS\avmndsl.sys 09:11:49.0890 3380 AVMNDSL - ok 09:11:49.0968 3380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 09:11:50.0140 3380 Beep - ok 09:11:50.0218 3380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 09:11:50.0390 3380 cbidf2k - ok 09:11:50.0437 3380 cd20xrnt - ok 09:11:50.0484 3380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 09:11:50.0656 3380 Cdaudio - ok 09:11:50.0734 3380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 09:11:50.0890 3380 Cdfs - ok 09:11:50.0968 3380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:11:51.0546 3380 Cdrom - ok 09:11:51.0625 3380 Changer - ok 09:11:51.0671 3380 CmdIde - ok 09:11:51.0828 3380 Cpqarray - ok 09:11:52.0031 3380 dac2w2k - ok 09:11:52.0218 3380 dac960nt - ok 09:11:52.0515 3380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 09:11:52.0765 3380 Disk - ok 09:11:53.0281 3380 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 09:11:54.0125 3380 dmboot - ok 09:11:54.0390 3380 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\DRIVERS\dmio.sys 09:11:54.0625 3380 dmio - ok 09:11:54.0953 3380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 09:11:55.0406 3380 dmload - ok 09:11:55.0718 3380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 09:11:56.0031 3380 DMusic - ok 09:11:56.0234 3380 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 09:11:56.0406 3380 dot4 - ok 09:11:56.0734 3380 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 09:11:57.0171 3380 Dot4Print - ok 09:11:57.0343 3380 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys 09:11:57.0546 3380 Dot4Scan - ok 09:11:57.0625 3380 dot4usb (29e86af2f3457d0441348020fe3cfbd0) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 09:11:58.0093 3380 dot4usb - ok 09:11:58.0375 3380 dpti2o - ok 09:11:58.0500 3380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 09:11:58.0656 3380 drmkaud - ok 09:11:58.0750 3380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 09:11:58.0953 3380 Fastfat - ok 09:11:59.0500 3380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 09:11:59.0765 3380 Fdc - ok 09:12:00.0015 3380 FDSLBASE (7b6c1cd3bfecdc3f3bb023ce4dfb511b) C:\WINDOWS\system32\DRIVERS\fdslbase.sys 09:12:00.0328 3380 FDSLBASE - ok 09:12:00.0531 3380 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 09:12:00.0750 3380 Fips - ok 09:12:01.0015 3380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 09:12:01.0593 3380 Flpydisk - ok 09:12:01.0765 3380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 09:12:02.0031 3380 FltMgr - ok 09:12:02.0093 3380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:12:02.0312 3380 Fs_Rec - ok 09:12:02.0406 3380 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:12:02.0671 3380 Ftdisk - ok 09:12:02.0812 3380 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 09:12:03.0093 3380 gameenum - ok 09:12:03.0218 3380 GDTdiInterceptor (e0e0bf8cfb25659ffcd68b81a7f47f0a) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys 09:12:03.0265 3380 GDTdiInterceptor ( UnsignedFile.Multi.Generic ) - warning 09:12:03.0265 3380 GDTdiInterceptor - detected UnsignedFile.Multi.Generic (1) 09:12:03.0484 3380 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Programme\Symantec\Norton Ghost 2003\ghpciscan.sys 09:12:03.0500 3380 GhPciScan ( UnsignedFile.Multi.Generic ) - warning 09:12:03.0500 3380 GhPciScan - detected UnsignedFile.Multi.Generic (1) 09:12:03.0500 3380 GMSIPCI - ok 09:12:03.0671 3380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:12:03.0906 3380 Gpc - ok 09:12:04.0093 3380 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:12:04.0312 3380 HDAudBus - ok 09:12:04.0484 3380 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 09:12:04.0718 3380 HidUsb - ok 09:12:04.0859 3380 hpn - ok 09:12:05.0031 3380 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 09:12:05.0250 3380 HPZid412 - ok 09:12:05.0390 3380 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 09:12:05.0484 3380 HPZipr12 - ok 09:12:05.0671 3380 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 09:12:05.0953 3380 HPZius12 - ok 09:12:06.0109 3380 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 09:12:06.0421 3380 HTTP - ok 09:12:06.0562 3380 i2omgmt - ok 09:12:06.0703 3380 i2omp - ok 09:12:06.0890 3380 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:12:07.0109 3380 i8042prt - ok 09:12:07.0296 3380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 09:12:07.0468 3380 Imapi - ok 09:12:07.0609 3380 ini910u - ok 09:12:08.0640 3380 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys 09:12:09.0812 3380 IntcAzAudAddService - ok 09:12:09.0937 3380 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 09:12:10.0171 3380 IntelIde - ok 09:12:10.0453 3380 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:12:10.0687 3380 intelppm - ok 09:12:10.0953 3380 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 09:12:11.0125 3380 Ip6Fw - ok 09:12:11.0359 3380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:12:11.0562 3380 IpFilterDriver - ok 09:12:11.0687 3380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:12:11.0890 3380 IpInIp - ok 09:12:12.0234 3380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:12:12.0625 3380 IpNat - ok 09:12:12.0812 3380 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:12:13.0093 3380 IPSec - ok 09:12:13.0359 3380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 09:12:13.0640 3380 IRENUM - ok 09:12:13.0906 3380 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:12:14.0250 3380 isapnp - ok 09:12:14.0515 3380 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:12:14.0921 3380 Kbdclass - ok 09:12:15.0140 3380 KEN - ok 09:12:15.0343 3380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 09:12:15.0515 3380 kmixer - ok 09:12:15.0703 3380 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 09:12:16.0015 3380 KSecDD - ok 09:12:16.0218 3380 lbrtfdc - ok 09:12:16.0500 3380 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 09:12:16.0515 3380 MBAMProtector - ok 09:12:16.0765 3380 MBAMSwissArmy - ok 09:12:17.0031 3380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 09:12:17.0250 3380 mnmdd - ok 09:12:17.0328 3380 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 09:12:17.0562 3380 Modem - ok 09:12:17.0781 3380 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:12:18.0015 3380 Mouclass - ok 09:12:18.0171 3380 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:12:18.0406 3380 mouhid - ok 09:12:18.0515 3380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 09:12:18.0796 3380 MountMgr - ok 09:12:18.0984 3380 mraid35x - ok 09:12:19.0140 3380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:12:19.0406 3380 MRxDAV - ok 09:12:19.0640 3380 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:12:20.0390 3380 MRxSmb - ok 09:12:20.0593 3380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 09:12:21.0015 3380 Msfs - ok 09:12:21.0015 3380 MSICPL - ok 09:12:21.0140 3380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:12:21.0343 3380 MSKSSRV - ok 09:12:21.0578 3380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:12:21.0812 3380 MSPCLOCK - ok 09:12:21.0984 3380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 09:12:22.0203 3380 MSPQM - ok 09:12:22.0421 3380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:12:22.0656 3380 mssmbios - ok 09:12:22.0953 3380 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 09:12:23.0187 3380 Mup - ok 09:12:23.0437 3380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 09:12:23.0703 3380 NDIS - ok 09:12:23.0953 3380 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:12:24.0140 3380 NdisTapi - ok 09:12:24.0359 3380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:12:25.0500 3380 Ndisuio - ok 09:12:25.0593 3380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:12:25.0750 3380 NdisWan - ok 09:12:25.0843 3380 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 09:12:25.0984 3380 NDProxy - ok 09:12:26.0062 3380 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 09:12:26.0203 3380 NetBIOS - ok 09:12:26.0281 3380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 09:12:26.0437 3380 NetBT - ok 09:12:26.0500 3380 NETFRITZ - ok 09:12:26.0546 3380 NETFWDSL - ok 09:12:26.0609 3380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 09:12:26.0750 3380 Npfs - ok 09:12:26.0765 3380 NTACCESS - ok 09:12:26.0921 3380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 09:12:27.0109 3380 Ntfs - ok 09:12:27.0187 3380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 09:12:27.0359 3380 Null - ok 09:12:27.0718 3380 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 09:12:28.0640 3380 nv - ok 09:12:28.0734 3380 NVHDA (93187e98df4b8fe95d1c058601764c75) C:\WINDOWS\system32\drivers\nvhda32.sys 09:12:28.0750 3380 NVHDA - ok 09:12:28.0921 3380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:12:29.0093 3380 NwlnkFlt - ok 09:12:29.0171 3380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:12:29.0343 3380 NwlnkFwd - ok 09:12:29.0437 3380 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 09:12:29.0578 3380 Parport - ok 09:12:29.0671 3380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 09:12:29.0812 3380 PartMgr - ok 09:12:29.0890 3380 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 09:12:30.0046 3380 ParVdm - ok 09:12:30.0109 3380 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 09:12:30.0265 3380 PCI - ok 09:12:30.0312 3380 PCIDump - ok 09:12:30.0390 3380 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 09:12:30.0531 3380 PCIIde - ok 09:12:30.0609 3380 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 09:12:30.0765 3380 Pcmcia - ok 09:12:30.0875 3380 PDCOMP - ok 09:12:30.0890 3380 PDFRAME - ok 09:12:30.0906 3380 PDRELI - ok 09:12:30.0921 3380 PDRFRAME - ok 09:12:30.0937 3380 perc2 - ok 09:12:31.0015 3380 perc2hib - ok 09:12:31.0125 3380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:12:31.0265 3380 PptpMiniport - ok 09:12:31.0359 3380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:12:31.0546 3380 Ptilink - ok 09:12:31.0609 3380 ql1080 - ok 09:12:31.0671 3380 Ql10wnt - ok 09:12:31.0750 3380 ql12160 - ok 09:12:32.0000 3380 ql1240 - ok 09:12:32.0062 3380 ql1280 - ok 09:12:32.0125 3380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:12:32.0281 3380 RasAcd - ok 09:12:32.0359 3380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:12:32.0515 3380 Rasl2tp - ok 09:12:32.0609 3380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:12:32.0750 3380 RasPppoe - ok 09:12:32.0875 3380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 09:12:33.0031 3380 Raspti - ok 09:12:33.0125 3380 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:12:33.0296 3380 Rdbss - ok 09:12:33.0359 3380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:12:33.0515 3380 RDPCDD - ok 09:12:33.0625 3380 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:12:33.0781 3380 rdpdr - ok 09:12:33.0875 3380 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 09:12:34.0015 3380 RDPWD - ok 09:12:34.0093 3380 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 09:12:34.0250 3380 redbook - ok 09:12:34.0328 3380 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 09:12:34.0390 3380 RTLE8023xp - ok 09:12:34.0484 3380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:12:34.0640 3380 Secdrv - ok 09:12:34.0718 3380 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 09:12:34.0875 3380 serenum - ok 09:12:34.0953 3380 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 09:12:35.0109 3380 Serial - ok 09:12:35.0125 3380 SetupNTGLM7X - ok 09:12:35.0218 3380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 09:12:35.0375 3380 Sfloppy - ok 09:12:35.0437 3380 Simbad - ok 09:12:35.0453 3380 Sparrow - ok 09:12:35.0500 3380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 09:12:35.0640 3380 splitter - ok 09:12:35.0734 3380 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 09:12:35.0906 3380 sr - ok 09:12:35.0984 3380 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 09:12:36.0171 3380 Srv - ok 09:12:36.0250 3380 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 09:12:36.0265 3380 ssmdrv - ok 09:12:36.0343 3380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 09:12:36.0500 3380 swenum - ok 09:12:36.0578 3380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 09:12:36.0718 3380 swmidi - ok 09:12:36.0812 3380 symc810 - ok 09:12:36.0859 3380 symc8xx - ok 09:12:36.0875 3380 sym_hi - ok 09:12:36.0890 3380 sym_u3 - ok 09:12:36.0937 3380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 09:12:37.0078 3380 sysaudio - ok 09:12:37.0171 3380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:12:37.0234 3380 Tcpip - ok 09:12:37.0312 3380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 09:12:37.0468 3380 TDPIPE - ok 09:12:37.0546 3380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 09:12:37.0703 3380 TDTCP - ok 09:12:37.0921 3380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 09:12:38.0062 3380 TermDD - ok 09:12:38.0125 3380 TosIde - ok 09:12:38.0156 3380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 09:12:38.0312 3380 Udfs - ok 09:12:38.0359 3380 ultra - ok 09:12:38.0453 3380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 09:12:38.0640 3380 Update - ok 09:12:38.0734 3380 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:12:38.0875 3380 usbccgp - ok 09:12:38.0953 3380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:12:39.0109 3380 usbehci - ok 09:12:39.0187 3380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:12:39.0328 3380 usbhub - ok 09:12:39.0406 3380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 09:12:39.0546 3380 usbprint - ok 09:12:39.0625 3380 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 09:12:39.0781 3380 usbscan - ok 09:12:39.0843 3380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:12:40.0000 3380 USBSTOR - ok 09:12:40.0062 3380 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:12:40.0218 3380 usbuhci - ok 09:12:40.0296 3380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 09:12:40.0437 3380 VgaSave - ok 09:12:40.0500 3380 ViaIde - ok 09:12:40.0531 3380 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 09:12:40.0718 3380 VolSnap - ok 09:12:40.0875 3380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:12:41.0031 3380 Wanarp - ok 09:12:41.0109 3380 wceusbsh (2e8ba025d65dd49d15ea66973e2a15df) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 09:12:41.0250 3380 wceusbsh - ok 09:12:41.0312 3380 WDICA - ok 09:12:41.0343 3380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 09:12:41.0515 3380 wdmaud - ok 09:12:41.0625 3380 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 09:12:41.0781 3380 WS2IFSL - ok 09:12:41.0859 3380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:12:41.0921 3380 WudfPf - ok 09:12:42.0000 3380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:12:42.0031 3380 WudfRd - ok 09:12:42.0125 3380 yukonwxp (265b882e0501ac6d06f083b04af488a8) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys 09:12:42.0171 3380 yukonwxp - ok 09:12:42.0203 3380 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 09:12:42.0390 3380 \Device\Harddisk0\DR0 - ok 09:12:42.0406 3380 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3 09:12:45.0453 3380 \Device\Harddisk1\DR3 - ok 09:12:45.0453 3380 Boot (0x1200) (08a5ad32732fa13adeebb6727ccb2836) \Device\Harddisk0\DR0\Partition0 09:12:45.0468 3380 \Device\Harddisk0\DR0\Partition0 - ok 09:12:45.0484 3380 Boot (0x1200) (ad4844f3b33b6b8da0802ceaf169c53d) \Device\Harddisk0\DR0\Partition1 09:12:45.0484 3380 \Device\Harddisk0\DR0\Partition1 - ok 09:12:45.0484 3380 Boot (0x1200) (d423f3f6b3d336a95f15b24e039ec2db) \Device\Harddisk1\DR3\Partition0 09:12:45.0484 3380 \Device\Harddisk1\DR3\Partition0 - ok 09:12:45.0500 3380 ============================================================ 09:12:45.0500 3380 Scan finished 09:12:45.0500 3380 ============================================================ 09:12:45.0609 3248 Detected object count: 3 09:12:45.0609 3248 Actual detected object count: 3 09:13:15.0937 3248 HKLM\SYSTEM\ControlSet001\services\Aspi32 - will be deleted on reboot 09:13:15.0937 3248 HKLM\SYSTEM\ControlSet003\services\Aspi32 - will be deleted on reboot 09:13:15.0953 3248 C:\WINDOWS\system32\drivers\Aspi32.sys - will be deleted on reboot 09:13:15.0953 3248 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:13:15.0953 3248 HKLM\SYSTEM\ControlSet001\services\GDTdiInterceptor - will be deleted on reboot 09:13:15.0953 3248 HKLM\SYSTEM\ControlSet003\services\GDTdiInterceptor - will be deleted on reboot 09:13:15.0953 3248 C:\WINDOWS\system32\drivers\GDTdiIcpt.sys - will be deleted on reboot 09:13:15.0953 3248 GDTdiInterceptor ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:13:15.0953 3248 HKLM\SYSTEM\ControlSet001\services\GhPciScan - will be deleted on reboot 09:13:15.0968 3248 HKLM\SYSTEM\ControlSet003\services\GhPciScan - will be deleted on reboot 09:13:15.0968 3248 C:\Programme\Symantec\Norton Ghost 2003\ghpciscan.sys - will be deleted on reboot 09:13:15.0968 3248 GhPciScan ( UnsignedFile.Multi.Generic ) - User select action: Delete |
Du solltest doch nur selektiv die beiden Einträge und nicht alle löschen!! :balla: |
und was nun ? Pc läuft ja einwandfrei immer noch will eig nur die restlichen schritte machen master boot dann halt fixen,nachdem die letzten scans fertig sind |
Ausserdem habe ich auch nur die Sachen angeklickt die du mir geschrieben hast war nicht mehr zu löschen als die 3 Sachen keine Ahnung warum der mehr gelöscht hat . Wurde nicht mehr angezeigt |
Nur diese solltest du mit dem TDSS-Killer entfernen!! Zitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
Combofix Logfile: Code: ComboFix 11-10-20.04 - Limberg 20.10.2011 16:29:52.1.1 - x86 |
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). |
OSAM Logfile: Code: Report of OSAM: Autorun Manager v5.0.11926.0If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru ___________________ aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-10-22 08:52:32 ----------------------------- 08:52:32.906 OS Version: Windows 5.1.2600 Service Pack 3 08:52:32.906 Number of processors: 1 586 0x401 08:52:32.906 ComputerName: BUERO3 UserName: 08:52:33.343 Initialize success 08:55:59.531 AVAST engine defs: 11102101 08:59:37.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 08:59:37.750 Disk 0 Vendor: ExcelStor_Technology_J880 PF2OA21B Size: 78532MB BusType: 3 08:59:39.765 Disk 0 MBR read successfully 08:59:39.765 Disk 0 MBR scan 08:59:39.796 Disk 0 Windows XP default MBR code 08:59:39.812 Disk 0 scanning sectors +160826715 08:59:39.875 Disk 0 scanning C:\WINDOWS\system32\drivers 08:59:50.078 Service scanning 08:59:50.359 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21 08:59:50.390 Service MSICPL E:\install4\MSICPL.sys **LOCKED** 21 08:59:50.406 Service NTACCESS E:\NTACCESS.sys **LOCKED** 21 08:59:50.453 Service SetupNTGLM7X E:\NTGLM7X.sys **LOCKED** 21 08:59:51.015 Modules scanning 09:00:18.531 Disk 0 trace - called modules: 09:00:18.531 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 09:00:18.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f2cab8] 09:00:18.531 3 CLASSPNP.SYS[f76affd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86fd8b00] 09:00:18.796 AVAST engine scan C:\WINDOWS 09:00:24.640 AVAST engine scan C:\WINDOWS\system32 09:02:12.312 AVAST engine scan C:\WINDOWS\system32\drivers 09:02:25.406 AVAST engine scan C:\Dokumente und Einstellungen\Limberg 09:03:16.953 AVAST engine scan C:\Dokumente und Einstellungen\All Users 09:03:40.187 Scan finished successfully 09:05:15.671 Disk 0 MBR has been saved successfully to "G:\polizei letzte schritte\MBR.dat" 09:05:15.687 The log file has been saved successfully to "G:\polizei letzte schritte\aswMBR.txt" |
GMER ging nicht? |
nein ließ sich nicht starten ansonsten läuft windows einwandfrei momentan |
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 05:34 Uhr. |
Copyright ©2000-2025, Trojaner-Board
