Merkwürdiges Verhalten des Rechners durch MSN Trojaner (?)

#0
08.07.2008, 15:19
...neu hier

Beiträge: 10
#1 Hallo, bevor ich mein Logfile poste erstmal die ganze Geschichte wie die Probleme anfingen...

Eines Tages bekam ich eine MSN Nachricht von einer Freundin aus meiner Liste, mit einen Link, der ungefähr so aussah h*tp://xxx.imagepixer.info
Anstatt des xxx stand da ihre MSN Domain. Ich Idiot, ja beschimpft mich ruhig als solchen denn ich habs nicht anders verdient, geh darauf und seh eine Seite wo man seine MSN Daten eingeben soll, ich hab mir nichts böses bei gedacht und hab es getan. So, nun hab ich die ******* am Hals und werd die Probleme nicht wieder los. Zu diesem Zeitpunkt hatte ich McAfee als AV-Programm doch das meckerte auch nicht und naja, plötzlich bekamen meine Kontakte aus meiner Liste von mir irgendwelche Nachrichten die ich nie gesendet hab mit ähnlichen Links. Zudem meldete sich mein MSN oft ab und es stand aufeinmal da "Sie haben sich auf einen anderen Computer angemeldet" Das hatte ich sehr oft. Einmal sagte mir ein Kumpel dass ein User mit dem Namen "Hallo Ich" unter meiner Addy bei MSN angemeldet hat. Ich hab Panik bekommen.

So ich dachte mir, gut, gehst mal formatieren, gesagt getan, Festplatten alle(!) formatiert und neu partioniert und Vista installiert (Hatte vorher XP Home SP III) Es gab keine Probleme, hab als erstes Kaspersky installiert, man überläßt ja nix mehr dem Zufall. Irgendwann Windows Live drauf und die ******* ging wieder los. Kaum war ich mit dem frischen neuen Vista im MSN und die ersten Nachrichten die ich bekam waren von Leuten, die mir gesagt haben dass die Links nicht funktionieren die ich geschickt hab und ich meinte nur welche Links? Dann wurde mir alles klar, das ganze formatieren war umsonst, Kaspersky durchlaufen lassen, nix gefunden. Heute hat mich der Schlag aber komplett getroffen als meine Maus aufeinmal ein Eigenleben entwickelt hat, es war als wäre mein Rechner fremdgesteuert.
Ich hatte Panik und keiner wollte mir glauben. Dann ging auch der Internet Explorer nicht mehr und Ich hab dann Windows Live runtergehauen und da war Ruhe ...

Soweit erstmal, könnt ihr mir helfen wie ich das Ding, was auch es immer sein mag, wieder los werde? Also mein Logfile sieht so aus (siehe unten)


Folgende Anmerkungen (Fragen) noch ...

1.) Beim booten habe ich seit neulich ein Bildschirm welches ich vorher nie gesehen hab, leider kann ich nicht sagen was dort steht da zu schnell weg, aber es kommt mir spanisch vor. Kann ich den Bildschirm irgendwie anhalten, sodass ich den Mist lesen kann?

2.) Als ich mein Logfile untersuchen hab lassen, stand bei avp.exe (siehe unten) folgendes. Unbekanntes Programm und tatsächlich hab ich im Taskmanager dieses avp.exe gleich 2 mal. Einmal ca. 5 mb speicher und einmal mca. 30 mb speicher oder mehr, und die kann ich auch nicht beenden. Siehe hier: http://www.bilder-hochladen.net/files/7c6f-2.jpg

3.) Manchmal meldet Windows Sicherheitscenter, dass Kaspersky ausgeschaltet ist obwohls eingeschaltet ist, das ist auch nicht normal. Siehe hier: http://www.bilder-hochladen.net/files/big/7c6f-1.jpg

Das Logfile:

Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
D:\Programme\eMule\emule.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Programme\Kaspersky Internet Security 2009\avp.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe
D:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVP] "D:\Programme\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ICQ] "D:\Programme\ICQ\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Programme\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programme\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~2\mzvkbd.dll,D:\PROGRA~1\KASPER~2\adialhk.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Programme\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6264 bytes
Seitenanfang Seitenende
08.07.2008, 16:23
Passwort: gast
Avatar Gastaccount

Beiträge: 0
#2 Du solltest so langsam mal hingehen und dein MSN Passwort wechseln, wenn das ueberhaupt noch geht. Bete das es funktioniert, sonst kannst du dein derzeitiges MSN Konto abschreiben! Auf dem Rechner dürfte sich keine Malware befinden! Wie kann man nur seine persönlichen Daten und Passworte(!!) freiwillig auf irgendwelche Seiten eingeben.......
Seitenanfang Seitenende
08.07.2008, 17:34
...neu hier

Themenstarter

Beiträge: 10
#3 Ich weiß selber dass es Mist war, das Passwort ist gewechselt doch leider hatte ich gerade vor 5 Minuten wieder dieses Mauszeigerproblem.
Seitenanfang Seitenende
08.07.2008, 18:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo, nitro77

wende mal den blacklight an + poste nach dem 1.Suchdurchgang das log, was auf dem Desktop erscheint (abkopieren)
http://virus-protect.org/artikel/tools/blacklight.html



---------------------------------------------------------------------

mal sehen, ob combofix auf deinem System funktioniert, versuche es mal + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 18:41
...neu hier

Themenstarter

Beiträge: 10
#5 Erstmal danke dir, das log sieht so aus ...

07/08/08 18:34:27 [Info]: BlackLight Engine 1.0.70 initialized
07/08/08 18:34:27 [Info]: OS: 6.0 build 6001 (Service Pack 1)
07/08/08 18:34:27 [Note]: 7019 4
07/08/08 18:34:27 [Note]: 7005 0
07/08/08 18:35:11 [Note]: 7006 0
07/08/08 18:35:11 [Note]: 7027 0
07/08/08 18:35:11 [Note]: 7035 0
07/08/08 18:35:11 [Note]: 7026 0
07/08/08 18:35:11 [Note]: 7026 0
07/08/08 18:35:13 [Note]: FSRAW library version 1.7.1024
07/08/08 18:35:25 [Note]: 4015 2073
07/08/08 18:35:25 [Note]: 4027 2073 65536
07/08/08 18:35:25 [Note]: 4020 722 65536
07/08/08 18:35:25 [Note]: 4018 722 65536
07/08/08 18:35:26 [Note]: 4015 2154
07/08/08 18:35:26 [Note]: 4027 2154 65536
07/08/08 18:35:26 [Note]: 4020 2073 65536
07/08/08 18:35:26 [Note]: 4018 2073 65536
07/08/08 18:35:34 [Note]: 4015 3047
07/08/08 18:35:34 [Note]: 4027 3047 65536
07/08/08 18:35:34 [Note]: 4020 722 65536
07/08/08 18:35:34 [Note]: 4018 722 65536
07/08/08 18:35:38 [Note]: 4015 3285
07/08/08 18:35:38 [Note]: 4027 3285 65536
07/08/08 18:35:38 [Note]: 4020 3047 65536
07/08/08 18:35:38 [Note]: 4018 3047 65536
07/08/08 18:35:51 [Note]: 4015 6323
07/08/08 18:35:51 [Note]: 4027 6323 196608
07/08/08 18:35:51 [Note]: 4020 40 327680
07/08/08 18:35:51 [Note]: 4018 40 327680
07/08/08 18:35:51 [Note]: 4015 5127
07/08/08 18:35:51 [Note]: 4027 5127 196608
07/08/08 18:35:51 [Note]: 4020 40 327680
07/08/08 18:35:51 [Note]: 4018 40 327680



Combofix funktioniert leider nicht
Seitenanfang Seitenende
08.07.2008, 19:22
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 wende avz an + poste den report
http://virus-protect.org/artikel/tools/avz.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 19:38
...neu hier

Themenstarter

Beiträge: 10
#7 Danke, habs gemacht und das Log sieht so aus ...

AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 08.07.2008 19:29:28
Database loaded: signatures - 175269, NN profile(s) - 2, microprograms of healing - 56, signature database released 07.07.2008 22:56
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 71502
Heuristic analyzer mode: Medium heuristics level
Healing mode: enabled
Windows version: 6.0.6001, Service Pack 1 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Function user32.dll;)efDlgProcA (143) intercepted, method ProcAddressHijack.GetProcAddress ->75E974E8->77593DB0
Function user32.dll;)efDlgProcW (144) intercepted, method ProcAddressHijack.GetProcAddress ->75E97503->77593DBB
Function user32.dll;)efWindowProcA (150) intercepted, method ProcAddressHijack.GetProcAddress ->75E9751E->77593D42
Function user32.dll;)efWindowProcW (151) intercepted, method ProcAddressHijack.GetProcAddress ->75E97539->77593D4D
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error - file not found (C:\SystemRoot\system32\ntoskrnl.exe)
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Error loading driver - checking interrupted [C0000061]
2. Scanning memory
Number of processes found: 9
Number of modules loaded: 219
Scanning memory - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 58683, extracted from archives: 40544, malicious software found 0, suspicions - 0
Scanning finished at 08.07.2008 19:34:44
Time of scanning: 00:05:16
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference





Ich weiiß nicht, langsam hab ich das Gefühl gehackt worden zu sein.
Seitenanfang Seitenende
08.07.2008, 19:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 ja, das kann man sehen...

wende sdfix an
http://virus-protect.org/artikel/tools/sdfix.html

unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 20:12
...neu hier

Themenstarter

Beiträge: 10
#9 Wenn ich im abgesicherten Modus auf die RunThis.bat klicke, öffnet sich zwar kurz das Fenster aber es geht auch gleich wieder zu. Aber Danke dir trotzdem ganz doll für deine Ratschläge.

Edit: Wenn ich es im normalen Modus starten will sagt mir dass es mit Visa x64 nicht kompatipel. Ich hasse Vista echt.

Ich würde ja auch die Platte platt machen, nur weiß ich nicht ob es was bringt, beim letzten mal hats auch nicht geklappt.
Dieser Beitrag wurde am 08.07.2008 um 20:24 Uhr von nitro77 editiert.
Seitenanfang Seitenende
08.07.2008, 20:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 ««
lade gmer.zip
http://virus-protect.org/artikel/tools/gmer.html
lasse alles scannen + poste den report

«
lade TCPView for Windows - poste den report
http://virus-protect.org/artikel/tools/tcpview.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2008, 21:13
...neu hier

Themenstarter

Beiträge: 10
#11 gmer: GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-08 21:04:08
Windows 6.0.6001 Service Pack 1


---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet003\Control@WaitToKillServiceTimeout 20000
Reg HKLM\SYSTEM\ControlSet003\Control@CurrentUser USERNAME
Reg HKLM\SYSTEM\ControlSet003\Control@PreshutdownOrder wuauserv?gpsvc?trustedinstaller?
Reg HKLM\SYSTEM\ControlSet003\Control@SystemStartOptions /NOEXECUTE=OPTIN
Reg HKLM\SYSTEM\ControlSet003\Control@SystemBootDevice multi(0)disk(0)rdisk(0)partition(1)
Reg HKLM\SYSTEM\ControlSet003\Control@FirmwareBootDevice multi(0)disk(0)rdisk(0)partition(1)

---- EOF - GMER 1.0.14 ----



TCPView:

[System Process]:0 TCP markus-pc:4662 90.53.77.228:1237 TIME_WAIT
[System Process]:0 TCP markus-pc:49996 193.138.220.147:http TIME_WAIT
[System Process]:0 TCP markus-pc:49999 dnl-eu3.kaspersky-labs.com:http TIME_WAIT
[System Process]:0 TCP markus-pc:49993 pd9e64416.dip.t-dialin.net:21287 TIME_WAIT
[System Process]:0 TCP markus-pc:49998 78.52.163.181:29983 TIME_WAIT
[System Process]:0 TCP markus-pc:50000 p5488c174.dip.t-dialin.net:28901 TIME_WAIT
[System Process]:0 TCP markus-pc:49995 hnvr-4d07834d.pool.mediaways.net:4662 TIME_WAIT
[System Process]:0 TCP markus-pc:50005 19-147.79-83.cust.bluewin.ch:4662 TIME_WAIT
[System Process]:0 TCP markus-pc:50006 e176074063.adsl.alicedsl.de:12651 TIME_WAIT
[System Process]:0 TCP markus-pc:50007 p54a5fa86.dip.t-dialin.net:41713 TIME_WAIT
avp.exe:2632 TCP Markus-PC:nfsd-status Markus-PC:0 LISTENING
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49928 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49940 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49943 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49949 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49955 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49982 FIN_WAIT2
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49956 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49967 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49952 ESTABLISHED
avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49944 ESTABLISHED
avp.exe:2632 TCP Markus-PC:19780 Markus-PC:0 LISTENING
avp.exe:2632 TCP markus-pc:49930 194.97.131.196:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49942 65.55.11.240:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49947 62.41.3.123:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49948 62.41.3.123:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49951 62.41.3.130:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49954 65.55.11.240:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49959 62.41.3.123:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49960 62.41.3.123:http ESTABLISHED
avp.exe:2632 TCP markus-pc:49975 wwwtk2test2.microsoft.com:http ESTABLISHED
emule.exe:1384 TCP Markus-PC:4662 Markus-PC:0 LISTENING
emule.exe:1384 TCP markus-pc:4662 i53875e72.versanet.de:1328 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 arouen-252-1-48-131.w90-23.abo.wanadoo.fr:2709 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 dslb-088-068-100-185.pools.arcor-ip.net:13823 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 p5b17eb69.dip.t-dialin.net:33518 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 e178126247.adsl.alicedsl.de:34333 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 d86-32-78-120.cust.tele2.at:49641 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 92.117.159.233:52819 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 cpe-121-222-8-88.qld.bigpond.net.au:60966 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 i577a4290.versanet.de:62686 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 qdc52.q.pppool.de:62166 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 p4fc17041.dip.t-dialin.net:2524 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 p5b171152.dip0.t-ipconnect.de:63306 ESTABLISHED
emule.exe:1384 TCP markus-pc:49224 193.42.213.30:9510 ESTABLISHED
emule.exe:1384 TCP markus-pc:49274 i577b4a68.versanet.de:13220 ESTABLISHED
emule.exe:1384 TCP markus-pc:49275 e182024196.adsl.alicedsl.de:33477 ESTABLISHED
emule.exe:1384 TCP markus-pc:49297 baf1d4d.baf.pppool.de:18386 ESTABLISHED
emule.exe:1384 TCP markus-pc:49518 g228003198.adsl.alicedsl.de:19201 ESTABLISHED
emule.exe:1384 TCP markus-pc:49658 p54bec171.dip.t-dialin.net:60483 ESTABLISHED
emule.exe:1384 TCP markus-pc:49696 pd95eddbb.dip.t-dialin.net:13662 ESTABLISHED
emule.exe:1384 TCP markus-pc:49712 80-121-99-67.adsl.highway.telekom.at:36011 ESTABLISHED
emule.exe:1384 TCP markus-pc:49723 p4fd32c72.dip0.t-ipconnect.de:4662 ESTABLISHED
emule.exe:1384 UDP Markus-PC:4672 *:*
emule.exe:1384 UDP Markus-PC:55735 *:*
emule.exe:1384 TCP markus-pc:4662 qdc52.q.pppool.de:62166 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 p5b171152.dip0.t-ipconnect.de:63306 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 i577a4290.versanet.de:62686 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 p5b171152.dip0.t-ipconnect.de:63306 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 i577a4290.versanet.de:62686 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 79-114-82-13.rdsnet.ro:3006 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:50009 218-168-162-58.dynamic.hinet.net:34923 SYN_SENT
emule.exe:1384 TCP markus-pc:50010 lns-bzn-37-82-253-0-230.adsl.proxad.net:54543 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 92.117.159.233:52819 ESTABLISHED
emule.exe:1384 TCP markus-pc:4662 arouen-252-1-48-131.w90-23.abo.wanadoo.fr:2709 ESTABLISHED
ICQ.exe:2264 UDP Markus-PC:56131 *:*
iexplore.exe:224 UDP Markus-PC:50095 *:*
iexplore.exe:3288 TCP Markus-PC:49928 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49940 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49943 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49944 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49949 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49952 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49955 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49956 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49967 localhost:nfsd-status ESTABLISHED
iexplore.exe:3288 TCP Markus-PC:49982 localhost:nfsd-status CLOSE_WAIT
iexplore.exe:3288 UDP Markus-PC:56432 *:*
lsass.exe:640 TCP Markus-PC:49155 Markus-PC:0 LISTENING
msnmsgr.exe:2352 TCP markus-pc:49159 by1msg2093119.gateway.edge.messenger.live.com:msnp ESTABLISHED
msnmsgr.exe:2352 UDP markus-pc:discard *:*
msnmsgr.exe:2352 UDP Markus-PC:50093 *:*
msnmsgr.exe:2352 UDP Markus-PC:65379 *:*
msnmsgr.exe:2352 UDP Markus-PC:65449 *:*
services.exe:628 TCP Markus-PC:49171 Markus-PC:0 LISTENING
svchost.exe:1004 TCP Markus-PC:49153 Markus-PC:0 LISTENING
svchost.exe:1004 UDP Markus-PC:bootpc *:*
svchost.exe:1080 UDP Markus-PC:ntp *:*
svchost.exe:1080 UDP Markus-PC:ssdp *:*
svchost.exe:1080 UDP markus-pc:ssdp *:*
svchost.exe:1080 UDP Markus-PC:3702 *:*
svchost.exe:1080 UDP Markus-PC:3702 *:*
svchost.exe:1080 UDP Markus-PC:49152 *:*
svchost.exe:1080 UDP markus-pc:57647 *:*
svchost.exe:1080 UDP Markus-PC:57648 *:*
svchost.exe:1080 UDPV6 markus-pc:123 *:*
svchost.exe:1080 UDPV6 [0:0:0:0:0:0:0:1]:1900 *:*
svchost.exe:1080 UDPV6 [fe80:0:0:0:0:100:7f:fffe]:1900 *:*
svchost.exe:1080 UDPV6 [fe80:0:0:0:d5aa:2754:bca8:957c]:1900 *:*
svchost.exe:1080 UDPV6 [fe80:0:0:0:d865:86e0:a499:96f3]:1900 *:*
svchost.exe:1080 UDPV6 markus-pc:3702 *:*
svchost.exe:1080 UDPV6 markus-pc:3702 *:*
svchost.exe:1080 UDPV6 markus-pc:49153 *:*
svchost.exe:1080 UDPV6 [fe80:0:0:0:d865:86e0:a499:96f3]:57643 *:*
svchost.exe:1080 UDPV6 [fe80:0:0:0:d5aa:2754:bca8:957c]:57644 *:*
svchost.exe:1080 UDPV6 [0:0:0:0:0:0:0:1]:57645 *:*
svchost.exe:1080 UDPV6 [fe80:0:0:0:0:100:7f:fffe]:57646 *:*
svchost.exe:2756 TCP Markus-PC:49156 Markus-PC:0 LISTENING
svchost.exe:296 TCP Markus-PC:49154 Markus-PC:0 LISTENING
svchost.exe:296 UDP Markus-PC:isakmp *:*
svchost.exe:296 UDP Markus-PC:ipsec-msft *:*
svchost.exe:296 UDPV6 markus-pc:500 *:*
svchost.exe:912 TCP Markus-PC:epmap Markus-PC:0 LISTENING
System:4 TCP markus-pc:netbios-ssn Markus-PC:0 LISTENING
System:4 TCP Markus-PC:microsoft-ds Markus-PC:0 LISTENING
System:4 TCP Markus-PC:5357 Markus-PC:0 LISTENING
System:4 UDP markus-pc:netbios-ns *:*
System:4 UDP markus-pc:netbios-dgm *:*
wininit.exe:572 TCP Markus-PC:49152 Markus-PC:0 LISTENING
Seitenanfang Seitenende
08.07.2008, 21:34
Moderator

Beiträge: 7805
#12 Bitte daran denken, das ist ein 64 Bit System!
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
09.07.2008, 11:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 1.
ändere noch mal dein Passwort vom messi

2.
kannst du auf dem System comboscan anwenden ?
falls es klappt, poste die 2 Logs, die erstellt werden
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.07.2008, 11:39
...neu hier

Themenstarter

Beiträge: 10
#14 1.

Done ;) Hab das PW gestern geändert aber kurz danach kam dieses Mauszeigerproblem wieder aber seitdem ist Ruhe. Nur die Frage wie lange?

2.

Die Logfiles, hui das is ne Menge was da drin steht ...

Deckard's System Scanner v20071014.68
Run by Markus on 2008-07-09 11:29:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
15: 2008-07-09 01:00:13 UTC - RP109 - Windows Update
14: 2008-07-07 22:30:02 UTC - RP108 - Installed Windows Live
13: 2008-07-07 22:29:49 UTC - RP107 - Windows Live installer wird installiert
12: 2008-07-07 22:26:21 UTC - RP106 - Windows Live Messenger wird installiert
11: 2008-07-07 21:14:09 UTC - RP105 - Microsoft Office Word Viewer 2003 wird entfernt


-- First Restore Point --
1: 2008-07-06 21:03:20 UTC - RP95 - Installierte(s) Kaspersky Internet Security 2009.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Markus.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:42, on 09.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
D:\Programme\ICQ\ICQ6\ICQ.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\Kaspersky Internet Security 2009\avp.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
D:\Programme\eMule\emule.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Markus\Desktop\dss.exe
C:\Windows\SysWOW64\conime.exe
D:\PROGRA~1\HIJACK~1\Markus.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVP] "D:\Programme\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ICQ] "D:\Programme\ICQ\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Programme\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programme\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Programme\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7127 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI-Treiber) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE-Kanal) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Laufwerktreiber) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 KLBG (Kaspersky Lab Boot Guard Driver) - c:\windows\system32\drivers\klbg.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
R0 msisadrv (ISA/EISA-Klassentreiber) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI-Bus-Treiber) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 Tcpip (TCP/IP-Protokolltreiber) - c:\windows\system32\drivers\tcpip.sys (file missing)
R0 volmgr (Treiber für Volume-Manager) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Speichervolumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 cdrom (CD-ROM-Laufwerktreiber) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 kbdclass (Tastaturklassentreiber) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Tastatur-HID-Treiber) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
R1 KLIF (Kaspersky Lab Driver) - c:\windows\system32\drivers\klif.sys (file missing)
R1 KLIM6 (Kaspersky Anti-Virus NDIS 6 Filter) - c:\windows\system32\drivers\klim6.sys (file missing)
R1 mouclass (Mausklassentreiber) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS-Paketplaner) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 tdx (NetIO-Legacy-TDI-Supporttreiber) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal-Gerätetreiber) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing)
R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing)
R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing)
R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
R3 fdc (Diskettencontrollertreiber) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 flpydisk (Diskettenlaufwerktreiber) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing)
R3 HidUsb (Microsoft HID Class-Treiber) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 intelppm (Intel-Prozessortreiber) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort-Treiber) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 KLFLTDEV (Kaspersky Lab KLFltDev) - c:\windows\system32\drivers\klfltdev.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 monitor (Microsoft Monitor-Klassenfunktionstreiber-Dienst) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mouhid (Maus-HID-Treiber) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 mpsdrv (Windows-Firewallautorisierungstreiber) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft-Systemverwaltungs-BIOS-Treiber) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing)
R3 NdisTapi (RAS-NDIS-TAPI-Treiber) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 NdisWan (RAS-NDIS-WAN-Treiber) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 NVENETFD (NVIDIA nForce-Netzwerkcontrollertreiber) - c:\windows\system32\drivers\nvm60x64.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
R3 Parport (Treiber für parallelen Anschluss) - c:\windows\system32\drivers\parport.sys (file missing)
R3 PptpMiniport (WAN-Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN-Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remotezugriff-PPPOE-Treiber) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 RasSstp (WAN-Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing)
R3 rdpdr (Treiber für Terminalserver-Geräteumleitung) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 Serenum (Serenum-Filtertreiber) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 Serial (Treiber für seriellen Anschluss) - c:\windows\system32\drivers\serial.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software-Bus-Treiber) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 tunmp (Microsoft Tun-Miniportadaptertreiber) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft-IPv6-Tunnelminiport-Adaptertreiber) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus-Enumerator-Treiber) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Microsoft Standard-USB-Haupttreiber) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2-aktivierter Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Miniporttreiber für Microsoft USB Open Host-Controller) - c:\windows\system32\drivers\usbohci.sys (file missing)
R3 USBSTOR (USB-Massenspeichertreiber) - c:\windows\system32\drivers\usbstor.sys (file missing)
R3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 AsyncMac (Asynchroner RAS -Medientreiber) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing)
S3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing)
S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing)
S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing)
S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing)
S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing)
S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing)
S3 drmkaud (Microsoft Kernel-DRM-Audioentschlüsselung) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 IpFilterDriver (Filtertreiber für IP-Datenverkehr) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Proxy für Streaming Clock) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Proxy für Streaming Quality Manager) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 QWAVEdrv (QWAVE-Treiber) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 s116bus (Sony Ericsson Device 116 driver (WDM)) - c:\windows\system32\drivers\s116bus.sys (file missing)
S3 s116mdfl (Sony Ericsson Device 116 USB WMC Modem Filter) - c:\windows\system32\drivers\s116mdfl.sys (file missing)
S3 s116mdm (Sony Ericsson Device 116 USB WMC Modem Driver) - c:\windows\system32\drivers\s116mdm.sys (file missing)
S3 s116mgmt (Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\s116mgmt.sys (file missing)
S3 s116nd5 (Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)) - c:\windows\system32\drivers\s116nd5.sys (file missing)
S3 s116obex (Sony Ericsson Device 116 USB WMC OBEX Interface) - c:\windows\system32\drivers\s116obex.sys (file missing)
S3 s116unic (Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)) - c:\windows\system32\drivers\s116unic.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 blbdrive - c:\windows\system32\drivers\blbdrive.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 ErrDev (Microsoft Hardware Error Device Driver) - c:\windows\system32\drivers\errdev.sys (file missing)
S4 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 MegaSR - c:\windows\system32\drivers\megasr.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid (NVIDIA nForce RAID Driver ) - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S4 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files (x86)\creative\shared files\ctaudsvc.exe
R2 nvsvc (NVIDIA Display Driver Service) - c:\windows\system32\nvvsvc.exe (file missing)
R2 SamSs (Sicherheitskonto-Manager) - c:\windows\system32\lsass.exe (file missing)
R2 slsvc (Softwarelizenzierung) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Druckwarteschlange) - c:\windows\system32\spoolsv.exe (file missing)
R3 VSS (Volumeschattenkopie) - c:\windows\system32\vssvc.exe (file missing)

S3 ALG (Gatewaydienst auf Anwendungsebene) - c:\windows\system32\alg.exe (file missing)
S3 DFSR (DFS-Replikation) - c:\windows\system32\dfsr.exe (file missing)
S3 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 KeyIso (CNG-Schlüsselisolation) - c:\windows\system32\lsass.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon (Anmeldedienst) - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Geschützter Speicher) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (RPC-Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP-Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 TuneUp.Defrag (TuneUp Drive Defrag-Dienst) - c:\windows\system32\tuneupdefragservice.exe (file missing)
S3 UI0Detect (Erkennung interaktiver Dienste) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtueller Datenträger) - c:\windows\system32\vds.exe (file missing)
S3 wbengine (Blockebenen-Sicherungsmodul) - "c:\windows\system32\wbengine.exe" (file missing)
S3 wmiApSrv (WMI-Leistungsadapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-09 11:00:00 494 --a------ C:\Windows\Tasks\1-Klick-Wartung.job
2008-07-08 22:36:28 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E793172E-F428-4E5A-BAE2-4845232BAD45}.job


-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-08 21:24:12 0 d-------- C:\Program Files (x86)\ImgBurn
2008-07-08 21:20:06 0 d-------- C:\Program Files (x86)\NCH Swift Sound
2008-07-08 19:58:40 0 d-------- C:\Windows\pss
2008-07-08 18:40:05 0 d-------- C:\327882R2FWJFW
2008-07-08 00:26:34 0 d-------- C:\Program Files (x86)\Windows Live
2008-07-07 19:16:22 0 d-------- C:\Program Files (x86)\ICQToolbar
2008-07-06 23:29:21 0 d-------- C:\Program Files (x86)\MSECache
2008-07-06 18:38:45 0 d-------- C:\Windows\PCHEALTH
2008-07-06 18:37:11 0 d--hs--c- C:\Program Files (x86)\Common Files\WindowsLiveInstaller
2008-07-06 16:46:21 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-07-06 13:10:39 0 d--hs---- C:\Windows\Installer
2008-07-06 11:17:02 0 d-------- C:\Windows\Panther
2008-07-06 11:16:48 0 d--hs---- C:\Boot
2008-07-06 11:01:53 0 d-------- C:\Program Files (x86)\Avanquest update
2008-07-06 10:46:16 0 d-------- C:\Windows\system32\Macromed
2008-07-06 10:40:41 0 d-------- C:\Program Files (x86)\Common Files\Creative
2008-07-06 10:40:40 0 d--h----- C:\Program Files (x86)\Creative Installation Information
2008-07-06 10:39:38 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-06 10:39:38 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-07-06 10:39:38 0 d-------- C:\Program Files (x86)\OpenAL
2008-07-06 10:38:32 0 d-------- C:\Windows\system32\Data
2008-07-06 10:38:32 3072 --a------ C:\Windows\system32\CTXFIGER.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-07-06 10:38:31 69120 --a------ C:\Windows\system32\CmdRtr.DLL
2008-07-06 10:38:31 108544 --a------ C:\Windows\system32\APOMngr.DLL
2008-07-06 10:38:29 0 d-------- C:\Program Files (x86)\Creative
2008-07-06 10:38:25 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-07-06 10:33:29 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-07-06 10:33:26 0 d-------- C:\NVIDIA
2008-07-06 10:26:49 171136 -rahs---- C:\grldr
2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Vorlagen
2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Startmenü
2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Netzwerkumgebung
2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Lokale Einstellungen
2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Eigene Dateien
2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Druckumgebung
2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Anwendungsdaten
2008-07-06 10:24:42 0 d--hs---- C:\Programme
2008-07-06 10:24:42 0 d--hs---- C:\Dokumente und Einstellungen
2008-07-06 10:24:20 0 d-------- C:\Windows\Debug
2008-07-06 10:21:02 0 d-------- C:\Windows\SoftwareDistribution
2008-07-06 10:19:20 0 d-------- C:\Windows\CSC
2008-07-06 10:17:57 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-09 03:06:19 0 d-------- C:\Program Files (x86)\Windows Mail
2008-07-08 21:29:02 0 d-------- C:\Users\Markus\AppData\Roaming\ImgBurn
2008-07-07 21:19:22 0 d-------- C:\Users\Markus\AppData\Roaming\MyPhoneExplorer
2008-07-07 20:32:45 0 d-------- C:\Users\Markus\AppData\Roaming\ICQ Toolbar
2008-07-07 19:21:29 0 d-------- C:\Users\Markus\AppData\Roaming\ICQ
2008-07-07 19:16:22 0 d-------- C:\Users\Markus\AppData\Roaming\Mozilla
2008-07-06 18:37:11 0 d-------- C:\Program Files (x86)\Common Files
2008-07-06 16:47:13 0 d-------- C:\Users\Markus\AppData\Roaming\TuneUp Software
2008-07-06 13:10:23 0 d-------- C:\Users\Markus\AppData\Roaming\WinRAR
2008-07-06 10:47:24 0 d-------- C:\Users\Markus\AppData\Roaming\InstallShield
2008-07-06 10:46:16 0 d-------- C:\Users\Markus\AppData\Roaming\Macromedia
2008-07-06 10:46:16 0 d-------- C:\Users\Markus\AppData\Roaming\Adobe
2008-07-06 10:27:07 0 d-------- C:\Users\Markus\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-07-09 11:31:06 ------------




Und die extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X64; Language: German

CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 2045.76 MiB / 992.49 MiB
Pagefile Memory (total/avail): 4330.82 MiB / 2825.98 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3956.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 24.93 GiB free.
D: is Fixed (NTFS) - 416.93 GiB total, 412.89 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ SCSI Disk Device - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 48.83 GiB - C:
\PARTITION1 - Installierbares Dateisystem - 416.93 GiB - D:

\\.\PHYSICALDRIVE1 - Generic 2.0 Reader-CF USB Device

\\.\PHYSICALDRIVE2 - Generic 2.0 Reader-Multi USB Device



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

FW: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab)
AV: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Markus\AppData\Roaming
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=MARKUS-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Markus
LOCALAPPDATA=C:\Users\Markus\AppData\Local
LOGONSERVER=\\MARKUS-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Markus\AppData\Local\Temp
TMP=C:\Users\Markus\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=Markus-PC
USERNAME=Markus
USERPROFILE=C:\Users\Markus
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Markus


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0007
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove
Adobe Flash Player ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Avanquest update --> C:\Program Files (x86)\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0007 -removeonly
CleanUp! --> C:\Program Files (x86)\CleanUp!\uninstall.exe
Creative-Audiokonsole --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove
eMule --> "D:\Programme\eMule\Uninstall.exe"
EVEREST Ultimate Edition v4.20 --> "D:\Programme\EVEREST Ultimate Edition\unins000.exe"
Express Burn --> C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe
HijackThis 2.0.2 --> "D:\Programme\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> "C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn --> "C:\Program Files (x86)\ImgBurn\uninstall.exe"
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
MyPhoneExplorer --> D:\Programme\MyPhoneExplorer\uninstall.exe
O&O DiskRecovery --> MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
OpenAL --> "C:\Program Files (x86)\OpenAL\OALInst.exe" /U
Paragon Drive Backup 8.51 Professional Trial --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D155D300-C235-44FC-981C-F7B34683439C}\Setup.exe" -l0x7
Paragon Partition Manager 9.0 Professional --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x7
PC Inspector File Recovery --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
Sony Ericsson PC Suite 3.209.00 --> C:\Program Files (x86)\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0007 -removeonly
Spybot - Search & Destroy --> "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
WinRAR --> D:\Programme\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1178 / Warning
Event Submitted/Written: 07/09/2008 09:06:06 AM
Event ID/Source: 4356 / EventSystem
Event Description:
8000401a{28778B62-8481-400D-8E8A-A4C81ED3F65C}StandardCreateInstance

Event Record #/Type1175 / Warning
Event Submitted/Written: 07/09/2008 08:05:45 AM
Event ID/Source: 4356 / EventSystem
Event Description:
8000401a{28778B62-8481-400D-8E8A-A4C81ED3F65C}StandardCreateInstance

Event Record #/Type1162 / Error
Event Submitted/Written: 07/09/2008 03:09:17 AM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Event Record #/Type1157 / Success
Event Submitted/Written: 07/09/2008 03:08:46 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1156 / Error
Event Submitted/Written: 07/09/2008 03:08:29 AM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%%8271.1.1600.010x80070005Zugriff verweigert Markus-PCMarkusS-1-5-21-4008867448-252535074-618003566-1000



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4719 / Warning
Event Submitted/Written: 07/09/2008 11:30:55 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{5DEAA4A8-ABE7-49B5-BC85-8929AAD45500}Markus-PCMarkusS-1-5-21-4008867448-252535074-618003566-1000Unknown%%832service:xpdt0%%807

Event Record #/Type4718 / Warning
Event Submitted/Written: 07/09/2008 11:30:55 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%%8271.1.1600.0{C88062B4-34AB-4A82-B54D-DB9043511F19}Markus-PCMarkusS-1-5-21-4008867448-252535074-618003566-1000Unknown%%832driver:xpdt0%%807

Event Record #/Type4704 / Warning
Event Submitted/Written: 07/09/2008 09:06:04 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001D60871282 zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten:
%%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten.

Event Record #/Type4691 / Warning
Event Submitted/Written: 07/09/2008 08:05:43 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001D60871282 zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten:
%%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten.

Event Record #/Type4685 / Error
Event Submitted/Written: 07/09/2008 06:57:41 AM
Event ID/Source: 8003 / bowser
Event Description:
Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRANK-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FA15546F-5816-4A5D-9A6F-4B6E6CE417DD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.



-- End of Deckard's System Scanner: finished at 2008-07-09 11:31:06 ------------
Seitenanfang Seitenende
09.07.2008, 12:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 mal sehen, was raman dazu meint, aber ich finde das Log sehr eigenartig, ein Wunder, dass der Rechner überhaupt funktioniert, wenn man sieht, wie viele Treiber und Windowsssytemdateien fehlen.
Von verseuchung keine Spur, jedoch fehlende Treiber ohne Ende....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »