Virus / Trojaner-Infektion, Probleme mit IE + Systemwiederherstellung |
||
---|---|---|
#0
| ||
16.07.2010, 22:06
Member
Beiträge: 12 |
||
|
||
16.07.2010, 22:09
Member
Themenstarter Beiträge: 12 |
#2
Im Folgenden poste ich nun gemäß Eurer Anleitung weitere Logfiles von den Programmen, die Ihr vorschlagt.
1. Scan mit Malwarebytes (und anschliessende Bereinigung) [Code] alwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4320 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 16.07.2010 18:44:25 mbam-log-2010-07-16 (18-44-25).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164001 Laufzeit: 5 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 11 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Trojan.Ertfor) -> No action taken. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\notepad.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aspimgr (Trojan.Asprox) -> No action taken. HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a2-75f1-51bd-f413-04b15a2c8950} (Trojan.Ertfor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> No action taken. C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\dhxiuw.dat (Malware.Trace) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\ntuser_mssec.exe (Trojan.VirTool) -> No action taken. C:\WINDOWS\ws386.ini (Malware.Trace) -> No action taken. [\Code] __________ "The rug really tied the room together." |
|
|
||
16.07.2010, 22:11
Member
Themenstarter Beiträge: 12 |
#3
Irgendwie geht es leider nur häppchenweise ........
2. Gmer Report Gmer lief trotz aller Versuche (Umbenennung usw.) nicht. Dafür liefen die Tools MBR und CatchME. Hier Logs: [Code] Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK [\Code] [Code] catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-16 19:33:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [\Code] __________ "The rug really tied the room together." |
|
|
||
16.07.2010, 22:14
Member
Themenstarter Beiträge: 12 |
#4
3. Scan mit OTL
OTL [Code] OTL logfile created on: 16.07.2010 20:50:43 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,45% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Paulchen Current User Name: Fritzle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 360 Days Output = Minimal [color=#E56717]========== Processes (All) ==========[/color] PRC - C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe (OldTimer Tools) PRC - D:\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.) PRC - C:\Programme\NDAS\System\ndassvc.exe (XIMETA, Inc.) PRC - D:\Diskeeper Professional Premier\DkService.exe (Diskeeper Corporation) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation) PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] (Microsoft Corporation) PRC - C:\WINDOWS\system32\svchost.exe [NETSVCS] (Microsoft Corporation) PRC - C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] (Microsoft Corporation) PRC - C:\WINDOWS\system32\svchost.exe [emoteRegistry] (Microsoft Corporation) PRC - C:\WINDOWS\system32\svchost.exe [emoteRegistry] (Microsoft Corporation) PRC - C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] (Microsoft Corporation) PRC - C:\WINDOWS\system32\smss.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\services.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\csrss.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\alg.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\ati2evxx.exe () PRC - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) PRC - D:\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.) PRC - C:\WINDOWS\system32\PDFCreatorMessages.exe (Global Graphics Software Ltd) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\WINDOWS\SCARDS32.EXE (Towitoko AG) PRC - C:\WINDOWS\system32\sstray.exe (NVIDIA Corporation) PRC - C:\Programme\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) PRC - D:\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.) [color=#E56717]========== Modules (All) ==========[/color] MOD - C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\wininet.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\gdi32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\shlwapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\user32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\normaliz.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winspool.drv (Microsoft Corporation) MOD - C:\WINDOWS\system32\wldap32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\version.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\userenv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\srclient.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\samlib.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\secur32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\olepro32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\psapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ntmarta.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msctf.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\imagehlp.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\imm32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\comres.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\comdlg32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\advapi32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\setupapi.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (All) ==========[/color] SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (a2free) -- D:\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Microsoft Corporation) SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation) SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation) SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation) SRV - (stisvc) Windows-Bilderfassung (WIA) -- C:\WINDOWS\system32\wiaservc.dll (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (WmdmPmSN) -- C:\WINDOWS\system32\mspmsnsv.dll (Microsoft Corporation) SRV - (WudfSvc) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation) SRV - (lanmanworkstation) -- C:\WINDOWS\system32\wkssvc.dll (Microsoft Corporation) SRV - (RasMan) -- C:\WINDOWS\system32\rasmans.dll (Microsoft Corporation) SRV - (ndassvc) -- C:\Programme\NDAS\System\ndassvc.exe (XIMETA, Inc.) SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Microsoft Corporation) SRV - (WebClient) -- C:\WINDOWS\system32\webclnt.dll (Microsoft Corporation) SRV - (Diskeeper) -- D:\Diskeeper Professional Premier\DkService.exe (Diskeeper Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (SandraTheSrv) -- D:\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (SiSoftware) SRV - (SandraDataSrv) -- D:\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (SiSoftware) SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Microsoft Corporation) SRV - (RpcSs) Remoteprozeduraufruf (RPC) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation) SRV - (DcomLaunch) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation) SRV - (EventSystem) -- C:\WINDOWS\system32\es.dll (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Microsoft Corporation) SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation) SRV - (MSIServer) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation) SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (lanmanserver) -- C:\WINDOWS\system32\srvsvc.dll (Microsoft Corporation) SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation) SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation) SRV - (UPS) -- C:\WINDOWS\system32\ups.exe (Microsoft Corporation) SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation) SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation) SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation) SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation) SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation) SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation) SRV - (mnmsrvc) -- C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation) SRV - (RpcLocator) -- C:\WINDOWS\system32\locator.exe (Microsoft Corporation) SRV - (SamSs) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (ProtectedStorage) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (PolicyAgent) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (NtLmSsp) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (Netlogon) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Microsoft Corporation) SRV - (Fax) -- C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation) SRV - (dmadmin) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software) SRV - (SwPrv) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) SRV - (COMSysApp) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation) SRV - (CiSvc) -- C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation) SRV - (ALG) -- C:\WINDOWS\system32\alg.exe (Microsoft Corporation) SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Microsoft Corporation) SRV - (xmlprov) -- C:\WINDOWS\system32\xmlprov.dll (Microsoft Corporation) SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation) SRV - (wscsvc) -- C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation) SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Microsoft Corporation) SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Microsoft Corporation) SRV - (HTTPFilter) -- C:\WINDOWS\system32\w3ssl.dll (Microsoft Corporation) SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation) SRV - (TrkWks) Überwachung verteilter Verknüpfungen (Client) -- C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation) SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation) SRV - (SSDPSRV) -- C:\WINDOWS\system32\ssdpsrv.dll (Microsoft Corporation) SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation) SRV - (SENS) -- C:\WINDOWS\system32\sens.dll (Microsoft Corporation) SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Microsoft Corporation) SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation) SRV - (RasAuto) -- C:\WINDOWS\system32\rasauto.dll (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation) SRV - (Nla) NLA (Network Location Awareness) -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation) SRV - (LmHosts) -- C:\WINDOWS\system32\lmhsvc.dll (Microsoft Corporation) SRV - (SharedAccess) -- C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation) SRV - (ERSvc) -- C:\WINDOWS\system32\ersvc.dll (Microsoft Corporation) SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Microsoft Corporation) SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Microsoft Corp.) SRV - (CryptSvc) -- C:\WINDOWS\system32\cryptsvc.dll (Microsoft Corporation) SRV - (Browser) -- C:\WINDOWS\system32\browser.dll (Microsoft Corporation) SRV - (AudioSrv) -- C:\WINDOWS\system32\audiosrv.dll (Microsoft Corporation) SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation) SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe () SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe () SRV - (PDFCreatorMessages) -- C:\WINDOWS\system32\PDFCreatorMessages.exe (Global Graphics Software Ltd) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TWKSCARDSRV) -- C:\WINDOWS\SCARDS32.EXE (Towitoko AG) SRV - (RSVP) -- C:\WINDOWS\system32\rsvp.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation) SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.) [color=#E56717]========== Driver Services (All) ==========[/color] DRV - (WDICA) -- File not found DRV - (ViaIde) -- File not found DRV - (ultra) -- File not found DRV - (TosIde) -- File not found DRV - (symc8xx) -- File not found DRV - (symc810) -- File not found DRV - (sym_u3) -- File not found DRV - (sym_hi) -- File not found DRV - (sr) -- C:\WINDOWS\SystemRoot\System32\DRIVERS\sr.sys File not found DRV - (Simbad) -- File not found DRV - (ql1280) -- File not found DRV - (ql1240) -- File not found DRV - (ql12160) -- File not found DRV - (Ql10wnt) -- File not found DRV - (ql1080) -- File not found DRV - (perc2hib) -- File not found DRV - (perc2) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (oreans32) -- C:\WINDOWS\System32\drivers\oreans32.sys File not found DRV - (NETFRITZ) -- C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS File not found DRV - (mraid35x) -- File not found DRV - (lbrtfdc) -- File not found DRV - (IntelIde) -- File not found DRV - (ini910u) -- File not found DRV - (i2omp) -- File not found DRV - (i2omgmt) -- File not found DRV - (hpn) -- File not found DRV - (dpti2o) -- File not found DRV - (dac960nt) -- File not found DRV - (Cpqarray) -- File not found DRV - (CmdIde) -- File not found DRV - (Changer) -- File not found DRV - (cd20xrnt) -- File not found DRV - (Atdisk) -- File not found DRV - (asc3550) -- File not found DRV - (asc3350p) -- File not found DRV - (asc) -- File not found DRV - (amsint) -- File not found DRV - (AliIde) -- File not found DRV - (aic78u2) -- File not found DRV - (Aha154x) -- File not found DRV - (adpu160m) -- File not found DRV - (abp480n5) -- File not found DRV - (Abiosdsk) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- D:\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (Tcpip) -- C:\WINDOWS\system32\drivers\TCPIP.SYS (Microsoft Corporation) DRV - (Ntfs) -- C:\WINDOWS\System32\drivers\ntfs.sys (Microsoft Corporation) DRV - (SSPORT) -- C:\WINDOWS\system32\drivers\SSPORT.sys (Samsung Electronics) DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\WudfRd.sys (Microsoft Corporation) DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\WudfPf.sys (Microsoft Corporation) DRV - (FltMgr) -- C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Corporation) DRV - (Srv) -- C:\WINDOWS\system32\drivers\srv.sys (Microsoft Corporation) DRV - (lfsfilt) -- C:\WINDOWS\system32\DRIVERS\lfsfilt.sys (XIMETA, Inc.) DRV - (ndasscsi) -- C:\WINDOWS\system32\drivers\ndasscsi.sys (XIMETA, Inc.) DRV - (ndasbus) -- C:\WINDOWS\system32\drivers\ndasbus.sys (XIMETA, Inc.) DRV - (lpx) -- C:\WINDOWS\system32\DRIVERS\lpx.sys (XIMETA, Inc.) DRV - (wdmaud) -- C:\WINDOWS\system32\drivers\wdmaud.sys (Microsoft Corporation) DRV - (splitter) -- C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Corporation) DRV - (kmixer) -- C:\WINDOWS\system32\drivers\kmixer.sys (Microsoft Corporation) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (Rdbss) -- C:\WINDOWS\system32\drivers\rdbss.sys (Microsoft Corporation) DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys (Microsoft Corporation) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (HTTP) -- C:\WINDOWS\system32\drivers\http.sys (Microsoft Corporation) DRV - (aec) -- C:\WINDOWS\system32\drivers\aec.sys (Microsoft Corporation) DRV - (timounter) -- C:\WINDOWS\System32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\System32\DRIVERS\snapman.sys (Acronis) DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation) DRV - (ohci1394) -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys (Microsoft Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.) DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (RDPWD) -- C:\WINDOWS\System32\drivers\rdpwd.sys (Microsoft Corporation) DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Generic) DRV - (bfhubase) Eumex C 200 data (WinXP/2000) -- C:\WINDOWS\system32\drivers\bfhubase.sys (AVM Berlin) DRV - (CAPI_CIP) -- C:\WINDOWS\system32\drivers\capi_cip.sys (AVM Berlin) DRV - (AVMBTSERIAL) -- C:\WINDOWS\system32\drivers\avmbtser.sys (AVM GmbH) DRV - (AVMBTPARALLEL) -- C:\WINDOWS\system32\drivers\avmbtpar.sys (AVM GmbH) DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH) DRV - (AVMBTSND) -- C:\WINDOWS\system32\drivers\avmbtsnd.sys (AVM GmbH) DRV - (NETBFPAN) -- C:\WINDOWS\system32\drivers\netbfpan.sys (AVM Berlin) DRV - (IpNat) -- C:\WINDOWS\system32\drivers\ipnat.sys (Microsoft Corporation) DRV - (TDTCP) -- C:\WINDOWS\System32\drivers\tdtcp.sys (Microsoft Corporation) DRV - (TDPIPE) -- C:\WINDOWS\System32\drivers\tdpipe.sys (Microsoft Corporation) DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys (Microsoft Corporation) DRV - (dmio) -- C:\WINDOWS\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software) DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software) DRV - (kbdhid) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation) DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Microsoft Corporation) DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys (Microsoft Corporation) DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Microsoft Corporation) DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Microsoft Corporation) DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Microsoft Corporation) DRV - (Processor) -- C:\WINDOWS\system32\drivers\processr.sys (Microsoft Corporation) DRV - (AmdK7) -- C:\WINDOWS\system32\drivers\amdk7.sys (Microsoft Corporation) DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Microsoft Corporation) DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys (Microsoft Corporation) DRV - (Pcmcia) -- C:\WINDOWS\System32\DRIVERS\pcmcia.sys (Microsoft Corporation) DRV - (PCI) -- C:\WINDOWS\System32\DRIVERS\pci.sys (Microsoft Corporation) DRV - (ACPI) -- C:\WINDOWS\System32\DRIVERS\ACPI.sys (Microsoft Corporation) DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Microsoft Corporation) DRV - (usbprint) -- C:\WINDOWS\system32\drivers\usbprint.sys (Microsoft Corporation) DRV - (sysaudio) -- C:\WINDOWS\system32\drivers\sysaudio.sys (Microsoft Corporation) DRV - (Mup) -- C:\WINDOWS\System32\drivers\mup.sys (Microsoft Corporation) DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys (Microsoft Corporation) DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys (Microsoft Corporation) DRV - (NDIS) -- C:\WINDOWS\System32\drivers\ndis.sys (Microsoft Corporation) DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys (Microsoft Corporation) DRV - (PptpMiniport) WAN-Miniport (PPTP) -- C:\WINDOWS\system32\drivers\raspptp.sys (Microsoft Corporation) DRV - (Rasl2tp) WAN-Miniport (L2TP) -- C:\WINDOWS\system32\drivers\rasl2tp.sys (Microsoft Corporation) DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation) DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys (Microsoft Corporation) DRV - (Cdfs) -- C:\WINDOWS\System32\drivers\cdfs.sys (Microsoft Corporation) DRV - (NABTSFEC) -- C:\WINDOWS\system32\drivers\nabtsfec.sys (Microsoft Corporation) DRV - (WSTCODEC) -- C:\WINDOWS\system32\drivers\wstcodec.sys (Microsoft Corporation) DRV - (CCDECODE) -- C:\WINDOWS\system32\drivers\ccdecode.sys (Microsoft Corporation) DRV - (SLIP) -- C:\WINDOWS\system32\drivers\slip.sys (Microsoft Corporation) DRV - (streamip) -- C:\WINDOWS\system32\drivers\streamip.sys (Microsoft Corporation) DRV - (NdisIP) -- C:\WINDOWS\system32\drivers\ndisip.sys (Microsoft Corporation) DRV - (usbccgp) -- C:\WINDOWS\system32\drivers\usbccgp.sys (Microsoft Corporation) DRV - (usbstor) -- C:\WINDOWS\system32\drivers\usbstor.sys (Microsoft Corporation) DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys (Microsoft Corporation) DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation) DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys (Microsoft Corporation) DRV - (usbohci) -- C:\WINDOWS\system32\drivers\usbohci.sys (Microsoft Corporation) DRV - (drmkaud) -- C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (mssmbios) -- C:\WINDOWS\system32\drivers\mssmbios.sys (Microsoft Corporation) DRV - (DMusic) -- C:\WINDOWS\system32\drivers\dmusic.sys (Microsoft Corporation) DRV - (VgaSave) -- C:\WINDOWS\System32\drivers\vga.sys (Microsoft Corporation) DRV - (RasPppoe) -- C:\WINDOWS\system32\drivers\raspppoe.sys (Microsoft Corporation) DRV - (AsyncMac) -- C:\WINDOWS\system32\drivers\asyncmac.sys (Microsoft Corporation) DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys (Microsoft Corporation) DRV - (IpInIp) -- C:\WINDOWS\system32\drivers\ipinip.sys (Microsoft Corporation) DRV - (PSched) -- C:\WINDOWS\system32\drivers\psched.sys (Microsoft Corporation) DRV - (Gpc) -- C:\WINDOWS\system32\drivers\msgpc.sys (Microsoft Corporation) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\WINDOWS\system32\drivers\netbios.sys (Microsoft Corporation) DRV - (Ndisuio) -- C:\WINDOWS\system32\drivers\ndisuio.sys (Microsoft Corporation) DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys (Microsoft Corporation) DRV - (IRENUM) -- C:\WINDOWS\system32\drivers\irenum.sys (Microsoft Corporation) DRV - (Npfs) -- C:\WINDOWS\System32\drivers\npfs.sys (Microsoft Corporation) DRV - (Msfs) -- C:\WINDOWS\System32\drivers\msfs.sys (Microsoft Corporation) DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation) DRV - (Imapi) -- C:\WINDOWS\system32\drivers\imapi.sys (Microsoft Corporation) DRV - (Ip6Fw) -- C:\WINDOWS\system32\drivers\ip6fw.sys (Microsoft Corporation) DRV - (sbp2port) -- C:\WINDOWS\System32\DRIVERS\sbp2port.sys (Microsoft Corporation) DRV - (Disk) -- C:\WINDOWS\System32\DRIVERS\disk.sys (Microsoft Corporation) DRV - (Sfloppy) -- C:\WINDOWS\System32\drivers\sfloppy.sys (Microsoft Corporation) DRV - (Cdrom) -- C:\WINDOWS\system32\drivers\cdrom.sys (Microsoft Corporation) DRV - (KSecDD) -- C:\WINDOWS\System32\drivers\ksecdd.sys (Microsoft Corporation) DRV - (atapi) -- C:\WINDOWS\System32\DRIVERS\atapi.sys (Microsoft Corporation) DRV - (Fdc) -- C:\WINDOWS\system32\drivers\fdc.sys (Microsoft Corporation) DRV - (Flpydisk) -- C:\WINDOWS\system32\drivers\flpydisk.sys (Microsoft Corporation) DRV - (serenum) -- C:\WINDOWS\system32\drivers\serenum.sys (Microsoft Corporation) DRV - (usbscan) -- C:\WINDOWS\system32\drivers\usbscan.sys (Microsoft Corporation) DRV - (MSKSSRV) -- C:\WINDOWS\system32\drivers\mskssrv.sys (Microsoft Corporation) DRV - (swenum) -- C:\WINDOWS\system32\drivers\swenum.sys (Microsoft Corporation) DRV - (MSPQM) -- C:\WINDOWS\system32\drivers\mspqm.sys (Microsoft Corporation) DRV - (MSTEE) -- C:\WINDOWS\system32\drivers\mstee.sys (Microsoft Corporation) DRV - (MSPCLOCK) -- C:\WINDOWS\system32\drivers\mspclock.sys (Microsoft Corporation) DRV - (Update) -- C:\WINDOWS\system32\drivers\update.sys (Microsoft Corporation) DRV - (Atmarpc) -- C:\WINDOWS\system32\drivers\atmarpc.sys (Microsoft Corporation) DRV - (MountMgr) -- C:\WINDOWS\System32\drivers\mountmgr.sys (Microsoft Corporation) DRV - (NIC1394) -- C:\WINDOWS\system32\drivers\nic1394.sys (Microsoft Corporation) DRV - (Arp1394) -- C:\WINDOWS\system32\drivers\arp1394.sys (Microsoft Corporation) DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (vobiw) -- C:\WINDOWS\System32\drivers\vobIW.sys (Pinnacle Systems GmbH) DRV - (cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (Pinnacle Systems GmbH) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (bfubase) BlueFRITZ! USB (WinXP/2000) -- C:\WINDOWS\system32\drivers\bfubase.sys (AVM Berlin) DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation) DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation) DRV - (sojubus) -- C:\WINDOWS\System32\DRIVERS\sojubus.sys ( ) DRV - (sojuscsi) -- C:\WINDOWS\System32\DRIVERS\sojuscsi.sys ( ) DRV - (VOBID) -- C:\WINDOWS\System32\DRIVERS\vobid.sys (Pinnacle Systems) DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (Point32) -- C:\WINDOWS\system32\drivers\point32.sys (Microsoft Corporation) DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys (Motorola Inc) DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (uscbs108) -- C:\WINDOWS\system32\drivers\uscbs108.sys ( ) DRV - (uscsc108) -- C:\WINDOWS\system32\drivers\uscsc108.sys ( ) DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (Elaborate Bytes AG) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) DRV - (fxusbase) BlueFRITZ! AP-X (WinXP/2000) -- C:\WINDOWS\system32\drivers\fxusbase.sys (AVM Berlin) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM Berlin) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (TwkPCSC) -- C:\WINDOWS\System32\drivers\TWKPCSC.SYS (Towitoko AG) DRV - (TwkMs) -- C:\WINDOWS\System32\drivers\TWKMS.SYS (Towitoko AG) DRV - (TWKPNP) -- C:\WINDOWS\system32\drivers\TWKPNP.SYS (Towitoko AG) DRV - (Cap7134) TV-Station (SAA7134Capture with MK3-Tuner) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors) DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors) DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys () DRV - (BT878) -- C:\WINDOWS\system32\drivers\bt878.sys (Hauppauge Computer Works) DRV - (vobcom) -- C:\WINDOWS\System32\drivers\vobcom.sys (VOB Computersysteme GmbH) DRV - (VisorUsb) -- C:\WINDOWS\system32\drivers\VisorUsb.sys (Handspring, Inc) DRV - (Ftdisk) -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (swmidi) -- C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft Corporation) DRV - (NDProxy) -- C:\WINDOWS\System32\drivers\ndproxy.sys (Microsoft Corporation) DRV - (isapnp) -- C:\WINDOWS\System32\DRIVERS\isapnp.sys (Microsoft Corporation) DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys (Microsoft Corporation) DRV - (IpFilterDriver) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys (Microsoft Corporation) DRV - (NwlnkFwd) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys (Microsoft Corporation) DRV - (PartMgr) -- C:\WINDOWS\System32\drivers\partmgr.sys (Microsoft Corporation) DRV - (Cdaudio) -- C:\WINDOWS\System32\drivers\cdaudio.sys (Microsoft Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (Raspti) Parallelanschluss (direkt) -- C:\WINDOWS\system32\drivers\raspti.sys (Microsoft Corporation) DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation) DRV - (NwlnkFlt) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys (Microsoft Corporation) DRV - (mouhid) -- C:\WINDOWS\system32\drivers\mouhid.sys (Microsoft Corporation) DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation) DRV - (NdisTapi) -- C:\WINDOWS\system32\drivers\ndistapi.sys (Microsoft Corporation) DRV - (HidUsb) -- C:\WINDOWS\system32\drivers\hidusb.sys (Microsoft Corporation) DRV - (RasAcd) -- C:\WINDOWS\system32\drivers\rasacd.sys (Microsoft Corporation) DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (dmload) -- C:\WINDOWS\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.) DRV - (RDPCDD) -- C:\WINDOWS\system32\drivers\rdpcdd.sys (Microsoft Corporation) DRV - (mnmdd) -- C:\WINDOWS\System32\drivers\mnmdd.sys (Microsoft Corporation) DRV - (Beep) -- C:\WINDOWS\System32\drivers\beep.sys (Microsoft Corporation) DRV - (Null) -- C:\WINDOWS\System32\drivers\null.sys (Microsoft Corporation) DRV - (PCIIde) -- C:\WINDOWS\System32\DRIVERS\pciide.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (aic78xx) -- C:\WINDOWS\System32\DRIVERS\aic78xx.sys (Microsoft Corporation) DRV - (audstub) -- C:\WINDOWS\system32\drivers\audstub.sys (Microsoft Corporation) DRV - (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation) DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.) DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.) DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.) DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.) DRV - (HCW848NT) -- C:\WINDOWS\system32\drivers\HCW848NT.sys (Hauppauge Computer Works) DRV - (Wdm1) -- C:\WINDOWS\system32\drivers\usbbc.sys () [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "engine://D%3A%5CMozilla%5Csearchplugins%5Cgoogle.src" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Torrent-Search Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://www.google.de" FF - prefs.js..browser.startup.homepage: "http://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4 FF - prefs.js..keyword.URL: "Google" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2010.06.26 19:36:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.06.26 19:36:08 | 000,000,000 | ---D | M] [2008.06.27 20:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Extensions [2008.06.27 20:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010.07.15 15:20:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions [2010.04.21 19:42:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010.03.14 23:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\firefox@tvunetworks.com [2008.10.18 15:28:48 | 000,000,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\searchplugins\conduit.xml O1 HOSTS File: ([2006.02.11 05:36:59 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [hcwPVRReset] D:\WinTV\hcwP1Utl.exe () O4 - HKLM..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PDFCreatorClient] D:\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [H/PC Connection Agent] D:\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Device Management.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll () O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Messenger-Software\AIM95\aim.exe (America Online, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernetwork.com/surferplugin.ocx (SurferNETWORK Plugin) O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} http://www.cdpass.com/cdkey/CDPass.cab (CDPass Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188006228312 (WUWebControl Class) O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279199238515 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://204.49.60.246/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.1427893518 (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class) O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: IEPrint http://www.visiontech.ltd.uk/software/download/IEPrint.CAB (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll () O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2003.01.16 06:38:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.11.19 00:58:16 | 000,169,504 | ---- | M] () - E:\Auto Kaufberatung.mht -- [ NTFS ] O32 - AutoRun File - [2007.11.19 00:59:29 | 000,276,766 | ---- | M] () - E:\Auto-Kauf -- Rabatt für Bar-Zahler spart oft mehr als günstiges Finanzierungsangebot.mht -- [ NTFS ] O32 - AutoRun File - [2009.10.16 13:50:05 | 000,852,681 | ---- | M] () - E:\Autobatterie aufladen-wechseln bei heimwerker_de.mht -- [ NTFS ] O32 - AutoRun File - [2007.09.10 00:55:02 | 000,006,346 | ---- | M] () - E:\automatische Seitenweiterleitung.mht -- [ NTFS ] O32 - AutoRun File - [2007.11.12 04:59:26 | 000,513,453 | ---- | M] () - E:\Autotteilestore.com -- Auspuffanlage komplett.mht -- [ NTFS ] O32 - AutoRun File - [2008.06.23 16:43:43 | 000,365,621 | ---- | M] () - E:\Autozine - Autotest Chevrolet Captiva.mht -- [ NTFS ] O32 - AutoRun File - [2009.12.14 18:26:08 | 000,033,488 | ---- | M] () - F:\Autoversicherung_Bus.pdf -- [ NTFS ] O32 - AutoRun File - [2009.12.14 17:39:03 | 000,035,391 | ---- | M] () - F:\Autoversicherung_Golf.pdf -- [ NTFS ] O32 - AutoRun File - [2009.12.15 04:35:34 | 000,033,990 | ---- | M] () - F:\Autoversicherung_Golf_Version2.pdf -- [ NTFS ] O32 - AutoRun File - [2008.09.16 00:17:56 | 000,372,517 | ---- | M] () - G:\Autovermietung#Hertz_Amerika#buchen.pdf -- [ NTFS ] O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell - "" = AutoRun O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2006.12.19 23:49:40 | 008,494,592 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell - "" = AutoRun O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun\command - "" = M:\DPFMate.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 360 Days ==========[/color] [2010.07.16 20:47:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe [2010.07.16 18:46:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fritzle\Recent [2010.07.16 18:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Malwarebytes [2010.07.16 18:36:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.16 18:36:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.16 18:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Desktop\ProcessExplorer [2010.07.15 19:15:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.07.14 23:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.07.14 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.07.14 16:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\vuemvtbgn [2010.07.13 16:28:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AdobeUM [2010.07.13 16:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.07.13 16:25:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.13 16:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.07.13 15:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Eigene Dateien\a-squared Free [2010.07.12 22:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server [2010.04.21 19:43:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.04.21 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.21 19:42:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.04.06 02:15:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Eigene Dateien\Downloads [2010.03.14 20:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\TVU Networks [2010.03.14 20:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks [2010.03.14 20:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\LocalLow [2010.03.14 20:31:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\LocalLow [2010.02.17 17:27:38 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.02.17 17:27:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2010.02.17 17:27:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Apple [2010.02.17 17:27:09 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.02.17 17:27:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple [2010.01.29 11:58:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime [2010.01.29 11:31:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Media Player Classic [2010.01.29 10:59:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(4) [2010.01.29 09:51:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.01.29 08:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(3) [2010.01.29 07:33:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WindSolutions [2010.01.29 06:16:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.01.29 06:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2009.11.30 17:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\cdviewer [2009.11.14 02:52:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Download Manager [2009.11.14 02:37:15 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2009.11.11 00:08:24 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2009.11.11 00:08:24 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2009.09.12 23:56:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Thinstall [2009.08.10 15:45:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\MPEG Streamclip [2009.07.24 23:45:41 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009.07.24 23:45:41 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009.07.24 23:45:41 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009.07.24 23:45:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2009.07.24 22:00:21 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\drivers\SSPORT.sys [2009.07.24 21:46:35 | 000,837,028 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.dll [2009.07.24 21:46:35 | 000,704,512 | ---- | C] (Unified FB) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.dll [2009.07.24 21:46:35 | 000,224,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ui.dll [2009.07.24 21:46:35 | 000,204,800 | ---- | C] (SEC) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.dll [2009.07.24 21:46:35 | 000,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.exe [2009.07.24 21:46:35 | 000,057,344 | ---- | C] (SEC) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.dll [2009.07.24 21:46:35 | 000,022,663 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.dll [2009.07.24 21:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series [2009.07.24 21:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung [2009.07.24 14:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2) [2003.10.05 11:41:14 | 000,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys [2003.09.28 11:57:52 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys [2003.03.09 19:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll [2003.03.09 19:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys [2003.03.09 19:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys [2003.02.12 08:37:16 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 360 Days ==========[/color] [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe [2010.07.16 19:33:31 | 000,147,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe [2010.07.16 18:55:46 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat [2010.07.16 18:48:09 | 000,000,378 | ---- | M] () -- C:\WINDOWS\SCARDSRV.INI [2010.07.16 18:47:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.16 18:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.16 18:47:29 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys [2010.07.16 18:46:45 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.ini [2010.07.16 18:36:20 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.16 17:37:22 | 000,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe [2010.07.15 19:09:28 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\.exe [2010.07.15 18:59:40 | 000,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe [2010.07.15 16:18:35 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job [2010.07.15 14:03:26 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk [2010.07.15 13:27:55 | 000,011,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.15 04:43:36 | 000,001,593 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.15 04:43:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.15 04:43:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.07.15 02:38:54 | 000,018,254 | ---- | M] () -- C:\WINDOWS\System32\ssnvfx.ini [2010.07.15 02:25:50 | 000,000,032 | ---- | M] () -- C:\WINDOWS\HCWBTDLG.INI [2010.07.15 02:25:30 | 000,001,249 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI [2010.07.14 16:51:26 | 000,000,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav [2010.07.13 16:09:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job [2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job [2010.06.24 07:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.21 19:43:20 | 000,000,505 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2010.03.28 16:30:02 | 001,061,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.03.28 16:30:02 | 000,454,634 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.03.28 16:30:02 | 000,437,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.03.28 16:30:02 | 000,083,648 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.03.28 16:30:02 | 000,070,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.02.19 22:25:48 | 000,002,143 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\InstantCD+DVD.lnk [2010.02.17 17:27:53 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.01.10 20:15:46 | 000,000,563 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2009.12.24 04:39:24 | 000,000,387 | ---- | M] () -- C:\WINDOWS\Clony2.ini [2009.12.20 19:27:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\walter.com [2009.11.11 01:08:24 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2009.11.11 01:08:24 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2009.09.15 00:48:19 | 000,038,467 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR [2009.09.15 00:06:37 | 000,038,429 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2009.09.14 22:18:59 | 000,020,179 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini [2009.09.14 22:18:51 | 000,001,746 | ---- | M] () -- C:\WINDOWS\Language_trs.ini [2009.09.04 10:58:33 | 000,001,379 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2009.08.28 20:42:52 | 002,065,696 | ---- | M] () -- C:\WINDOWS\System32\usbaaplrc.dll [2009.08.25 01:53:39 | 000,000,451 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mp3tag.lnk [2009.07.24 23:45:50 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2009.07.24 21:48:33 | 000,000,138 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SAMSUNG Dr.Printer.url [2009.07.24 20:22:34 | 000,000,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\abschalten.reg [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.07.16 19:40:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\walter.com [2010.07.16 19:33:31 | 000,147,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe [2010.07.16 18:36:20 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.16 17:37:22 | 000,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe [2010.07.15 19:09:28 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\.exe [2010.07.15 19:02:59 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe [2010.07.15 16:18:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.07.15 16:18:06 | 000,003,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\iisagx.dll [2010.07.15 14:03:26 | 000,000,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk [2010.07.15 02:21:16 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys [2010.07.14 16:51:26 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav [2010.06.24 01:30:52 | 013,893,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat [2010.04.21 19:43:20 | 000,000,505 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2010.02.17 17:27:52 | 000,001,594 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.01.29 08:15:09 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.01.29 08:14:57 | 002,065,696 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc.dll [2010.01.29 08:14:57 | 002,060,288 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc(2).dll [2010.01.29 08:14:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys [2009.09.15 00:48:16 | 000,038,467 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR [2009.09.14 22:18:51 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2009.09.14 22:18:44 | 000,020,179 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009.09.14 22:18:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009.09.14 22:11:54 | 000,038,429 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2009.07.24 23:51:18 | 000,000,295 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\abschalten.reg [2009.07.24 23:45:50 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2009.07.24 21:48:33 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SAMSUNG Dr.Printer.url [2009.07.24 21:46:35 | 001,443,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.ctd [2009.07.24 21:46:35 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u2.dll [2009.07.24 21:46:35 | 000,626,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ua.bmp [2009.07.24 21:46:35 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1U.dll [2009.07.24 21:46:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M.DLL [2009.07.24 21:46:35 | 000,206,278 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ub.bmp [2009.07.24 21:46:35 | 000,071,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uC.bmp [2009.07.24 21:46:35 | 000,062,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.dat [2009.07.24 21:46:35 | 000,060,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.dat [2009.07.24 21:46:35 | 000,059,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.dat [2009.07.24 21:46:35 | 000,059,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.dat [2009.07.24 21:46:35 | 000,059,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.dat [2009.07.24 21:46:35 | 000,058,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.dat [2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucv.bmp [2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucs.bmp [2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucp.bmp [2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1uco.bmp [2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucd.bmp [2009.07.24 21:46:35 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucc.bmp [2009.07.24 21:46:35 | 000,058,276 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.dat [2009.07.24 21:46:35 | 000,058,042 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.dat [2009.07.24 21:46:35 | 000,057,303 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.dat [2009.07.24 21:46:35 | 000,057,083 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.dat [2009.07.24 21:46:35 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.dat [2009.07.24 21:46:35 | 000,056,215 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.dat [2009.07.24 21:46:35 | 000,056,098 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.dat [2009.07.24 21:46:35 | 000,056,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.dat [2009.07.24 21:46:35 | 000,055,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.dat [2009.07.24 21:46:35 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.dat [2009.07.24 21:46:35 | 000,054,019 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.dat [2009.07.24 21:46:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lf.dll [2009.07.24 21:46:35 | 000,052,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.dat [2009.07.24 21:46:35 | 000,046,843 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.dat [2009.07.24 21:46:35 | 000,046,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.dat [2009.07.24 21:46:35 | 000,041,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1.cat [2009.07.24 21:46:35 | 000,031,381 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.chm [2009.07.24 21:46:35 | 000,031,277 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.chm [2009.07.24 21:46:35 | 000,031,241 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.chm [2009.07.24 21:46:35 | 000,031,155 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.chm [2009.07.24 21:46:35 | 000,031,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.chm [2009.07.24 21:46:35 | 000,030,711 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.chm [2009.07.24 21:46:35 | 000,030,437 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.chm [2009.07.24 21:46:35 | 000,030,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.chm [2009.07.24 21:46:35 | 000,030,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.chm [2009.07.24 21:46:35 | 000,030,247 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.chm [2009.07.24 21:46:35 | 000,030,229 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.chm [2009.07.24 21:46:35 | 000,030,223 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.chm [2009.07.24 21:46:35 | 000,030,199 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.chm [2009.07.24 21:46:35 | 000,030,025 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.chm [2009.07.24 21:46:35 | 000,029,945 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.chm [2009.07.24 21:46:35 | 000,029,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.chm [2009.07.24 21:46:35 | 000,029,803 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.chm [2009.07.24 21:46:35 | 000,029,791 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1bp.chm [2009.07.24 21:46:35 | 000,029,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.chm [2009.07.24 21:46:35 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M3.bmp [2009.07.24 21:46:35 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M2.bmp [2009.07.24 21:46:35 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M1.bmp [2009.07.24 21:46:35 | 000,029,323 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.chm [2009.07.24 21:46:35 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uG.bmp [2009.07.24 21:46:35 | 000,014,700 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u1.bmp [2009.07.24 21:46:35 | 000,014,684 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.bmp [2009.07.24 21:46:35 | 000,014,071 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.xml [2009.07.24 21:46:35 | 000,009,242 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.INI [2009.07.24 21:46:35 | 000,004,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ul.bmp [2009.07.24 21:46:35 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.inf [2009.07.24 21:46:35 | 000,000,746 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.ver [2009.07.24 21:46:35 | 000,000,555 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.smt [2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007.11.08 13:23:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2006.12.31 12:12:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2006.06.04 20:32:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI [2006.02.24 13:18:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2005.10.31 18:44:31 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2005.10.27 14:43:21 | 000,000,963 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini [2005.07.22 17:38:48 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.01.18 11:55:24 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini [2005.01.15 17:12:45 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini [2005.01.13 16:40:47 | 000,001,779 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2005.01.13 16:22:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HCWBTDLG.INI [2005.01.13 16:18:15 | 000,020,425 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2005.01.13 16:14:49 | 000,001,249 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2005.01.12 13:55:55 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2005.01.12 13:53:22 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL [2004.12.14 13:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.14 13:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004.11.25 19:07:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.10.15 12:30:57 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\niknakXML.dll [2004.10.15 12:30:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll [2004.10.15 12:30:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EventConsumer.dll [2004.10.15 12:30:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PDFMacroUtils.dll [2004.05.21 07:25:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\b2020.ini [2004.05.14 12:53:48 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2004.04.30 04:16:21 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll [2004.01.27 22:55:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004.01.25 03:31:04 | 000,018,254 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini [2003.11.17 16:00:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\KTEL.INI [2003.11.11 01:06:20 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll [2003.11.11 01:06:20 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll [2003.11.11 01:06:20 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll [2003.11.11 01:06:20 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll [2003.11.11 01:06:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll [2003.10.10 21:38:52 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Prof.ini [2003.10.01 03:29:11 | 000,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini [2003.07.24 01:57:10 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll [2003.06.13 02:29:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2003.04.08 18:33:10 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2003.04.07 12:07:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2003.02.24 14:01:16 | 000,000,541 | ---- | C] () -- C:\WINDOWS\apdfpr.ini [2003.02.19 21:05:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini [2003.02.19 20:58:38 | 000,000,387 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2003.02.18 13:27:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini [2003.02.18 13:27:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI [2003.02.12 08:37:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2003.01.29 09:17:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\SCARDSRV.INI [2003.01.29 09:17:32 | 000,000,396 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI [2003.01.28 21:50:52 | 000,001,052 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2003.01.27 16:52:55 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI [2003.01.19 13:19:29 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003.01.18 00:11:11 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys [2003.01.18 00:11:11 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll [2003.01.17 16:38:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2002.05.16 00:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2002.03.25 21:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001.11.23 19:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(3).DLL [2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(2).DLL [2001.01.22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL [1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(3).DLL [1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL [1998.12.14 19:00:00 | 000,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini [1996.06.07 21:07:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [1996.06.07 21:07:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [1996.06.07 21:07:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [1996.06.07 21:07:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [1996.06.07 21:07:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [1996.06.07 21:07:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [1996.06.07 21:07:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [1996.06.07 21:07:08 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [1996.06.07 21:07:08 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [1996.06.07 21:07:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [1996.06.07 21:07:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [1996.06.07 21:07:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [1996.06.07 21:07:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [color=#E56717]========== LOP Check ==========[/color] [2006.02.02 16:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2005.12.30 02:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest Software [2010.04.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2008.02.05 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2005.12.30 02:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2008.11.10 03:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes [2005.09.02 13:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2005.01.12 14:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010.07.15 03:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2005.01.12 14:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2005.01.12 14:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard [2005.01.15 19:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2005.04.13 01:31:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.01.29 06:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.01.29 09:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2005.02.27 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Aim [2010.07.11 19:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Azureus [2010.07.11 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Canon [2003.04.16 13:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\EverAd [2003.01.21 14:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\FileMaker [2003.01.17 14:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterTrust [2003.01.23 12:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterVideo [2006.01.17 16:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Leadertech [2009.03.21 02:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mp3tag [2009.08.10 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\MPEG Streamclip [2005.03.27 14:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Pegasys Inc [2005.01.12 13:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\ScanSoft [2009.01.06 18:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\SharePod [2006.05.08 16:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Steinberg [2009.09.12 23:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Thinstall [2005.01.15 15:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Ulead Systems [2007.04.01 17:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Viewpoint [2005.04.14 18:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WeatherBug [2010.01.29 07:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WindSolutions [2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job [2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job [2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job [color=#E56717]========== Purity Check ==========[/color] < End of report > [\Code] __________ "The rug really tied the room together." |
|
|
||
16.07.2010, 22:15
Member
Themenstarter Beiträge: 12 |
#5
Extras
[Code] OTL Extras logfile created on: 16.07.2010 20:50:43 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,45% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PAULCHEN Current User Name: Fritzle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 360 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "6969:TCP" = 6969:TCP:*:Enabled:Azureus "52525:TCP" = 52525:TCP:*:Enabled:Azureus "6969:UDP" = 6969:UDP:*:Enabled:Azureus "52525:UDP" = 52525:UDP:*:Enabled:Azureus "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "135:TCP" = 135:TCP:*:Enabled:TCP Port 135 "5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000 "5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001 "5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002 "5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003 "5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004 "5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005 "5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006 "5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007 "5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008 "5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009 "5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010 "5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011 "5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012 "5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013 "5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014 "5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015 "5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016 "5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017 "5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018 "5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019 "5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Microsoft ActiveSync\WCESCOMM.EXE" = D:\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation) "D:\Azureus\Azureus.exe" = D:\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.) "D:\Messenger-Software\AIM95\aim.exe" = D:\Messenger-Software\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "D:\Messenger-Software\Yahoo-Messenger\YPager.exe" = D:\Messenger-Software\Yahoo-Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "D:\Microsoft ActiveSync\WCESMGR.EXE" = D:\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "D:\RealPlayer\realplay.exe" = D:\RealPlayer\realplay.exe:*isabled:RealPlayer -- (RealNetworks, Inc.) "C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*isabled:Internet Explorer -- (Microsoft Corporation) "D:\WS_FTP\WS_FTP95.exe" = D:\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) "C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe" = D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "D:\SopCast\SopCast.exe" = D:\SopCast\SopCast.exe:*isabled:SopCast Main Application -- (www.sopcast.com) "D:\SopCast\adv\SopAdver.exe" = D:\SopCast\adv\SopAdver.exe:*isabled:SopCast Adver -- (www.sopcast.com) "D:\TVAnts\Tvants.exe" = D:\TVAnts\Tvants.exe:*isabled:TVAnts -- (Zhejiang University) "D:\TVUPlayer\TVUPlayer.exe" = D:\TVUPlayer\TVUPlayer.exe:*isabled:TVUPlayer Component -- (TVU networks) "C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe" = C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe:*:Enabled:Win32load -- File not found [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04277B8F-9663-43DA-BA52-69A11AE28440}" = StarMoney "{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7 "{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = USB Dual Vibration Joystick - Twin "{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead FilmBrennerei 2 Deluxe "{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition "{253A8DF7-72F1-4643-A7DB-830F42F4D471}_is1" = MetaBench 0.93 BETA "{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}" = Moorhuhn Total "{27DCB0FF-E8D8-44DE-9725-A7C96CC3FEB6}" = DCS - DVD Copy Suite "{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35A501AD-C538-4286-9A45-AAF5514A482D}" = Universal SCSI Controller "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{53480350-2D1F-461C-9214-3AEC993DD4A1}" = O&O UnErase "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A73544A-0FD4-4529-9420-CB1D6322BB50}" = FW LiveUpdate "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{6FDCF790-49AF-4E3B-8EB2-C07E2DBA55EA}" = StarMoney 5.0 S-Edition "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0 "{7BC42D2B-A730-43B4-8057-9B9946DF1031}" = Microsoft Producer "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9313E9A6-03DF-11D5-88F8-005004361016}" = Pinnacle TRex "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0F13B93-1892-4C55-B709-995BBB730F33}" = ATI RADEON 9700 NPR Hatching Demo v1.1 "{A12A36EC-ACB7-11D9-8E75-000D614181EB}" = NDAS Software 3.11.1328 "{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK "{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator "{A45302B5-1842-4B7A-92FC-53F618882BF1}" = Cuttermaran 1.65 "{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch "{AD6B62AC-18A2-4632-86D0-7962E2ECB9D5}" = Pinnacle InstantCD/DVD Suite "{ADAF6BDD-EC42-4239-B191-FDE6FFD6E1D6}" = ATI RADEON 9700 Car Paint Demo v1.1 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B747E7F6-7A2B-4E57-B6A5-AFF21325EE2D}" = ATI RADEON 9700 Bear Demo v1.1 "{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0 "{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C1939820-A945-11D4-86F6-0001031E5712}" = ASUSTek ASUSDVD "{C6ADEAB6-AEF6-49D5-816E-102DA2620646}" = "{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC379A36-DB26-4A29-877B-B6CE813FDDD5}" = ATI RADEON 9700 Debevec RNL Demo v1.1 "{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0 "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E24D73DA-FC53-47CC-9112-CA98986B88AA}" = Pinnacle InstantCD/DVD Suite Update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E6B9D9AC-E9DA-4EB9-85BC-34457A28B63F}" = Cloudmark SpamNet 1.0 Beta 10f "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% (Trial Version) "{EF1DD862-1F5C-4BC8-B3B6-BBB5AD3B460E}" = Motorola Handset USB Driver "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools "{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1 "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "8461-7759-5462-8226" = Vuze "Add/Remove Pro" = Add/Remove Pro "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen) "Advanced PDF Password Recovery" = Advanced PDF Password Recovery "Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "AnyDVD" = AnyDVD "AOL Instant Messenger" = AOL Instant Messenger "ArcView Districting Extension" = ArcView Districting Extension "ASAPI Update" = ASAPI Update "a-squared Free_is1" = a-squared Free 2.1 "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "Biet-O-Matic v2.0.13" = Biet-O-Matic v2.0.13 "CDex" = CDex extraction audio "CDXtract v4.1.5" = CDXtract v4.1.5 "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "CombiMovie (Freeware)_is1" = CombiMovie Version 1.31 "Digital Video Repair" = Digital Video Repair 2.1 "DivX Codec" = DivX Codec "DivX Player" = DivX Player "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD-lab PRO_is1" = DVD-lab PRO 1.00 "DVD-Patcher 1.06" = DVD-Patcher 1.06 "EarMaster Pro 4_is1" = EarMaster Pro 4 "FLAC" = FLAC 1.2.1b (remove only) "Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources "Hauppauge VCD Convert/Burn Utility" = Hauppauge VCD Convert/Burn Utility "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV NT4/Win2000 Drivers" = Hauppauge WinTV NT4/Win2000 Drivers "Hauppauge WinTV PVR (Model 45xxx)" = Hauppauge WinTV PVR (Model 45xxx) "Hauppauge WinTV Radio" = Hauppauge WinTV Radio "Hauppauge WinTV2000" = Hauppauge WinTV2000 "HDD Health_is1" = HDD Health v2.1 Beta "HijackThis" = HijackThis 2.0.2 "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Indeo® software" = Indeo® software "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InternetDeinstKey" = ArcView Internet Map Server "IsoBuster_is1" = IsoBuster 1.9.1 "Magic ISO Maker v5.1 (build 0185)" = Magic ISO Maker v5.1 (build 0185) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mp3tag" = Mp3tag v2.44 "MVApplication1" = SureThing CD Labeler Deluxe 4 "nanoPEG-Editor 2.2 Hauppauge Edition_is1" = nanoPEG-Editor 2.2 Hauppauge Edition "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA nForce Drivers" = NVIDIA nForce Drivers "OnlineControl_is1" = OnlineControl 1.1 "Parrot Flash Update Wizard" = Parrot Software Update Tool "Postpaket Ausfüllhilfe 2.2" = Postpaket Ausfüllhilfe 2.2 "Q903235" = Internet Explorer Q903235 "QCDrivers" = QuickCam Drivers "RealPlayer 6.0" = RealPlayer Basic "Samsung CLP-300 Series" = Samsung CLP-300 Series "Security Task Manager" = Security Task Manager 1.7h "SiSoftware Sandra Lite 2005.SR3_is1" = SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE) "SopCast" = SopCast 3.2.8 "ST6UNST #1" = ZIP_Code_Business_Patterns "Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b "StreamTorrent 1.0" = StreamTorrent 1.0 "Total Video Converter 3.02_is1" = Total Video Converter 3.02 "TVAnts 1.0" = TVAnts 1.0 "TVUPlayer" = TVUPlayer 2.5.2.2 "TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.38 "Veetle TV" = Veetle TV 0.9.16 "Viewpoint Manager" = Viewpoint Manager (Remove Only) "ViewpointMediaPlayer" = Viewpoint Media Player "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "WIC" = Windows Imaging Component "WildTangent CDA" = WildTangent Web Driver "Windows CE Services" = Microsoft ActiveSync 3.7 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XviD" = XviD MPEG-4 Codec "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update "ZoomPlayer" = Zoom Player (remove only) [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "3DDeinstKey" = ArcView 3D Analyst "ArcView GIS 3.2" = ArcView GIS 3.2a "ArcView Image Analysis" = ArcView Image Analysis "ArcView Network Analyst" = ArcView Network Analyst "ArcView Spatial Analyst" = ArcView Spatial Analyst "Renatager" = Mp3 Renatager [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 30.11.2009 23:34:46 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner Fehler aufgetreten. . Error - 04.12.2009 08:41:22 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner Fehler aufgetreten. . Error - 11.07.2010 03:10:16 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2010 03:10:17 | Computer Name = PAULCHEN | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.07.2010 18:07:15 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:16 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:17 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:17 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:17 | Computer Name = PAULCHEN | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:20 | Computer Name = PAULCHEN | Source = EventSystem | ID = 4609 Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsuppor [ System Events ] Error - 16.07.2010 11:43:17 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 16.07.2010 12:47:58 | Computer Name = PAULCHEN | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 16.07.2010 12:47:58 | Computer Name = PAULCHEN | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 16.07.2010 12:48:26 | Computer Name = PAULCHEN | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 16.07.2010 12:48:27 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 16.07.2010 12:48:27 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: oreans32 Pcmcia ppa3 Sparrow sr Error - 16.07.2010 12:48:27 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 16.07.2010 12:52:19 | Computer Name = PAULCHEN | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 16.07.2010 12:52:19 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 16.07.2010 12:52:19 | Computer Name = PAULCHEN | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 < End of report > [\Code] __________ "The rug really tied the room together." |
|
|
||
16.07.2010, 22:16
Member
Themenstarter Beiträge: 12 |
#6
Und hier nun der letzte Teil meines Postings:
4. Hijackthis-Logfile [Code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:00:11, on 16.07.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Avira\AntiVir Desktop\sched.exe D:\a-squared Free\a2service.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe D:\Avira\AntiVir Desktop\avguard.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Diskeeper Professional Premier\DkService.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\NDAS\System\ndassvc.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\PDFCreatorMessages.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SCARDS32.EXE C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\sstray.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Jaws PDF Creator\PDFClient.exe C:\Programme\Yahoo!\Search Protection\SearchProtection.exe D:\Avira\AntiVir Desktop\avgnt.exe D:\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\NDAS\System\ndasmgmt.exe C:\WINDOWS\system32\wscntfy.exe G:\HiJackThis\HJT.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PDFCreatorClient] D:\Jaws PDF Creator\PDFClient.exe O4 - HKLM\..\Run: [hcwPVRReset] D:\WinTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [YSearchProtection] "C:\Programme\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NDAS Device Management.lnk = C:\Programme\NDAS\System\ndasmgmt.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Messenger-Software\AIM95\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: IEPrint - http://www.visiontech.ltd.uk/software/download/IEPrint.CAB O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.de/common/asusTek_sys_ctrl.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188006228312 O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279199238515 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://204.49.60.246/activex/AxisCamControl.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2CAE1438-109A-4E23-B938-6CEABEC7ABDC}: NameServer = 192.168.2.1 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Diskeeper Professional Premier\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Programme\NDAS\System\ndassvc.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12039 bytes [\Code] 5. Hijackthis-Uninstall-Liste [Code] Acronis True Image Add/Remove Pro Adobe Acrobat 5.0 Adobe Download Manager 2.0 (Nur entfernen) Adobe Flash Player 10 ActiveX Adobe Reader 7.0.8 - Deutsch AOL Instant Messenger Apple Application Support Apple Software Update ArcView Districting Extension ArcView Internet Map Server ASAPI Update a-squared Free 2.1 ASUSTek ASUSDVD ATI - Dienstprogramm zur Deinstallation der Software ATI Control Panel ATI Display Driver ATI RADEON 9700 Bear Demo v1.1 ATI RADEON 9700 Car Paint Demo v1.1 ATI RADEON 9700 Debevec RNL Demo v1.1 ATI RADEON 9700 NPR Hatching Demo v1.1 ATI RADEON 9700 Pipe Dream Demo v1.1 Avanquest update Avira AntiVir Personal - Free Antivirus Canon CanoScan Toolbox 4.6 CDex extraction audio CDXtract v4.1.5 CHIPDRIVE - Gerätetreiber V2.14.38 Compatibility Pack für 2007 Office System Cuttermaran 1.65 DCS - DVD Copy Suite DH Driver Cleaner Professional Edition Digital Video Repair 2.1 Diskeeper Professional Premier Edition DivX Codec DivX Player DVD Decrypter (Remove Only) DVD-Patcher 1.06 FLAC 1.2.1b (remove only) FW LiveUpdate Hauppauge German Help Files and Resources Hauppauge VCD Convert/Burn Utility Hauppauge WinTV Infrared Remote Hauppauge WinTV NT4/Win2000 Drivers Hauppauge WinTV PVR (Model 45xxx) Hauppauge WinTV Radio Hauppauge WinTV2000 HDD Health v2.1 Beta HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix für Windows XP (KB904412) Hotfix für Windows XP (KB914440) Huffyuv AVI lossless video codec (Remove Only) Indeo® software Internet Explorer Q903235 InterVideo FilterSDK J2SE Runtime Environment 5.0 Update 5 Logitech Harmony Remote Software 7 Malwarebytes' Anti-Malware Manual CanoScan 4200F MetaBench 0.93 BETA Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 German Language Pack Microsoft .NET Framework 3.0 German Language Pack Microsoft ActiveSync 3.7 Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional mit FrontPage Microsoft Producer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Moorhuhn Total Motorola Driver Installation 3.7.0 Motorola Handset USB Driver Motorola Phone Tools Motorola PST Motorola Software Update Mozilla Firefox (3.6.3) Mp3tag v2.44 MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) nanoPEG-Editor 2.2 Hauppauge Edition NDAS Software 3.11.1328 NVIDIA nForce Drivers OmniPage SE 2.0 OnlineControl 1.1 Parrot Software Update Tool PC-Linq Pinnacle InstantCD/DVD Suite Pinnacle InstantCD/DVD Suite Update Pinnacle TRex Postpaket Ausfüllhilfe 2.2 PowerQuest PartitionMagic 8.0 QuickCam Drivers QuickTime RealPlayer Basic Remote Control USB Driver Samsung CLP-300 Series Security Task Manager 1.7h Security Update für Microsoft .NET Framework 2.0 (KB928365) Sicherheitsupdate für Windows Internet Explorer 7 (KB937143) Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) Sicherheitsupdate für Windows Media Player (KB911564) Sicherheitsupdate für Windows Media Player 6.4 (KB925398) Sicherheitsupdate für Windows Media Player 9 (KB911565) Sicherheitsupdate für Windows Media Player 9 (KB917734) Sicherheitsupdate für Windows Media Player 9 (KB936782) Sicherheitsupdate für Windows XP (KB890046) Sicherheitsupdate für Windows XP (KB893066) Sicherheitsupdate für Windows XP (KB893756) Sicherheitsupdate für Windows XP (KB896358) Sicherheitsupdate für Windows XP (KB896422) Sicherheitsupdate für Windows XP (KB896423) Sicherheitsupdate für Windows XP (KB896424) Sicherheitsupdate für Windows XP (KB896428) Sicherheitsupdate für Windows XP (KB899587) Sicherheitsupdate für Windows XP (KB899591) Sicherheitsupdate für Windows XP (KB900725) Sicherheitsupdate für Windows XP (KB901017) Sicherheitsupdate für Windows XP (KB901214) Sicherheitsupdate für Windows XP (KB902400) Sicherheitsupdate für Windows XP (KB905414) Sicherheitsupdate für Windows XP (KB905749) Sicherheitsupdate für Windows XP (KB908519) Sicherheitsupdate für Windows XP (KB908531) Sicherheitsupdate für Windows XP (KB911562) Sicherheitsupdate für Windows XP (KB911927) Sicherheitsupdate für Windows XP (KB912919) Sicherheitsupdate für Windows XP (KB913446) Sicherheitsupdate für Windows XP (KB913580) Sicherheitsupdate für Windows XP (KB914388) Sicherheitsupdate für Windows XP (KB914389) Sicherheitsupdate für Windows XP (KB917344) Sicherheitsupdate für Windows XP (KB917422) Sicherheitsupdate für Windows XP (KB917953) Sicherheitsupdate für Windows XP (KB918118) Sicherheitsupdate für Windows XP (KB919007) Sicherheitsupdate für Windows XP (KB920213) Sicherheitsupdate für Windows XP (KB920670) Sicherheitsupdate für Windows XP (KB920683) Sicherheitsupdate für Windows XP (KB920685) Sicherheitsupdate für Windows XP (KB921398) Sicherheitsupdate für Windows XP (KB921503) Sicherheitsupdate für Windows XP (KB921883) Sicherheitsupdate für Windows XP (KB922616) Sicherheitsupdate für Windows XP (KB922819) Sicherheitsupdate für Windows XP (KB923191) Sicherheitsupdate für Windows XP (KB923414) Sicherheitsupdate für Windows XP (KB923689) Sicherheitsupdate für Windows XP (KB923980) Sicherheitsupdate für Windows XP (KB924191) Sicherheitsupdate für Windows XP (KB924270) Sicherheitsupdate für Windows XP (KB924496) Sicherheitsupdate für Windows XP (KB924667) Sicherheitsupdate für Windows XP (KB925902) Sicherheitsupdate für Windows XP (KB926255) Sicherheitsupdate für Windows XP (KB926436) Sicherheitsupdate für Windows XP (KB927779) Sicherheitsupdate für Windows XP (KB927802) Sicherheitsupdate für Windows XP (KB928255) Sicherheitsupdate für Windows XP (KB928843) Sicherheitsupdate für Windows XP (KB929123) Sicherheitsupdate für Windows XP (KB930178) Sicherheitsupdate für Windows XP (KB931261) Sicherheitsupdate für Windows XP (KB931784) Sicherheitsupdate für Windows XP (KB932168) Sicherheitsupdate für Windows XP (KB935839) Sicherheitsupdate für Windows XP (KB935840) Sicherheitsupdate für Windows XP (KB936021) Sicherheitsupdate für Windows XP (KB937143) Sicherheitsupdate für Windows XP (KB938127) Sicherheitsupdate für Windows XP (KB938829) SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE) SopCast 3.2.8 Spybot - Search & Destroy TMPGEnc MPEG Editor TVAnts 1.0 TVUPlayer 2.5.2.2 Ulead FilmBrennerei 2 Deluxe Universal SCSI Controller Update für Windows XP (KB898461) Update für Windows XP (KB900485) Update für Windows XP (KB904942) Update für Windows XP (KB910437) Update für Windows XP (KB911280) Update für Windows XP (KB916595) Update für Windows XP (KB920342) Update für Windows XP (KB920872) Update für Windows XP (KB922582) Update für Windows XP (KB925720) Update für Windows XP (KB925876) Update für Windows XP (KB927891) Update für Windows XP (KB930916) Update für Windows XP (KB938828) USB Dual Vibration Joystick - Twin User Profile Hive Cleanup Service Veetle TV 0.9.16 Viewpoint Manager (Remove Only) Viewpoint Media Player VTPlus32 für WinTV (German) Vuze WIDCOMM Bluetooth Software WildTangent Web Driver Windows Communication Foundation Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Internet Explorer 7 Windows Media Encoder 9-Reihe Windows Media Encoder 9-Reihe Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 9-Hotfix [Weitere Informationen finden Sie unter KB885492.] Windows Presentation Foundation Windows Presentation Foundation Language Pack (DEU) Windows Workflow Foundation Windows Workflow Foundation DE Language Pack Windows XP Service Pack 2 Windows XP-Hotfix - KB873333 Windows XP-Hotfix - KB873339 Windows XP-Hotfix - KB885222 Windows XP-Hotfix - KB885250 Windows XP-Hotfix - KB885835 Windows XP-Hotfix - KB885836 Windows XP-Hotfix - KB885884 Windows XP-Hotfix - KB886185 Windows XP-Hotfix - KB887472 Windows XP-Hotfix - KB888113 Windows XP-Hotfix - KB888302 Windows XP-Hotfix - KB890047 Windows XP-Hotfix - KB890175 Windows XP-Hotfix - KB890859 Windows XP-Hotfix - KB891781 Windows XP-Hotfix - KB893086 WingMan Software XML Paper Specification Shared Components Language Pack 1.0 XviD MPEG-4 Codec Yahoo! Messenger Yahoo! Search Protection Yahoo! Software Update Yahoo! Toolbar Zoom Player (remove only) [\Code] So, ich hoffe dass ich nichts vergessen habe. Ich würde mich sehr freuen, wenn sich einer von Euch, trotz des momentan tollen Wetter, meines Problems annehmen würde. So dass ich vielleicht doch noch um das Neuaufsetzten herumkomme. Ich bedanke mich im Voraus und grüsse Euch herzlich. Euer Dude __________ "The rug really tied the room together." |
|
|
||
17.07.2010, 15:54
Member
Beiträge: 420 |
#7
Hallo Dude,
1. Hol Dir bitte RootRepeal http://sites.google.com/site/rootrepeal/ Starte RootRepeal. Beende alle anderen Programme, schalte AV-Wächter ab. Gehe auf Report. Klicke auf Scan. Setze alle Häkchen. Bestätige mit OK. Poste das Log. 2. Erneuter Scan mit OTL Starte bitte OTL, stelle sicher, dass überall "Use Safe List" ausgewählt ist (Services, Drivers, etc.) und rechts bei File Age 30 Days eingestellt ist. Du hast bei dem vorherigem Scan "All" und 360 Tage ausgewählt, das war zwar gut gemeint, erschwert aber die Auswertung. Klicke nun auf Run Scan und poste die OTL.txt und Extras.txt |
|
|
||
18.07.2010, 01:39
Member
Themenstarter Beiträge: 12 |
#8
Hallo gangren,
erstmal vielen Dank, dass Du Dich meines Problems annimmst. Ich hoffe, dass sich alles noch zum Guten wendet. Unten findest Du die gewünschten Logs. Nochmals vielen Dank, Dude 1. Root Repeal Log [Code] ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/07/18 00:57 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: Image Path: Address: 0xF7482000 Size: 95360 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA39FC000 Size: 49152 File Visible: No Signed: - Status: - Name: uphcleanhlp.sys Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Address: 0xA396C000 Size: 8960 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xf7a8ca76 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf7a8ca6c #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xf7a8ca7b #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xf7a8ca85 #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xf7a8ca8a #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf7a8ca58 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf7a8ca5d #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xf7a8ca94 #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xf7a8ca8f #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xf7a8ca80 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xf7a8ca67 #: 263 Function Name: NtUnloadKey Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xa396c6d0 Stealth Objects ------------------- Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a5390d0 Size: 459 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a67db80 Size: 10 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a4d42c8 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_READ] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a66f228 Size: 1218 Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x8a4d5550 Size: 99 Object: Hidden Code [Driver: TwkMs, IRP_MJ_POWER] Process: System Address: 0x00000000 Size: 4096 Object: Hidden Code [Driver: TwkMs, IRP_MJ_PNP] Process: System Address: 0x00000000 Size: 4096 Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CLOSE] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_READ] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_WRITE] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_EA] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_EA] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a543640 Size: 2497 Object: Hidden Code [Driver: VOBID, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CLEANUP] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_POWER] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a552dd8 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_PNP] Process: System Address: 0x8a552dd8 Size: 99 ==EOF== [\Code] 2. OTL Logs OTL [Code] OTL logfile created on: 18.07.2010 01:09:58 - Run 2 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,44% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Paulchen Current User Name: Fritzle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe PRC - [2010.07.13 10:57:25 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- D:\a-squared Free\a2service.exe PRC - [2009.08.14 12:51:34 | 000,185,089 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.23 15:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Programme\Yahoo!\Search Protection\SearchProtection.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2006.06.15 01:07:50 | 000,220,672 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndasmgmt.exe PRC - [2006.06.15 01:07:42 | 000,305,664 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndassvc.exe PRC - [2005.11.23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- D:\Diskeeper Professional Premier\DkService.exe PRC - [2005.10.14 21:00:38 | 000,172,032 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2005.07.22 17:50:16 | 000,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe PRC - [2003.12.09 12:11:08 | 000,315,392 | ---- | M] (Global Graphics Software Ltd.) -- D:\Jaws PDF Creator\PDFClient.exe PRC - [2003.12.09 11:48:40 | 000,139,264 | ---- | M] (Global Graphics Software Ltd) -- C:\WINDOWS\system32\PDFCreatorMessages.exe PRC - [2003.11.12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2003.09.06 22:20:53 | 000,286,720 | ---- | M] (Towitoko AG) -- C:\WINDOWS\SCARDS32.EXE PRC - [2003.06.17 18:18:46 | 000,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\sstray.exe PRC - [2003.05.15 16:41:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\point32.exe PRC - [2003.04.23 03:06:54 | 000,417,871 | ---- | M] (Microsoft Corporation) -- D:\Microsoft ActiveSync\WCESCOMM.EXE PRC - [2001.08.18 05:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe MOD - [2004.08.04 09:54:27 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004.08.04 08:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.07.13 10:57:25 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\a-squared Free\a2service.exe -- (a2free) SRV - [2009.08.14 12:51:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2006.10.19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.06.15 01:07:42 | 000,305,664 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc) SRV - [2005.11.23 08:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- D:\Diskeeper Professional Premier\DkService.exe -- (Diskeeper) SRV - [2005.10.14 21:00:38 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2005.10.09 22:33:00 | 001,079,832 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe -- (SandraTheSrv) SRV - [2005.10.09 22:32:52 | 000,170,536 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe -- (SandraDataSrv) SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.12.09 11:48:40 | 000,139,264 | ---- | M] (Global Graphics Software Ltd) [Auto | Running] -- C:\WINDOWS\system32\PDFCreatorMessages.exe -- (PDFCreatorMessages) SRV - [2003.11.12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003.09.06 22:20:53 | 000,286,720 | ---- | M] (Towitoko AG) [Auto | Running] -- C:\WINDOWS\SCARDS32.EXE -- (TWKSCARDSRV) SRV - [2001.08.18 05:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\SystemRoot\System32\DRIVERS\sr.sys -- (sr) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\oreans32.sys -- (oreans32) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ) DRV - [2009.12.20 19:27:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.01.23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn) DRV - [2006.11.22 23:48:18 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT) DRV - [2006.06.15 01:08:18 | 000,140,416 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lfsfilt.sys -- (lfsfilt) DRV - [2006.06.15 01:07:30 | 000,130,560 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi) DRV - [2006.06.15 01:07:30 | 000,061,952 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus) DRV - [2006.06.15 01:07:30 | 000,044,288 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lpx.sys -- (lpx) DRV - [2006.06.12 19:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006.05.01 21:28:31 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2006.01.20 15:26:14 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter) DRV - [2006.01.20 15:26:14 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2006.01.20 15:26:08 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman) DRV - [2005.12.30 02:41:33 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt) DRV - [2005.07.22 17:35:28 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2005.07.22 17:34:02 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2005.07.22 17:33:58 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP) DRV - [2005.07.22 17:33:00 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2005.07.22 17:31:10 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2005.07.22 17:31:00 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2005.07.22 17:30:34 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005.07.22 17:27:42 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2004.12.18 20:32:32 | 000,038,229 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec) DRV - [2004.10.25 03:00:00 | 000,796,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfhubase.sys -- (bfhubase) Eumex C 200 data (WinXP/2000) DRV - [2004.10.25 03:00:00 | 000,374,144 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\capi_cip.sys -- (CAPI_CIP) DRV - [2004.10.25 03:00:00 | 000,061,056 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtser.sys -- (AVMBTSERIAL) DRV - [2004.10.25 03:00:00 | 000,060,288 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtpar.sys -- (AVMBTPARALLEL) DRV - [2004.10.25 03:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.10.25 03:00:00 | 000,049,664 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmbtsnd.sys -- (AVMBTSND) DRV - [2004.10.25 03:00:00 | 000,031,818 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netbfpan.sys -- (NETBFPAN) DRV - [2004.08.04 08:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2004.08.04 08:03:35 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2004.08.04 08:00:16 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ppa3.sys -- (ppa3) DRV - [2004.06.09 00:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2004.02.20 12:03:18 | 000,187,392 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw) DRV - [2004.02.03 16:04:08 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv) DRV - [2004.01.27 22:56:58 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.12.09 03:00:00 | 000,741,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfubase.sys -- (bfubase) BlueFRITZ! USB (WinXP/2000) DRV - [2003.12.04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K) DRV - [2003.11.17 06:04:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2003.10.15 14:59:54 | 000,055,552 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub) DRV - [2003.10.15 14:59:44 | 000,041,856 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci) DRV - [2003.10.05 11:41:14 | 000,123,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sojubus.sys -- (sojubus) DRV - [2003.09.28 11:57:52 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sojuscsi.sys -- (sojuscsi) DRV - [2003.08.01 15:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vobid.sys -- (VOBID) DRV - [2003.06.17 17:24:00 | 000,286,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM) DRV - [2003.06.17 17:24:00 | 000,030,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM) DRV - [2003.04.08 14:14:50 | 000,038,656 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k) DRV - [2003.03.19 15:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2003.03.09 19:42:18 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscbs108.sys -- (uscbs108) DRV - [2003.03.09 19:41:38 | 000,102,336 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uscsc108.sys -- (uscsc108) DRV - [2002.11.28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2002.11.27 21:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET) DRV - [2002.11.27 02:00:00 | 000,503,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) BlueFRITZ! AP-X (WinXP/2000) DRV - [2002.11.27 02:00:00 | 000,038,608 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2002.09.16 18:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32) DRV - [2002.06.20 18:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2002.06.20 18:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2002.06.20 18:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2002.06.20 18:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2002.06.17 03:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TWKPCSC.SYS -- (TwkPCSC) DRV - [2002.06.17 03:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TWKMS.SYS -- (TwkMs) DRV - [2002.06.17 02:14:00 | 000,005,550 | ---- | M] (Towitoko AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TWKPNP.SYS -- (TWKPNP) DRV - [2002.05.13 20:07:06 | 000,423,712 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) TV-Station (SAA7134Capture with MK3-Tuner) DRV - [2002.05.13 19:16:44 | 000,019,520 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune) DRV - [2002.04.17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) DRV - [2002.01.07 16:28:54 | 000,023,552 | ---- | M] (Hauppauge Computer Works) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\bt878.sys -- (BT878) DRV - [2001.10.04 12:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom) DRV - [2001.09.14 09:19:58 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb) DRV - [2001.08.18 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001.08.18 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001.08.17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.17 14:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom) DRV - [2001.08.17 14:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice) DRV - [2001.08.17 14:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem) DRV - [2001.08.17 14:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp) DRV - [2001.03.09 15:53:06 | 000,138,932 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCW848NT.sys -- (HCW848NT) DRV - [2001.01.08 10:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/ IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-583907252-492894223-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "engine://D%3A%5CMozilla%5Csearchplugins%5Cgoogle.src" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Torrent-Search Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://www.google.de" FF - prefs.js..browser.startup.homepage: "http://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..keyword.URL: "Google" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firefox\components [2010.06.26 19:36:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.06.26 19:36:08 | 000,000,000 | ---D | M] [2008.06.27 20:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Extensions [2010.07.15 15:20:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions [2010.04.21 19:42:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010.03.14 23:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\firefox@tvunetworks.com [2008.10.18 15:28:48 | 000,000,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\searchplugins\conduit.xml O1 HOSTS File: ([2006.02.11 05:36:59 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-583907252-492894223-725345543-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [hcwPVRReset] D:\WinTV\hcwP1Utl.exe () O4 - HKLM..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PDFCreatorClient] D:\Jaws PDF Creator\PDFClient.exe (Global Graphics Software Ltd.) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe () O4 - HKLM..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKU\S-1-5-21-583907252-492894223-725345543-1004..\Run: [H/PC Connection Agent] D:\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-583907252-492894223-725345543-1004..\Run: [Search Protection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Device Management.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll () O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Messenger-Software\AIM95\aim.exe (America Online, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\MESSEN~1\YAHOO-~1\YPager.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernetwork.com/surferplugin.ocx (SurferNETWORK Plugin) O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} http://www.cdpass.com/cdkey/CDPass.cab (CDPass Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188006228312 (WUWebControl Class) O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279199238515 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://204.49.60.246/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.1427893518 (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class) O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: IEPrint http://www.visiontech.ltd.uk/software/download/IEPrint.CAB (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - D:\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2003.01.16 06:38:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.11.19 00:58:16 | 000,169,504 | ---- | M] () - E:\Auto Kaufberatung.mht -- [ NTFS ] O32 - AutoRun File - [2007.11.19 00:59:29 | 000,276,766 | ---- | M] () - E:\Auto-Kauf -- Rabatt für Bar-Zahler spart oft mehr als günstiges Finanzierungsangebot.mht -- [ NTFS ] O32 - AutoRun File - [2009.10.16 13:50:05 | 000,852,681 | ---- | M] () - E:\Autobatterie aufladen-wechselnbei heimwerker_de.mht -- [ NTFS ] O32 - AutoRun File - [2007.09.10 00:55:02 | 000,006,346 | ---- | M] () - E:\automatische Seitenweiterleitung.mht -- [ NTFS ] O32 - AutoRun File - [2007.11.12 04:59:26 | 000,513,453 | ---- | M] () - E:\Autotteilestore.com -- Auspuffanlage komplett.mht -- [ NTFS ] O32 - AutoRun File - [2008.06.23 16:43:43 | 000,365,621 | ---- | M] () - E:\Autozine - Autotest Chevrolet Captiva.mht -- [ NTFS ] O32 - AutoRun File - [2009.12.14 18:26:08 | 000,033,488 | ---- | M] () - F:\Autoversicherung_Bus.pdf -- [ NTFS ] O32 - AutoRun File - [2009.12.14 17:39:03 | 000,035,391 | ---- | M] () - F:\Autoversicherung_Golf.pdf -- [ NTFS ] O32 - AutoRun File - [2009.12.15 04:35:34 | 000,033,990 | ---- | M] () - F:\Autoversicherung_Golf_Version2.pdf -- [ NTFS ] O32 - AutoRun File - [2008.09.16 00:17:56 | 000,372,517 | ---- | M] () - G:\Autovermietung#Hertz_Amerika#buchen.pdf -- [ NTFS ] O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell - "" = AutoRun O33 - MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell - "" = AutoRun O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\Shell\AutoRun\command - "" = M:\DPFMate.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.07.18 00:56:46 | 000,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\RootRepeal.exe [2010.07.16 22:17:24 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fritzle\Recent [2010.07.16 20:47:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe [2010.07.16 18:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Malwarebytes [2010.07.16 18:36:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.16 18:36:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.16 18:36:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.16 18:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Desktop\ProcessExplorer [2010.07.15 19:15:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.07.15 14:03:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.07.14 23:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.07.14 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.07.14 16:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\vuemvtbgn [2010.07.13 16:28:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AdobeUM [2010.07.13 16:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.07.13 16:25:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.13 16:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.07.13 15:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Eigene Dateien\a-squared Free [2010.07.12 22:48:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server [2003.10.05 11:41:14 | 000,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys [2003.09.28 11:57:52 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys [2003.03.09 19:42:44 | 000,047,104 | ---- | C] ( ) -- C:\WINDOWS\uscscsi.dll [2003.03.09 19:42:18 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscbs108.sys [2003.03.09 19:41:38 | 000,102,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\uscsc108.sys [2003.02.12 08:37:16 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.07.18 00:57:18 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\settings.dat [2010.07.18 00:54:31 | 000,000,378 | ---- | M] () -- C:\WINDOWS\SCARDSRV.INI [2010.07.18 00:54:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.18 00:54:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.18 00:54:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.18 00:54:01 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys [2010.07.16 22:17:28 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat [2010.07.16 22:17:28 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.ini [2010.07.16 21:02:59 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\.exe [2010.07.16 20:47:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fritzle\Desktop\OTL.exe [2010.07.16 19:33:31 | 000,147,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe [2010.07.16 18:36:20 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.16 17:37:22 | 000,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe [2010.07.15 18:59:40 | 000,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe [2010.07.15 16:18:35 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job [2010.07.15 14:03:26 | 000,000,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk [2010.07.15 13:27:55 | 000,011,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.15 04:43:36 | 000,001,593 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.15 04:43:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.15 04:43:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.07.15 02:38:54 | 000,018,254 | ---- | M] () -- C:\WINDOWS\System32\ssnvfx.ini [2010.07.15 02:25:50 | 000,000,032 | ---- | M] () -- C:\WINDOWS\HCWBTDLG.INI [2010.07.15 02:25:30 | 000,001,249 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI [2010.07.14 16:51:26 | 000,000,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav [2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job [2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job [2010.06.24 07:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.07.18 00:57:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\settings.dat [2010.07.16 19:40:51 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\walter.com [2010.07.16 19:33:31 | 000,147,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\catchme.exe [2010.07.16 18:36:20 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.16 17:37:22 | 000,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\mbr.exe [2010.07.15 19:09:28 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\.exe [2010.07.15 19:02:59 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\avenger.exe [2010.07.15 16:18:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.07.15 16:18:06 | 000,003,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\iisagx.dll [2010.07.15 14:03:26 | 000,000,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\Desktop\Spybot - Search & Destroy.lnk [2010.07.15 02:21:16 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys [2010.07.14 16:51:26 | 000,000,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav [2010.06.24 01:30:52 | 013,893,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Fritzle\ntuser.dat [2010.01.29 08:14:57 | 002,065,696 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc.dll [2010.01.29 08:14:57 | 002,060,288 | ---- | C] () -- C:\WINDOWS\System32\usbaaplrc(2).dll [2010.01.29 08:14:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbaapl.sys [2009.09.14 22:18:51 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2009.09.14 22:18:44 | 000,020,179 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009.09.14 22:18:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007.11.08 13:23:10 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2006.12.31 12:12:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2006.06.04 20:32:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI [2006.02.24 13:18:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2005.10.31 18:44:31 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2005.10.27 14:43:21 | 000,000,963 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini [2005.07.22 17:38:48 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.01.18 11:55:24 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini [2005.01.15 17:12:45 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini [2005.01.13 16:40:47 | 000,001,779 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2005.01.13 16:22:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HCWBTDLG.INI [2005.01.13 16:18:15 | 000,020,425 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2005.01.13 16:14:49 | 000,001,249 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2005.01.12 13:55:55 | 000,000,428 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2005.01.12 13:53:22 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL [2004.12.14 13:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.12.14 13:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004.11.25 19:07:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.10.15 12:30:57 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\niknakXML.dll [2004.10.15 12:30:57 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll [2004.10.15 12:30:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EventConsumer.dll [2004.10.15 12:30:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PDFMacroUtils.dll [2004.05.21 07:25:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\b2020.ini [2004.05.14 12:53:48 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2004.04.30 04:16:21 | 000,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll [2004.01.27 22:55:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004.01.25 03:31:04 | 000,018,254 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini [2003.11.17 16:00:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\KTEL.INI [2003.11.11 01:06:20 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll [2003.11.11 01:06:20 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll [2003.11.11 01:06:20 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll [2003.11.11 01:06:20 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll [2003.11.11 01:06:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll [2003.10.10 21:38:52 | 000,000,117 | ---- | C] () -- C:\WINDOWS\Prof.ini [2003.10.01 03:29:11 | 000,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini [2003.07.24 01:57:10 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll [2003.06.13 02:29:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2003.04.08 18:33:10 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2003.04.07 12:07:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2003.02.24 14:01:16 | 000,000,541 | ---- | C] () -- C:\WINDOWS\apdfpr.ini [2003.02.19 21:05:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini [2003.02.19 20:58:38 | 000,000,387 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2003.02.18 13:27:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini [2003.02.18 13:27:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MDI.INI [2003.02.12 08:37:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2003.01.29 09:17:34 | 000,000,378 | ---- | C] () -- C:\WINDOWS\SCARDSRV.INI [2003.01.29 09:17:32 | 000,000,396 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI [2003.01.28 21:50:52 | 000,001,052 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2003.01.27 16:52:55 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI [2003.01.19 13:19:29 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003.01.18 00:11:11 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys [2003.01.18 00:11:11 | 000,003,953 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll [2003.01.17 16:38:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2002.05.16 00:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2002.03.25 21:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001.11.23 19:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(3).DLL [2001.01.30 23:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20DEU(2).DLL [2001.01.22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL [1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(3).DLL [1999.10.17 20:01:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL [1998.12.14 19:00:00 | 000,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini [1996.06.07 21:07:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [1996.06.07 21:07:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [1996.06.07 21:07:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [1996.06.07 21:07:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [1996.06.07 21:07:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [1996.06.07 21:07:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [1996.06.07 21:07:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [1996.06.07 21:07:08 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [1996.06.07 21:07:08 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [1996.06.07 21:07:08 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [1996.06.07 21:07:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [1996.06.07 21:07:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [1996.06.07 21:07:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [color=#E56717]========== LOP Check ==========[/color] [2006.02.02 16:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2005.12.30 02:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest Software [2010.04.21 19:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2008.02.05 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2005.12.30 02:25:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2008.11.10 03:06:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes [2005.09.02 13:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2005.01.12 14:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010.07.15 03:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2005.01.12 14:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2005.01.12 14:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard [2005.01.15 19:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2005.04.13 01:31:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.01.29 06:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.01.29 09:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2005.02.27 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Aim [2010.07.11 19:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Azureus [2010.07.11 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Canon [2003.04.16 13:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\EverAd [2003.01.21 14:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\FileMaker [2003.01.17 14:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterTrust [2003.01.23 12:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\InterVideo [2006.01.17 16:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Leadertech [2009.03.21 02:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Mp3tag [2009.08.10 15:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\MPEG Streamclip [2005.03.27 14:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Pegasys Inc [2005.01.12 13:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\ScanSoft [2009.01.06 18:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\SharePod [2006.05.08 16:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Steinberg [2009.09.12 23:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Thinstall [2005.01.15 15:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Ulead Systems [2007.04.01 17:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\Viewpoint [2005.04.14 18:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WeatherBug [2010.01.29 07:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\WindSolutions [2010.07.15 16:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job [2010.07.13 09:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job [2010.06.25 16:00:02 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job [color=#E56717]========== Purity Check ==========[/color] < End of report > [\Code] Extras [Code] OTL Extras logfile created on: 18.07.2010 01:09:58 - Run 2 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und Einstellungen\Fritzle\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 21,50 Gb Total Space | 11,65 Gb Free Space | 54,18% Space Free | Partition Type: NTFS Drive D: | 27,32 Gb Total Space | 23,70 Gb Free Space | 86,74% Space Free | Partition Type: NTFS Drive E: | 24,42 Gb Total Space | 13,64 Gb Free Space | 55,86% Space Free | Partition Type: NTFS Drive F: | 24,42 Gb Total Space | 0,35 Gb Free Space | 1,44% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 4,33 Gb Free Space | 8,42% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Paulchen Current User Name: Fritzle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "6969:TCP" = 6969:TCP:*:Enabled:Azureus "52525:TCP" = 52525:TCP:*:Enabled:Azureus "6969:UDP" = 6969:UDP:*:Enabled:Azureus "52525:UDP" = 52525:UDP:*:Enabled:Azureus "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "135:TCP" = 135:TCP:*:Enabled:TCP Port 135 "5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000 "5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001 "5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002 "5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003 "5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004 "5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005 "5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006 "5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007 "5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008 "5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009 "5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010 "5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011 "5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012 "5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013 "5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014 "5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015 "5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016 "5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017 "5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018 "5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019 "5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Microsoft ActiveSync\WCESCOMM.EXE" = D:\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation) "D:\Azureus\Azureus.exe" = D:\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.) "D:\Messenger-Software\AIM95\aim.exe" = D:\Messenger-Software\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "D:\Messenger-Software\Yahoo-Messenger\YPager.exe" = D:\Messenger-Software\Yahoo-Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "D:\Microsoft ActiveSync\WCESMGR.EXE" = D:\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "D:\RealPlayer\realplay.exe" = D:\RealPlayer\realplay.exe:*isabled:RealPlayer -- (RealNetworks, Inc.) "D:\WS_FTP\WS_FTP95.exe" = D:\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) "C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe" = D:\Messenger-Software\Yahoo-Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "D:\SopCast\SopCast.exe" = D:\SopCast\SopCast.exe:*isabled:SopCast Main Application -- (www.sopcast.com) "D:\SopCast\adv\SopAdver.exe" = D:\SopCast\adv\SopAdver.exe:*isabled:SopCast Adver -- (www.sopcast.com) "D:\TVAnts\Tvants.exe" = D:\TVAnts\Tvants.exe:*isabled:TVAnts -- (Zhejiang University) "D:\TVUPlayer\TVUPlayer.exe" = D:\TVUPlayer\TVUPlayer.exe:*isabled:TVUPlayer Component -- (TVU networks) "C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe" = C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe:*:Enabled:Win32load -- File not found [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04277B8F-9663-43DA-BA52-69A11AE28440}" = StarMoney "{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7 "{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = USB Dual Vibration Joystick - Twin "{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead FilmBrennerei 2 Deluxe "{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition "{253A8DF7-72F1-4643-A7DB-830F42F4D471}_is1" = MetaBench 0.93 BETA "{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}" = Moorhuhn Total "{27DCB0FF-E8D8-44DE-9725-A7C96CC3FEB6}" = DCS - DVD Copy Suite "{29622F4A-245C-4126-8764-897E21E888D1}" = Google Earth Pro "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35A501AD-C538-4286-9A45-AAF5514A482D}" = Universal SCSI Controller "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{53480350-2D1F-461C-9214-3AEC993DD4A1}" = O&O UnErase "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A73544A-0FD4-4529-9420-CB1D6322BB50}" = FW LiveUpdate "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{6FDCF790-49AF-4E3B-8EB2-C07E2DBA55EA}" = StarMoney 5.0 S-Edition "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0 "{7BC42D2B-A730-43B4-8057-9B9946DF1031}" = Microsoft Producer "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9313E9A6-03DF-11D5-88F8-005004361016}" = Pinnacle TRex "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0F13B93-1892-4C55-B709-995BBB730F33}" = ATI RADEON 9700 NPR Hatching Demo v1.1 "{A12A36EC-ACB7-11D9-8E75-000D614181EB}" = NDAS Software 3.11.1328 "{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK "{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator "{A45302B5-1842-4B7A-92FC-53F618882BF1}" = Cuttermaran 1.65 "{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch "{AD6B62AC-18A2-4632-86D0-7962E2ECB9D5}" = Pinnacle InstantCD/DVD Suite "{ADAF6BDD-EC42-4239-B191-FDE6FFD6E1D6}" = ATI RADEON 9700 Car Paint Demo v1.1 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B747E7F6-7A2B-4E57-B6A5-AFF21325EE2D}" = ATI RADEON 9700 Bear Demo v1.1 "{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0 "{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C1939820-A945-11D4-86F6-0001031E5712}" = ASUSTek ASUSDVD "{C6ADEAB6-AEF6-49D5-816E-102DA2620646}" = "{CA83357B-931E-44DC-AD43-9996FEEB8116}" = AcronisTrueImage "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC379A36-DB26-4A29-877B-B6CE813FDDD5}" = ATI RADEON 9700 Debevec RNL Demo v1.1 "{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0 "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E24D73DA-FC53-47CC-9112-CA98986B88AA}" = Pinnacle InstantCD/DVD Suite Update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E6B9D9AC-E9DA-4EB9-85BC-34457A28B63F}" = Cloudmark SpamNet 1.0 Beta 10f "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120% (Trial Version) "{EF1DD862-1F5C-4BC8-B3B6-BBB5AD3B460E}" = Motorola Handset USB Driver "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools "{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1 "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "8461-7759-5462-8226" = Vuze "Add/Remove Pro" = Add/Remove Pro "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen) "Advanced PDF Password Recovery" = Advanced PDF Password Recovery "Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "AnyDVD" = AnyDVD "AOL Instant Messenger" = AOL Instant Messenger "ArcView Districting Extension" = ArcView Districting Extension "ASAPI Update" = ASAPI Update "a-squared Free_is1" = a-squared Free 2.1 "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "Biet-O-Matic v2.0.13" = Biet-O-Matic v2.0.13 "CDex" = CDex extraction audio "CDXtract v4.1.5" = CDXtract v4.1.5 "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "CombiMovie (Freeware)_is1" = CombiMovie Version 1.31 "Digital Video Repair" = Digital Video Repair 2.1 "DivX Codec" = DivX Codec "DivX Player" = DivX Player "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD-lab PRO_is1" = DVD-lab PRO 1.00 "DVD-Patcher 1.06" = DVD-Patcher 1.06 "EarMaster Pro 4_is1" = EarMaster Pro 4 "FLAC" = FLAC 1.2.1b (remove only) "Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources "Hauppauge VCD Convert/Burn Utility" = Hauppauge VCD Convert/Burn Utility "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV NT4/Win2000 Drivers" = Hauppauge WinTV NT4/Win2000 Drivers "Hauppauge WinTV PVR (Model 45xxx)" = Hauppauge WinTV PVR (Model 45xxx) "Hauppauge WinTV Radio" = Hauppauge WinTV Radio "Hauppauge WinTV2000" = Hauppauge WinTV2000 "HDD Health_is1" = HDD Health v2.1 Beta "HijackThis" = HijackThis 2.0.2 "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Indeo® software" = Indeo® software "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InternetDeinstKey" = ArcView Internet Map Server "IsoBuster_is1" = IsoBuster 1.9.1 "Magic ISO Maker v5.1 (build 0185)" = Magic ISO Maker v5.1 (build 0185) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mp3tag" = Mp3tag v2.44 "MVApplication1" = SureThing CD Labeler Deluxe 4 "nanoPEG-Editor 2.2 Hauppauge Edition_is1" = nanoPEG-Editor 2.2 Hauppauge Edition "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA nForce Drivers" = NVIDIA nForce Drivers "OnlineControl_is1" = OnlineControl 1.1 "Parrot Flash Update Wizard" = Parrot Software Update Tool "Postpaket Ausfüllhilfe 2.2" = Postpaket Ausfüllhilfe 2.2 "Q903235" = Internet Explorer Q903235 "QCDrivers" = QuickCam Drivers "RealPlayer 6.0" = RealPlayer Basic "Samsung CLP-300 Series" = Samsung CLP-300 Series "Security Task Manager" = Security Task Manager 1.7h "SiSoftware Sandra Lite 2005.SR3_is1" = SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE) "SopCast" = SopCast 3.2.8 "ST6UNST #1" = ZIP_Code_Business_Patterns "Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b "StreamTorrent 1.0" = StreamTorrent 1.0 "Total Video Converter 3.02_is1" = Total Video Converter 3.02 "TVAnts 1.0" = TVAnts 1.0 "TVUPlayer" = TVUPlayer 2.5.2.2 "TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.38 "Veetle TV" = Veetle TV 0.9.16 "Viewpoint Manager" = Viewpoint Manager (Remove Only) "ViewpointMediaPlayer" = Viewpoint Media Player "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "WIC" = Windows Imaging Component "WildTangent CDA" = WildTangent Web Driver "Windows CE Services" = Microsoft ActiveSync 3.7 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XviD" = XviD MPEG-4 Codec "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update "ZoomPlayer" = Zoom Player (remove only) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "3DDeinstKey" = ArcView 3D Analyst "ArcView GIS 3.2" = ArcView GIS 3.2a "ArcView Image Analysis" = ArcView Image Analysis "ArcView Network Analyst" = ArcView Network Analyst "ArcView Spatial Analyst" = ArcView Spatial Analyst "Renatager" = Mp3 Renatager [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 30.11.2009 23:34:46 | Computer Name = Paulchen | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner Fehler aufgetreten. . Error - 04.12.2009 08:41:22 | Computer Name = Paulchen | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Bei der Zertifikatsverkettung ist ein interner Fehler aufgetreten. . Error - 11.07.2010 03:10:16 | Computer Name = Paulchen | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2010 03:10:17 | Computer Name = Paulchen | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.07.2010 18:07:15 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:16 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:17 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:17 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:17 | Computer Name = Paulchen | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 14.07.2010 18:07:20 | Computer Name = Paulchen | Source = EventSystem | ID = 4609 Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsuppor [ System Events ] Error - 16.07.2010 12:52:19 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 17.07.2010 18:54:29 | Computer Name = Paulchen | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 17.07.2010 18:54:29 | Computer Name = Paulchen | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: oreans32 sr Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 17.07.2010 18:54:44 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 17.07.2010 18:55:15 | Computer Name = Paulchen | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 17.07.2010 18:55:15 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Filtertreiber für Systemwiederherstellung" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 17.07.2010 18:55:15 | Computer Name = Paulchen | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 < End of report > [\Code] __________ "The rug really tied the room together." |
|
|
||
18.07.2010, 17:23
Member
Beiträge: 420 |
#9
Mhm,
1. Starte bitte OTL, kopiere unten in das Script-Feld rein: Zitat :OTLund klicke auf Run Fix. Ein Neustart wird unter Umständen benötigt. Bitte das Fix Log posten. 2. Hol Dir bitte den TDSSKiller http://support.kaspersky.com/de/downloads/utils/tdsskiller.zip Extrahiere die Zip-Datei auf den Desktop (die tdsskiller.exe soll direkt auf dem Desktop liegen, nicht in einem Ordner). Starte tdsskiller.exe Wenn der Scan fertig ist, drücke eine beliebige Taste um fortzufahren. Das Log ist unter c:\TDSSKiller....._log.txt zu finden. Poste bitte dieses Log. 3. Arbeite bitte diese Anleitung ab: http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird Anschließend bitte das Log posten. |
|
|
||
19.07.2010, 01:11
Member
Themenstarter Beiträge: 12 |
#10
Hallo gangren,
hier nun die Logs. 1. OTL (nach Fix mit dem von Dir genannten Skript) [code]All processes killed ========== OTL ========== Service HidServ stopped successfully! Service HidServ deleted successfully! File C:\WINDOWS\System32\hidserv.dll not found. Service AppMgmt stopped successfully! Service AppMgmt deleted successfully! File C:\WINDOWS\System32\appmgmts.dll not found. Service oreans32 stopped successfully! Service oreans32 deleted successfully! File C:\WINDOWS\System32\drivers\oreans32.sys not found. Registry value HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found. File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found. Starting removal of ActiveX control DirectAnimation Java Classes Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found. Starting removal of ActiveX control IEPrint Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEPrint\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IEPrint\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\IEPrint\ not found. File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05ba57d0-d052-11de-a8bf-00e018c0db92}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e00634-ddbd-11de-a8cd-00e018c0db92}\ not found. File M:\DPFMate.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\Dokumente und Einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\vuemvtbgn folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5000:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5001:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5002:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5003:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5004:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5005:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5006:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5007:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5008:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5009:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5010:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5011:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5012:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5013:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5014:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5015:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5016:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5017:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5018:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5019:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5020:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Dokumente und Einstellungen\Fritzle\Anwendungsdaten\3c1ea.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 7058 bytes ->Flash cache emptied: 348 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes User: IBM Customer ->Temp folder emptied: 3156 bytes User: LocalService ->Temp folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Flash cache emptied: 2167 bytes User: Susanne ->Temp folder emptied: 69519 bytes ->Flash cache emptied: 499 bytes User: Fritzle ->Temp folder emptied: 9056 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 34105568 bytes ->Flash cache emptied: 8855 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 609187 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 33,00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User User: Gast User: IBM Customer User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes User: Susanne ->Flash cache emptied: 0 bytes User: Fritzle ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07182010_232943 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [\code] 2. TDSSKiller [code]23:36:32:156 4040 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 23:36:32:156 4040 ================================================================================ 23:36:32:156 4040 SystemInfo: 23:36:32:156 4040 OS Version: 5.1.2600 ServicePack: 2.0 23:36:32:156 4040 Product type: Workstation 23:36:32:156 4040 ComputerName: Paulchen 23:36:32:156 4040 UserName: Fritzle 23:36:32:156 4040 Windows directory: C:\WINDOWS 23:36:32:156 4040 System windows directory: C:\WINDOWS 23:36:32:156 4040 Processor architecture: Intel x86 23:36:32:156 4040 Number of processors: 1 23:36:32:156 4040 Page size: 0x1000 23:36:32:156 4040 Boot type: Normal boot 23:36:32:156 4040 ================================================================================ 23:36:33:859 4040 Initialize success 23:36:33:859 4040 23:36:33:859 4040 Scanning Services ... 23:36:34:171 4040 Raw services enum returned 408 services 23:36:34:187 4040 23:36:34:187 4040 Scanning Drivers ... 23:36:34:734 4040 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:36:34:781 4040 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 23:36:34:828 4040 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 23:36:34:859 4040 AFD (d2855e5fdb877adca2db689c1a054dba) C:\WINDOWS\System32\drivers\afd.sys 23:36:34:859 4040 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: d2855e5fdb877adca2db689c1a054dba, Fake md5: 5ac495f4cb807b2b98ad2ad591e6d92e 23:36:34:859 4040 File "C:\WINDOWS\System32\drivers\afd.sys" infected by TDSS rootkit ... 23:36:36:109 4040 Backup copy found, using it.. 23:36:36:140 4040 will be cured on next reboot 23:36:36:296 4040 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 23:36:36:343 4040 AmdK7 (fbf9ffb0b638df1448821bd0aceeb780) C:\WINDOWS\system32\DRIVERS\amdk7.sys 23:36:36:375 4040 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys 23:36:36:406 4040 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 23:36:36:437 4040 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys 23:36:36:453 4040 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys 23:36:36:515 4040 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 23:36:36:546 4040 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys 23:36:36:578 4040 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:36:36:593 4040 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 23:36:36:656 4040 ati2mtag (8303b347a02ed4bbf94e5682a6d22619) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 23:36:36:687 4040 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:36:36:718 4040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 23:36:36:750 4040 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira\AntiVir Desktop\avgio.sys 23:36:36:781 4040 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 23:36:36:812 4040 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 23:36:36:906 4040 AVMBTPARALLEL (6867c7b9d7beca1859c15f6730fd067a) C:\WINDOWS\system32\DRIVERS\avmbtpar.sys 23:36:37:234 4040 AVMBTSERIAL (4bb8956474c4770083f4f50a51f26bcf) C:\WINDOWS\system32\DRIVERS\avmbtser.sys 23:36:37:281 4040 AVMBTSND (e22454df488d6d38d2a9cc4926f331bb) C:\WINDOWS\system32\drivers\avmbtsnd.sys 23:36:37:328 4040 AVMCOWAN (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\avmcowan.sys 23:36:37:359 4040 AVMWAN (398eb38f388ce7aeee34132aefb590ef) C:\WINDOWS\system32\DRIVERS\avmwan.sys 23:36:37:375 4040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 23:36:37:421 4040 bfhubase (68be923a2f6b6a52f16a0d564b7fc318) C:\WINDOWS\system32\DRIVERS\bfhubase.sys 23:36:37:484 4040 bfubase (45f341d5fd3afc002650c28ad447530d) C:\WINDOWS\system32\DRIVERS\bfubase.sys 23:36:37:531 4040 BT878 (72c98b32df52a641338a1599f6fc7ca8) C:\WINDOWS\system32\DRIVERS\BT878.sys 23:36:37:562 4040 btaudio (711442f5953966b14299b4b0404ec073) C:\WINDOWS\system32\drivers\btaudio.sys 23:36:37:593 4040 BTDriver (409f48dc4d505559043acbbf6095768a) C:\WINDOWS\system32\DRIVERS\btport.sys 23:36:37:687 4040 BTKRNL (03664bb96504c81b02f58c0eade8a464) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 23:36:37:718 4040 BTSERIAL (873f58c0fde879b53b468b65e39549c5) C:\WINDOWS\system32\drivers\btserial.sys 23:36:37:750 4040 BTSLBCSP (df810d392af466ff76cb6bf55c6c86af) C:\WINDOWS\system32\drivers\btslbcsp.sys 23:36:37:765 4040 BTWDNDIS (4223556c93871a4cbd68d0585f5e5dc9) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 23:36:37:796 4040 btwmodem (c525d186182b7a4e0f428f98b400e4e7) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 23:36:37:828 4040 BTWUSB (2054534e921359af42875ed825fa075f) C:\WINDOWS\system32\Drivers\btwusb.sys 23:36:37:890 4040 Cap7134 (fc766cfbd052e41ff71921b8fc9ffc30) C:\WINDOWS\system32\DRIVERS\Cap7134.sys 23:36:37:968 4040 CAPI_CIP (600fe1fc7f063398e56fbce22488b108) C:\WINDOWS\system32\DRIVERS\capi_cip.sys 23:36:38:031 4040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 23:36:38:125 4040 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 23:36:38:171 4040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 23:36:38:187 4040 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 23:36:38:234 4040 cdrdrv (6110b5c478a0da030be698edd362658f) C:\WINDOWS\system32\Drivers\Cdrdrv.sys 23:36:38:250 4040 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:36:38:343 4040 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys 23:36:38:375 4040 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 23:36:38:421 4040 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 23:36:38:468 4040 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 23:36:38:500 4040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 23:36:38:531 4040 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 23:36:38:546 4040 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 23:36:38:593 4040 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 23:36:38:609 4040 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 23:36:38:625 4040 ElbyDelay (0b15894b0698abcac9f19d060119d1d0) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 23:36:38:671 4040 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 23:36:38:703 4040 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 23:36:38:718 4040 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 23:36:38:734 4040 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 23:36:38:781 4040 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 23:36:38:796 4040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:36:38:812 4040 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:36:38:890 4040 fxusbase (54c9e5685a08dd6abddb48069640a948) C:\WINDOWS\system32\DRIVERS\fxusbase.sys 23:36:38:937 4040 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:36:38:984 4040 HCW848NT (f22207841d5958d5185392a4fa485885) C:\WINDOWS\system32\DRIVERS\hcw848nt.sys 23:36:39:015 4040 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:36:39:046 4040 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 23:36:39:109 4040 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 23:36:39:125 4040 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 23:36:39:171 4040 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 23:36:39:203 4040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:36:39:218 4040 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:36:39:265 4040 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:36:39:281 4040 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:36:39:312 4040 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 23:36:39:328 4040 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:36:39:359 4040 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:36:39:375 4040 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 23:36:39:406 4040 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 23:36:39:437 4040 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 23:36:39:500 4040 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 23:36:39:546 4040 lfsfilt (8bcee40af7eb561ac3f89aabd346fbd1) C:\WINDOWS\system32\DRIVERS\lfsfilt.sys 23:36:39:562 4040 lpx (de577aa0f1bee59b2970a2dab9aeb236) C:\WINDOWS\system32\DRIVERS\lpx.sys 23:36:39:578 4040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 23:36:39:609 4040 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 23:36:39:625 4040 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:36:39:656 4040 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:36:39:703 4040 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 23:36:39:750 4040 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:36:39:781 4040 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:36:39:828 4040 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 23:36:39:859 4040 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:36:39:906 4040 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:36:39:937 4040 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 23:36:39:984 4040 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:36:40:015 4040 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 23:36:40:031 4040 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 23:36:40:078 4040 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 23:36:40:093 4040 ndasbus (fa353a92a5440a12954c0c474f979335) C:\WINDOWS\system32\DRIVERS\ndasbus.sys 23:36:40:109 4040 ndasscsi (0b9140cd7aaac9fb36c2406d4f99a844) C:\WINDOWS\system32\DRIVERS\ndasscsi.sys 23:36:40:156 4040 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 23:36:40:187 4040 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 23:36:40:234 4040 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:36:40:265 4040 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:36:40:296 4040 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:36:40:343 4040 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 23:36:40:375 4040 NETBFPAN (1f6b0c9c8b89f64eeb37ef8181ae1452) C:\WINDOWS\system32\DRIVERS\netbfpan.sys 23:36:40:390 4040 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 23:36:40:406 4040 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 23:36:40:453 4040 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 23:36:40:484 4040 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 23:36:40:531 4040 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 23:36:40:578 4040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 23:36:40:593 4040 nvax (3de144bf9844a8073098f3c35bcf659a) C:\WINDOWS\system32\drivers\nvax.sys 23:36:40:625 4040 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys 23:36:40:671 4040 nvnforce (cac8337fb6eb6911c47e43526f6a2397) C:\WINDOWS\system32\drivers\nvapu.sys 23:36:40:703 4040 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys 23:36:40:750 4040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:36:40:781 4040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:36:40:875 4040 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 23:36:40:906 4040 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 23:36:40:921 4040 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 23:36:40:953 4040 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 23:36:41:000 4040 ousb2hub (d237306f0ed07a7e2962310eba3039a7) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 23:36:41:046 4040 ousbehci (2ca5cd35d957edfea159e08360ee0d9b) C:\WINDOWS\system32\Drivers\ousbehci.sys 23:36:41:093 4040 P2k (bf99865064a3c4c498d48d781aa32167) C:\WINDOWS\system32\DRIVERS\P2k.sys 23:36:41:125 4040 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys 23:36:41:171 4040 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 23:36:41:375 4040 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 23:36:41:531 4040 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 23:36:41:765 4040 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 23:36:41:796 4040 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 23:36:41:906 4040 PhTVTune (e5e6dec6764d74e045033e957b191968) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys 23:36:41:921 4040 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys 23:36:41:953 4040 ppa3 (1023fc75551b2d8bc0aca99d9c1c5d63) C:\WINDOWS\system32\DRIVERS\ppa3.sys 23:36:41:984 4040 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:36:42:015 4040 PQNTDrv (7e8be4d11f5ac1e5cae42719a7230508) C:\WINDOWS\system32\drivers\PQNTDrv.sys 23:36:42:031 4040 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys 23:36:42:046 4040 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 23:36:42:062 4040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:36:42:093 4040 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys 23:36:42:187 4040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:36:42:203 4040 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:36:42:250 4040 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:36:42:265 4040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 23:36:42:296 4040 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:36:42:312 4040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:36:42:359 4040 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 23:36:42:406 4040 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 23:36:42:453 4040 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 23:36:42:500 4040 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 23:36:42:515 4040 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:36:42:546 4040 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 23:36:42:578 4040 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys 23:36:42:609 4040 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 23:36:42:656 4040 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 23:36:42:687 4040 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys 23:36:42:703 4040 sojubus (218bfa61acdc109df7df6c8aaed1422c) C:\WINDOWS\system32\DRIVERS\sojubus.sys 23:36:42:718 4040 sojuscsi (122fbabc9af1ab0a1a5394945c2e36a7) C:\WINDOWS\system32\DRIVERS\sojuscsi.sys 23:36:42:750 4040 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 23:36:42:781 4040 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 23:36:42:812 4040 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 23:36:42:859 4040 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys 23:36:42:890 4040 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 23:36:42:937 4040 SSPORT (ef3458337d7341a05169cefc73709264) C:\WINDOWS\system32\Drivers\SSPORT.sys 23:36:42:953 4040 StMp3Rec (1c9ee2c640b6f899cc3d84bcd1ea526f) C:\WINDOWS\system32\Drivers\StMp3Rec.sys 23:36:43:000 4040 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 23:36:43:015 4040 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 23:36:43:046 4040 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 23:36:43:125 4040 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 23:36:43:156 4040 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys 23:36:43:203 4040 Tcpip (8d8949936913b041c6a0e184fbf1030b) C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:36:43:265 4040 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 23:36:43:312 4040 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 23:36:43:359 4040 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 23:36:43:390 4040 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 23:36:43:406 4040 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys 23:36:43:437 4040 TwkMs (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys 23:36:43:468 4040 TwkPCSC (9c88dcfdf817f6541a61d789360e6964) C:\WINDOWS\system32\drivers\TwkPCSC.sys 23:36:43:484 4040 TWKPNP (85acf8cd52b3b488ff58f1f25509ca5f) C:\WINDOWS\system32\DRIVERS\TWKPNP.SYS 23:36:43:500 4040 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 23:36:43:546 4040 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 23:36:43:640 4040 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 23:36:43:671 4040 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 23:36:43:703 4040 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:36:43:750 4040 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:36:43:781 4040 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 23:36:43:828 4040 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:36:43:859 4040 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 23:36:43:890 4040 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys 23:36:43:937 4040 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys 23:36:43:968 4040 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:36:44:000 4040 uscbs108 (23313e2a5020dca0671bc182e86a74e6) C:\WINDOWS\system32\DRIVERS\uscbs108.sys 23:36:44:031 4040 uscsc108 (3ff8c7648593dce2592ca180d149c59a) C:\WINDOWS\system32\DRIVERS\uscsc108.sys 23:36:44:078 4040 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 23:36:44:140 4040 VisorUsb (7608c8327d19ecec1c21f5630a8dedb6) C:\WINDOWS\system32\DRIVERS\VisorUsb.sys 23:36:44:171 4040 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys 23:36:44:218 4040 vobcom (705c36bc6e13fdb304486898d6d8512b) C:\WINDOWS\system32\drivers\vobcom.sys 23:36:44:234 4040 VOBID (9695e4a37e61355f2eb9c7ea65502738) C:\WINDOWS\system32\DRIVERS\vobid.sys 23:36:44:265 4040 vobiw (ae5f53ad03038dfbcb47d80e484e789b) C:\WINDOWS\system32\drivers\vobiw.sys 23:36:44:296 4040 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 23:36:44:312 4040 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys 23:36:44:343 4040 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys 23:36:44:375 4040 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:36:44:421 4040 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 23:36:44:453 4040 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys 23:36:44:500 4040 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 23:36:44:531 4040 WmBEnum (588c1df21321ec51eebff2c8909d1587) C:\WINDOWS\system32\drivers\WmBEnum.sys 23:36:44:562 4040 WmFilter (3b45b7bfd513d3313e895d187849e3a3) C:\WINDOWS\system32\drivers\WmFilter.sys 23:36:44:578 4040 WmVirHid (fe7d6991fd5894f06aae95dc78e79948) C:\WINDOWS\system32\drivers\WmVirHid.sys 23:36:44:593 4040 WmXlCore (dcbb4688ee775912444b9010cd3fe9b6) C:\WINDOWS\system32\drivers\WmXlCore.sys 23:36:44:640 4040 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 23:36:44:671 4040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 23:36:44:718 4040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 23:36:44:718 4040 Reboot required for cure complete.. 23:36:44:968 4040 Cure on reboot scheduled successfully 23:36:44:968 4040 23:36:44:968 4040 Completed 23:36:44:968 4040 23:36:44:968 4040 Results: 23:36:44:968 4040 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 23:36:44:968 4040 File objects infected / cured / cured on reboot: 1 / 0 / 1 23:36:44:968 4040 23:36:44:968 4040 KLMD(ARK) unloaded successfully [\code] 3. Combofix [code]ComboFix 10-07-16.02 - Fritzle 19.07.2010 0:15.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2047.1634 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Fritzle\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\Fritzle\.exe c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\config.data c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\flags.ini c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\thread.xml c:\dokumente und einstellungen\Fritzle\Lokale Einstellungen\Anwendungsdaten\Windows Server\worker.info c:\windows\system32\hlp.dat c:\windows\system32\sstray.exe Infizierte Kopie von c:\windows\system32\ws2_32.dll wurde gefunden und desinfiziert Kopie von - c:\windows\$NtServicePackUninstall$\ws2_32.dll wurde wiederhergestellt . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASPIMGR ((((((((((((((((((((((( Dateien erstellt von 2010-06-18 bis 2010-07-18 )))))))))))))))))))))))))))))) . 2010-07-18 22:20 . 2010-07-18 22:20 262144 ----a-w- c:\windows\system32\default_user_class.dat 2010-07-18 21:29 . 2010-07-18 21:29 -------- d-----w- C:\_OTL 2010-07-16 16:36 . 2010-07-16 16:36 -------- d-----w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Malwarebytes 2010-07-16 16:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-16 16:36 . 2010-07-16 16:44 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-07-16 16:36 . 2010-07-16 16:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-16 16:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-15 17:15 . 2010-07-15 17:25 -------- d-----w- c:\windows\BDOSCAN8 2010-07-15 12:03 . 2010-07-15 16:24 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-07-15 12:03 . 2010-07-15 13:46 -------- d-----w- c:\programme\Spybot - Search & Destroy 2010-07-13 14:28 . 2010-07-13 14:28 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\AdobeUM 2010-07-13 14:27 . 2010-07-13 14:27 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe 2010-06-26 17:36 . 2010-06-26 17:36 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-18 21:38 . 2002-08-29 01:01 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-07-18 21:31 . 2010-07-18 21:31 0 ----a-w- c:\windows\SCARDSRV.TMP 2010-07-15 01:50 . 2010-07-14 21:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-07-14 21:39 . 2010-07-14 21:23 -------- d-----w- c:\programme\Security Task Manager 2010-07-11 17:10 . 2005-10-28 23:02 -------- d-----w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Azureus 2010-07-11 16:45 . 2005-01-12 12:04 -------- d-----w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Canon 2010-04-21 17:42 . 2010-04-21 17:42 52224 ----a-w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll 2010-04-21 17:42 . 2010-04-21 17:42 101376 ----a-w- c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll 2003-09-06 18:44 . 2001-01-22 09:28 100864 ----a-w- c:\programme\Win2000PPAHotfix.exe . ------- Sigcheck ------- [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2ad3df909e43001c668b20ec211136d0\sp2gdr\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\2ad3df909e43001c668b20ec211136d0\sp2qfe\tcpip.sys [-] 2007-08-27 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\TCPIP.SYS [-] 2007-08-27 . 8D8949936913B041C6A0E184FBF1030B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\TCPIP.SYS [7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys [7] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys [7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys [7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtUninstallKB913446_0$\tcpip.sys [7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys [7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\tcpip.sys [-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys [7] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2help.dll [7] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\ws2help.dll [-] 2004-08-04 . 2F4CE68209B23B173DCD91CE8829BC6B . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll [-] 2001-08-18 . 17ED93B7DA379EE57C481A35E24F2973 . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2help.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Search Protection"="c:\programme\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\programme\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840] "ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872] "PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016] "PDFCreatorClient"="d:\jaws pdf creator\PDFClient.exe" [2003-12-09 315392] "hcwPVRReset"="d:\wintv\hcwP1Utl.exe" [2001-06-21 45056] "YSearchProtection"="c:\programme\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2005-7-22 577597] NDAS Device Management.lnk - c:\programme\NDAS\System\ndasmgmt.exe [2006-6-15 220672] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OnlineControl.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk backup=c:\windows\pss\OnlineControl.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PlexTools Professional XL.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\PlexTools Professional XL.lnk backup=c:\windows\pss\PlexTools Professional XL.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Fritzle^Startmenü^Programme^Autostart^Registration-Studio 8 SE.lnk] path=c:\dokumente und einstellungen\Fritzle\Startmenü\Programme\Autostart\Registration-Studio 8 SE.lnk backup=c:\windows\pss\Registration-Studio 8 SE.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] 2002-11-02 06:33 45056 ----a-w- d:\clonecd\ElbyCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 07:57 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2003-04-23 01:06 417871 ----a-w- d:\microsoft activesync\WCESCOMM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2003-09-06 18:42 102400 ----a-w- c:\programme\Gemeinsame Dateien\Logitech\QCDriver\LVComS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 --sh--w- c:\programme\messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] 2003-07-07 09:29 729088 ----a-r- d:\omnipagese\EregGer\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] 2003-05-08 11:00 49152 ----a-w- d:\omnipagese\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] 2003-12-04 10:34 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-08-26 16:14 36975 ----a-w- c:\programme\Java\jre1.5.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] 2004-11-11 04:15 111816 ----a-w- c:\programme\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] 2004-05-21 23:12 64512 ----a-w- c:\programme\WildTangent\Apps\CDA\CDAEngine0400.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aspimgr"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Microsoft ActiveSync\\WCESCOMM.EXE"= "d:\\Azureus\\Azureus.exe"= "d:\\Messenger-Software\\AIM95\\aim.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Microsoft ActiveSync\\WCESMGR.EXE"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "d:\\RealPlayer\\realplay.exe"= "d:\\WS_FTP\\WS_FTP95.exe"= "c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "d:\\Messenger-Software\\Yahoo-Messenger\\YahooMessenger.exe"= "d:\\SopCast\\SopCast.exe"= "d:\\SopCast\\adv\\SopAdver.exe"= "d:\\TVAnts\\Tvants.exe"= "d:\\TVUPlayer\\TVUPlayer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6969:TCP"= 6969:TCP:Azureus "52525:TCP"= 52525:TCP:Azureus "6969:UDP"= 6969:UDP:Azureus "52525:UDP"= 52525:UDP:Azureus R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [05.10.2003 11:41 123520] R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.09.2003 11:57 5504] R0 TwkMs;CHIPDRIVE Maus Adapter;c:\windows\system32\drivers\TWKMS.SYS [29.01.2003 09:17 4828] R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01.08.2003 15:47 29239] R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [04.10.2001 12:53 9728] R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [20.02.2004 12:03 187392] R2 a2free;a-squared Free Service;d:\a-squared free\a2service.exe [09.11.2007 22:10 1872320] R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\avira\AntiVir Desktop\sched.exe [24.07.2009 23:45 108289] R2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [13.01.2005 15:46 23552] R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [26.01.2004 01:04 41856] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [24.07.2009 22:00 5120] R2 TwkPCSC;CHIPDRIVE PC/SC Drivers;c:\windows\system32\drivers\TWKPCSC.SYS [29.01.2003 09:17 11676] R2 TWKSCARDSRV;CHIPDRIVE SCARD Service;c:\windows\SCARDS32.EXE [29.01.2003 09:17 286720] R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03.02.2004 16:04 62976] R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\HCW848NT.sys [13.01.2005 15:17 138932] R3 ousb2hub;OrangeWare USB 2.0 Hub Support;c:\windows\system32\drivers\ousb2hub.sys [26.01.2004 01:04 55552] R3 TWKPNP;CHIPDRIVE Plug and Play driver;c:\windows\system32\drivers\TWKPNP.SYS [18.01.2003 00:11 5550] R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [09.03.2003 19:41 102336] S1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [26.10.2005 10:37 11264] S3 AVMBTPARALLEL;Bluetooth Druckeranschluss;c:\windows\system32\drivers\avmbtpar.sys [25.10.2004 03:00 60288] S3 AVMBTSERIAL;Bluetooth Kommunikationsanschluss;c:\windows\system32\drivers\avmbtser.sys [25.10.2004 03:00 61056] S3 AVMBTSND;Bluetooth Audio Driver;c:\windows\system32\drivers\avmbtsnd.sys [25.10.2004 03:00 49664] S3 AVMCOWAN;ISDN CoNDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmcowan.sys [25.10.2004 03:00 53248] S3 AVMWAN;AVM NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [27.11.2002 02:00 38608] S3 bfhubase;Eumex C 200 data (WinXP/2000);c:\windows\system32\drivers\bfhubase.sys [25.10.2004 03:00 796352] S3 bfubase;BlueFRITZ! USB (WinXP/2000);c:\windows\system32\drivers\bfubase.sys [09.12.2003 03:00 741600] S3 CAPI_CIP;Bluetooth CAPI-Controller;c:\windows\system32\drivers\capi_cip.sys [25.10.2004 03:00 374144] S3 fxusbase;BlueFRITZ! AP-X (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [27.11.2002 02:00 503600] S3 NETBFPAN;Bluetooth Netzwerkadapter;c:\windows\system32\drivers\netbfpan.sys [25.10.2004 03:00 31818] S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\DRIVERS\NETFRITZ.SYS --> c:\windows\system32\DRIVERS\NETFRITZ.SYS [?] S3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [31.01.2004 03:14 19520] S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [24.07.2003 01:57 19968] S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [18.01.2003 00:11 15576] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - uphcleanhlp . Inhalt des "geplante Tasks" Ordners 2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-07-15 c:\windows\Tasks\{39CED9A9-59C7-48C1-AF53-7102E5395203}_Paulchen_Fritzle.job - c:\windows\system32\mobsync.exe [2001-08-18 07:58] 2010-07-13 c:\windows\Tasks\{84CCF2E7-D21F-42B6-A8BC-0BB1500D5599}_Paulchen_Fritzle.job - c:\windows\system32\mobsync.exe [2001-08-18 07:58] 2010-06-25 c:\windows\Tasks\{DEA1DBD6-D1B4-4440-932E-3103CBC8CC67}_Paulchen_Fritzle.job - c:\windows\system32\mobsync.exe [2001-08-18 07:58] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.unc.edu/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: Nach Microsoft &Excel exportieren - d:\micros~1\Office10\EXCEL.EXE/3000 IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: {{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - {361D6100-9833-4ABA-BB50-7015F325BBF0} - c:\windows\Downloaded Program Files\IEPrint.dll TCP: {2CAE1438-109A-4E23-B938-6CEABEC7ABDC} = 192.168.2.1 DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab FF - ProfilePath - c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official FF - prefs.js: keyword.URL - Google FF - plugin: c:\dokumente und einstellungen\Fritzle\Anwendungsdaten\Mozilla\Firefox\Profiles\46m569ov.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: d:\acrobat 7.0\Reader\browser\nppdf32.dll FF - plugin: d:\acrobatreader\Reader\Browser\nppdf32.dll FF - plugin: d:\veetle\Player\npvlc.dll FF - plugin: d:\veetle\plugins\npVeetle.dll FF - plugin: d:\veetle\VLCBroadcast\npvbp.dll ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - trued:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); d:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); d:\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); d:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); d:\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-nForce Tray Options - sstray.exe SafeBoot-klmdb.sys MSConfigStartUp-Agent - d:\powervcrii\Agent.exe MSConfigStartUp-AVMBLUEOBEX - c:\programme\avmclient\AvmObex.exe MSConfigStartUp-Iomega Drive Icons - d:\iomega\DriveIcons\ImgIcon.exe MSConfigStartUp-Iomega Startup Options - d:\iomega\Common\ImgStart.exe MSConfigStartUp-iTunesHelper - d:\ipod\iTunes\iTunesHelper.exe MSConfigStartUp-IW Controlcenter - d:\instan~1\INSTAN~1\IWCTRL.EXE MSConfigStartUp-LogitechGalleryRepair - d:\logitech-imagestudio\ISStart.exe MSConfigStartUp-LogitechImageStudioTray - d:\logitech-imagestudio\LogiTray.exe MSConfigStartUp-Omnipage - d:\omnipagese\opware32.exe MSConfigStartUp-QuickTime Task - d:\quicktime\qttask.exe MSConfigStartUp-Remote_Agent - d:\powervcrii\RemoteAgent.exe MSConfigStartUp-Yahoo! Pager - d:\messenger-software\Yahoo-Messenger\ypager.exe ActiveSetup-{2F40BE49-2DD4-EA31-0400-030604050203} - c:\windows\System32\dllrun32.exe AddRemove-HijackThis - c:\programme\HiJackThis\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 00:28 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A216C20]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf766bfc3 \Driver\ACPI -> ACPI.sys @ 0xf75adcb8 \Driver\atapi -> 0x8a216c20 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004 ParseProcedure -> ntoskrnl.exe @ 0x8056f00e \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004 ParseProcedure -> ntoskrnl.exe @ 0x8056f00e NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf796fba0 PacketIndicateHandler -> NDIS.sys @ 0xf797cb21 SendHandler -> NDIS.sys @ 0xf795a87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-583907252-492894223-725345543-1004\Software\Zepter Software\RegLib*8c2f294c\AnyDVD/1] "1"=dword:4549e8b7 "2"=dword:456b0256 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(1012) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(1068) c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(2352) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe d:\avira\AntiVir Desktop\avguard.exe c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe d:\diskeeper professional premier\DkService.exe c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe c:\programme\NDAS\System\ndassvc.exe c:\windows\system32\pctspk.exe c:\windows\system32\PDFCreatorMessages.exe c:\programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe c:\programme\UPHClean\uphclean.exe c:\programme\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-07-19 00:33:08 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-07-18 22:33 Vor Suchlauf: 11 Verzeichnis(se), 12.341.235.712 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 12.235.309.056 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 34D496DF2CC816EDCA7A4AD7957B436C [\code] Scheinbar wurden ein bzw. mehrere Rootkit(s) gefunden. Ich habe nun, nachdem ich diese Schritte durchgeführt habe, ein kleines bisschen herumprobiert, und es scheint, als wären alle Probleme gelöst. Ist das nun wirklich so, oder muss ich weiteres unternehmen? Das wäre ja wirklich toll, wenn es das jetzt gewesen wäre. Viele Grüsse, The Dude __________ "The rug really tied the room together." Dieser Beitrag wurde am 19.07.2010 um 12:05 Uhr von The Dude editiert.
|
|
|
||
19.07.2010, 12:22
Member
Beiträge: 420 |
#11
Sieht schon ganz gut aus, aber wir sollten sicherstellen, dass nichts übriggeblieben ist, sonst könnte das Ganze von Vorne losgehen.
Systemwiederherstellung funktioniert auch wieder? Da fehlte nämlich ein Treiber. 1. Starte bitte OTL, kopiere unten in das Script-Feld rein Zitat :Regund klicke auf Run Fix. Unter Umständen wird ein Neustart benötigt. 2. Lasse bitte TDSSKiller erneut scannen und poste das (neue) Log. 3. Lasse bitte RootRepeal erneut scannen und poste das Log. |
|
|
||
19.07.2010, 13:26
Member
Themenstarter Beiträge: 12 |
#12
Also weiter gehts,
1. OTL Meldung: Registry Value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\aspimgr deleted successfully. 2. TDSSKiller Log: [Code] 12:55:46:468 2132 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 12:55:46:468 2132 ================================================================================ 12:55:46:468 2132 SystemInfo: 12:55:46:468 2132 OS Version: 5.1.2600 ServicePack: 2.0 12:55:46:468 2132 Product type: Workstation 12:55:46:468 2132 ComputerName: Paulchen 12:55:46:468 2132 UserName: Fritzle 12:55:46:468 2132 Windows directory: C:\WINDOWS 12:55:46:468 2132 System windows directory: C:\WINDOWS 12:55:46:468 2132 Processor architecture: Intel x86 12:55:46:468 2132 Number of processors: 1 12:55:46:468 2132 Page size: 0x1000 12:55:46:468 2132 Boot type: Normal boot 12:55:46:468 2132 ================================================================================ 12:55:48:187 2132 Initialize success 12:55:48:187 2132 12:55:48:187 2132 Scanning Services ... 12:55:48:500 2132 Raw services enum returned 412 services 12:55:48:500 2132 12:55:48:500 2132 Scanning Drivers ... 12:55:49:031 2132 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:55:49:062 2132 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:55:49:109 2132 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 12:55:49:171 2132 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 12:55:49:234 2132 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 12:55:49:281 2132 AmdK7 (fbf9ffb0b638df1448821bd0aceeb780) C:\WINDOWS\system32\DRIVERS\amdk7.sys 12:55:49:328 2132 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys 12:55:49:359 2132 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 12:55:49:390 2132 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys 12:55:49:406 2132 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys 12:55:49:484 2132 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 12:55:49:500 2132 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys 12:55:49:531 2132 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:55:49:625 2132 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:55:49:718 2132 ati2mtag (8303b347a02ed4bbf94e5682a6d22619) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 12:55:49:750 2132 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:55:49:781 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:55:49:828 2132 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Avira\AntiVir Desktop\avgio.sys 12:55:49:859 2132 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 12:55:49:921 2132 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 12:55:49:953 2132 AVMBTPARALLEL (6867c7b9d7beca1859c15f6730fd067a) C:\WINDOWS\system32\DRIVERS\avmbtpar.sys 12:55:49:984 2132 AVMBTSERIAL (4bb8956474c4770083f4f50a51f26bcf) C:\WINDOWS\system32\DRIVERS\avmbtser.sys 12:55:50:000 2132 AVMBTSND (e22454df488d6d38d2a9cc4926f331bb) C:\WINDOWS\system32\drivers\avmbtsnd.sys 12:55:50:031 2132 AVMCOWAN (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\avmcowan.sys 12:55:50:046 2132 AVMWAN (398eb38f388ce7aeee34132aefb590ef) C:\WINDOWS\system32\DRIVERS\avmwan.sys 12:55:50:062 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:55:50:125 2132 bfhubase (68be923a2f6b6a52f16a0d564b7fc318) C:\WINDOWS\system32\DRIVERS\bfhubase.sys 12:55:50:234 2132 bfubase (45f341d5fd3afc002650c28ad447530d) C:\WINDOWS\system32\DRIVERS\bfubase.sys 12:55:50:312 2132 BT878 (72c98b32df52a641338a1599f6fc7ca8) C:\WINDOWS\system32\DRIVERS\BT878.sys 12:55:50:343 2132 btaudio (711442f5953966b14299b4b0404ec073) C:\WINDOWS\system32\drivers\btaudio.sys 12:55:50:375 2132 BTDriver (409f48dc4d505559043acbbf6095768a) C:\WINDOWS\system32\DRIVERS\btport.sys 12:55:50:437 2132 BTKRNL (03664bb96504c81b02f58c0eade8a464) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 12:55:50:468 2132 BTSERIAL (873f58c0fde879b53b468b65e39549c5) C:\WINDOWS\system32\drivers\btserial.sys 12:55:50:515 2132 BTSLBCSP (df810d392af466ff76cb6bf55c6c86af) C:\WINDOWS\system32\drivers\btslbcsp.sys 12:55:50:531 2132 BTWDNDIS (4223556c93871a4cbd68d0585f5e5dc9) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 12:55:50:546 2132 btwmodem (c525d186182b7a4e0f428f98b400e4e7) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 12:55:50:562 2132 BTWUSB (2054534e921359af42875ed825fa075f) C:\WINDOWS\system32\Drivers\btwusb.sys 12:55:50:609 2132 Cap7134 (fc766cfbd052e41ff71921b8fc9ffc30) C:\WINDOWS\system32\DRIVERS\Cap7134.sys 12:55:50:656 2132 CAPI_CIP (600fe1fc7f063398e56fbce22488b108) C:\WINDOWS\system32\DRIVERS\capi_cip.sys 12:55:50:703 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:55:50:750 2132 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 12:55:50:812 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:55:50:859 2132 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 12:55:50:890 2132 cdrdrv (6110b5c478a0da030be698edd362658f) C:\WINDOWS\system32\Drivers\Cdrdrv.sys 12:55:50:953 2132 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:55:51:062 2132 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys 12:55:51:109 2132 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 12:55:51:453 2132 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 12:55:51:687 2132 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 12:55:51:718 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:55:51:750 2132 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 12:55:51:765 2132 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 12:55:51:812 2132 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 12:55:51:828 2132 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 12:55:51:859 2132 ElbyDelay (0b15894b0698abcac9f19d060119d1d0) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 12:55:51:906 2132 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 12:55:51:937 2132 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 12:55:51:953 2132 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 12:55:52:015 2132 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 12:55:52:062 2132 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 12:55:52:093 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:55:52:140 2132 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:55:52:187 2132 fxusbase (54c9e5685a08dd6abddb48069640a948) C:\WINDOWS\system32\DRIVERS\fxusbase.sys 12:55:52:234 2132 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:55:52:265 2132 HCW848NT (f22207841d5958d5185392a4fa485885) C:\WINDOWS\system32\DRIVERS\hcw848nt.sys 12:55:52:312 2132 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:55:52:375 2132 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 12:55:52:437 2132 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:55:52:468 2132 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:55:52:531 2132 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 12:55:52:562 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:55:52:609 2132 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:55:52:640 2132 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:55:52:703 2132 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:55:52:734 2132 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:55:52:765 2132 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:55:52:812 2132 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:55:52:843 2132 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 12:55:52:875 2132 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 12:55:52:906 2132 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 12:55:52:937 2132 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 12:55:53:015 2132 lfsfilt (8bcee40af7eb561ac3f89aabd346fbd1) C:\WINDOWS\system32\DRIVERS\lfsfilt.sys 12:55:53:046 2132 lpx (de577aa0f1bee59b2970a2dab9aeb236) C:\WINDOWS\system32\DRIVERS\lpx.sys 12:55:53:078 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:55:53:109 2132 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 12:55:53:156 2132 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:55:53:171 2132 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:55:53:218 2132 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 12:55:53:265 2132 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:55:53:343 2132 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:55:53:406 2132 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 12:55:53:453 2132 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:55:53:484 2132 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:55:53:515 2132 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 12:55:53:562 2132 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:55:53:609 2132 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 12:55:53:625 2132 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 12:55:53:656 2132 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 12:55:53:718 2132 ndasbus (fa353a92a5440a12954c0c474f979335) C:\WINDOWS\system32\DRIVERS\ndasbus.sys 12:55:53:750 2132 ndasscsi (0b9140cd7aaac9fb36c2406d4f99a844) C:\WINDOWS\system32\DRIVERS\ndasscsi.sys 12:55:53:781 2132 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 12:55:53:812 2132 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 12:55:53:843 2132 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:55:53:859 2132 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:55:53:875 2132 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:55:53:921 2132 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 12:55:53:937 2132 NETBFPAN (1f6b0c9c8b89f64eeb37ef8181ae1452) C:\WINDOWS\system32\DRIVERS\netbfpan.sys 12:55:53:968 2132 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:55:54:015 2132 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:55:54:062 2132 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 12:55:54:109 2132 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 12:55:54:156 2132 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 12:55:54:218 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:55:54:265 2132 nvax (3de144bf9844a8073098f3c35bcf659a) C:\WINDOWS\system32\drivers\nvax.sys 12:55:54:328 2132 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys 12:55:54:375 2132 nvnforce (cac8337fb6eb6911c47e43526f6a2397) C:\WINDOWS\system32\drivers\nvapu.sys 12:55:54:421 2132 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys 12:55:54:453 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:55:54:484 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:55:54:515 2132 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 12:55:54:531 2132 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 12:55:54:562 2132 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 12:55:54:609 2132 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 12:55:54:656 2132 ousb2hub (d237306f0ed07a7e2962310eba3039a7) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 12:55:54:671 2132 ousbehci (2ca5cd35d957edfea159e08360ee0d9b) C:\WINDOWS\system32\Drivers\ousbehci.sys 12:55:54:703 2132 P2k (bf99865064a3c4c498d48d781aa32167) C:\WINDOWS\system32\DRIVERS\P2k.sys 12:55:54:734 2132 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys 12:55:54:750 2132 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 12:55:54:781 2132 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 12:55:54:828 2132 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 12:55:54:875 2132 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:55:54:937 2132 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 12:55:55:078 2132 PhTVTune (e5e6dec6764d74e045033e957b191968) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys 12:55:55:109 2132 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys 12:55:55:140 2132 ppa3 (1023fc75551b2d8bc0aca99d9c1c5d63) C:\WINDOWS\system32\DRIVERS\ppa3.sys 12:55:55:187 2132 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:55:55:218 2132 PQNTDrv (7e8be4d11f5ac1e5cae42719a7230508) C:\WINDOWS\system32\drivers\PQNTDrv.sys 12:55:55:234 2132 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys 12:55:55:265 2132 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 12:55:55:281 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:55:55:312 2132 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys 12:55:55:390 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:55:55:421 2132 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:55:55:484 2132 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:55:55:500 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:55:55:562 2132 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:55:55:593 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:55:55:625 2132 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 12:55:55:671 2132 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:55:55:703 2132 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 12:55:55:765 2132 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 12:55:55:812 2132 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:55:55:859 2132 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:55:55:906 2132 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys 12:55:55:921 2132 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:55:55:968 2132 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 12:55:56:046 2132 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys 12:55:56:078 2132 sojubus (218bfa61acdc109df7df6c8aaed1422c) C:\WINDOWS\system32\DRIVERS\sojubus.sys 12:55:56:109 2132 sojuscsi (122fbabc9af1ab0a1a5394945c2e36a7) C:\WINDOWS\system32\DRIVERS\sojuscsi.sys 12:55:56:140 2132 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 12:55:56:171 2132 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 12:55:56:203 2132 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 12:55:56:234 2132 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 12:55:56:281 2132 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys 12:55:56:312 2132 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 12:55:56:343 2132 SSPORT (ef3458337d7341a05169cefc73709264) C:\WINDOWS\system32\Drivers\SSPORT.sys 12:55:56:390 2132 StMp3Rec (1c9ee2c640b6f899cc3d84bcd1ea526f) C:\WINDOWS\system32\Drivers\StMp3Rec.sys 12:55:56:421 2132 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 12:55:56:500 2132 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:55:56:546 2132 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 12:55:56:625 2132 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 12:55:56:640 2132 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys 12:55:56:703 2132 Tcpip (8d8949936913b041c6a0e184fbf1030b) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:55:56:750 2132 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:55:56:781 2132 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 12:55:56:812 2132 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:55:56:843 2132 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 12:55:56:890 2132 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys 12:55:56:937 2132 TwkMs (8c7d0928b76dc2b8235995a01ce33037) C:\WINDOWS\system32\drivers\TwkMs.sys 12:55:56:968 2132 TwkPCSC (9c88dcfdf817f6541a61d789360e6964) C:\WINDOWS\system32\drivers\TwkPCSC.sys 12:55:57:015 2132 TWKPNP (85acf8cd52b3b488ff58f1f25509ca5f) C:\WINDOWS\system32\DRIVERS\TWKPNP.SYS 12:55:57:031 2132 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 12:55:57:093 2132 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 12:55:57:156 2132 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 12:55:57:187 2132 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:55:57:218 2132 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:55:57:250 2132 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:55:57:265 2132 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 12:55:57:312 2132 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 12:55:57:343 2132 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:55:57:375 2132 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys 12:55:57:406 2132 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys 12:55:57:437 2132 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:55:57:453 2132 uscbs108 (23313e2a5020dca0671bc182e86a74e6) C:\WINDOWS\system32\DRIVERS\uscbs108.sys 12:55:57:484 2132 uscsc108 (3ff8c7648593dce2592ca180d149c59a) C:\WINDOWS\system32\DRIVERS\uscsc108.sys 12:55:57:515 2132 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 12:55:57:562 2132 VisorUsb (7608c8327d19ecec1c21f5630a8dedb6) C:\WINDOWS\system32\DRIVERS\VisorUsb.sys 12:55:57:640 2132 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys 12:55:57:750 2132 vobcom (705c36bc6e13fdb304486898d6d8512b) C:\WINDOWS\system32\drivers\vobcom.sys 12:55:57:781 2132 VOBID (9695e4a37e61355f2eb9c7ea65502738) C:\WINDOWS\system32\DRIVERS\vobid.sys 12:55:57:843 2132 vobiw (ae5f53ad03038dfbcb47d80e484e789b) C:\WINDOWS\system32\drivers\vobiw.sys 12:55:57:859 2132 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 12:55:57:937 2132 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys 12:55:58:000 2132 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys 12:55:58:046 2132 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:55:58:078 2132 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 12:55:58:125 2132 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys 12:55:58:171 2132 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 12:55:58:203 2132 WmBEnum (588c1df21321ec51eebff2c8909d1587) C:\WINDOWS\system32\drivers\WmBEnum.sys 12:55:58:234 2132 WmFilter (3b45b7bfd513d3313e895d187849e3a3) C:\WINDOWS\system32\drivers\WmFilter.sys 12:55:58:265 2132 WmVirHid (fe7d6991fd5894f06aae95dc78e79948) C:\WINDOWS\system32\drivers\WmVirHid.sys 12:55:58:265 2132 WmXlCore (dcbb4688ee775912444b9010cd3fe9b6) C:\WINDOWS\system32\drivers\WmXlCore.sys 12:55:58:312 2132 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 12:55:58:390 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 12:55:58:421 2132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 12:55:58:421 2132 12:55:58:421 2132 Completed 12:55:58:421 2132 12:55:58:421 2132 Results: 12:55:58:421 2132 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 12:55:58:421 2132 File objects infected / cured / cured on reboot: 0 / 0 / 0 12:55:58:421 2132 12:55:58:421 2132 KLMD(ARK) unloaded successfully [\Code] 3. RootRepeal Log: [Code] ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/07/19 13:01 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: Image Path: Address: 0xF7482000 Size: 95360 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA4129000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79BD000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA3497000 Size: 49152 File Visible: No Signed: - Status: - Name: uphcleanhlp.sys Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Address: 0xA3956000 Size: 8960 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xb867b0ee #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xb867b0e4 #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xb867b0f3 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xb867b0fd #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xb867b102 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xb867b0d0 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xb867b0d5 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xb867b10c #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xb867b107 #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xb867b0f8 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xb867b0df #: 263 Function Name: NtUnloadKey Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xa39566d0 Stealth Objects ------------------- Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a41db10 Size: 1264 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a41da88 Size: 1400 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a578f00 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_READ] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a5163f0 Size: 734 Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x8a4a9da0 Size: 99 Object: Hidden Code [Driver: TwkMs, IRP_MJ_POWER] Process: System Address: 0x00000000 Size: 4096 Object: Hidden Code [Driver: TwkMs, IRP_MJ_PNP] Process: System Address: 0x00000000 Size: 4096 Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CLOSE] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_READ] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_WRITE] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_EA] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_EA] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a519ad8 Size: 37 Object: Hidden Code [Driver: VOBID, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CLEANUP] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_POWER] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a477bb0 Size: 99 Object: Hidden Code [Driver: VOBID, IRP_MJ_PNP] Process: System Address: 0x8a477bb0 Size: 99 ==EOF== [\Code] Zu Deiner Frage: Ja, die Systemwiederherstellung funktioniert wieder. Im Unterschied zu früher wird beim Booten irgendwann ganz kurz ein schwarzer Screen mit Systemwiederherstellungsoptionen eingeblendet. Aber nur für ca. eine halbe Sekunde, so dass ich praktisch nichts darauf erkennen kann. Ich glaube, bei der ComboFix-Anleitung wird auch darauf hingewiesen, dass dieser Screen kommt. Ist kein Problem, oder? Ich hätte noch eine Frage: Mein System ist folgendermassen in Partitionen organisiert: C: System, D: Programme E,F,G : verschiedene User-Dateien Ich habe, gleich nachdem ich den Befall festgellt habe, die wichtigen Daten meiner Partitionen E,F,G auf einer externen Platte gesichert. Wie soll ich nun damit umgehen? Ich dachte mir, es wäre vielleicht eine gute Idee die Partionen E,F,G von Windows aus zu formatieren, oder?. Aber was mache ich mit den Daten auf der externen Platte? AntiVir habe ich schon drüber laufen lassen. Aber das heisst ja nicht viel. Welche Tools kann ich für die externe Platte verwenden, um sicher zu stellen, dass ich mir auf diese Weise nicht wieder einen erneuten Viren/Trojaner/Rootkit -Befall einfange? Viele Grüsse und schonmal ganz ganz vielen Dank bis hierher, The Dude __________ "The rug really tied the room together." |
|
|
||
19.07.2010, 14:30
Member
Beiträge: 420 |
#13
Der schwarze Screen beim Booten ist die Wiederherstellungskonsole, die vom ComboFix installiert wurde. Falls sie nicht stört, kann sie ruhig bleiben.
Zu den Partitionen: Formatieren ist immer gut. Die externe Platte können wir mit einem Online-Scanner überprüfen (Punkt 2) 1. Lasse bitte Malwarebytes erneut scannen, Aktualisierung nicht vergessen. 2. Panda ActiveScan2.0 http://www.pandasecurity.com/homeusers/solutions/activescan/ Klicke auf Scan your PC now Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen. Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In:). Den Inhalt der Datei bitte posten. Für die Überprüfung der externen Platte (zweiter Scan): Schließe nun bitte die externe Festplatte an (shift-Taste beim Anschließen gedrückt halten) Klicke auf Scan your PC now Wähle zunächst Andere Scans, klicke dann ganz unten bei Andere Scans auf Scannen. Es öffnet sich ein Fenster, markiere dort bitte die externe Platte, klicke auf OK und folge den Anweisungen. Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In:). Den Inhalt der Datei bitte posten. 3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt) |
|
|
||
20.07.2010, 11:46
Member
Themenstarter Beiträge: 12 |
#14
Zitat gangren postete __________ "The rug really tied the room together." |
|
|
||
20.07.2010, 15:40
Member
Beiträge: 420 |
#15
Das sieht gut aus, falls keine Probleme mehr sind, kommen wir zum Abschluss.
Zitat Gibt es eine Möglichkeit, ihn zu entfernen,Ich weiß es nicht, noch nie versucht. Allerdings wird die Konsole zusammen mit OTL entfernt werden (Punkt 3 ). Normalerweise benötigt man sie nicht. Zitat Soll ich die als Malaware angezeigten Cookies am besten einfach löschen?Ja. Falls das nicht geht, verwende folgenden OTL-Script (starten, reinkopieren, Run Fix): Zitat :Files Zitat Die "Vulnerabilities" gehen wahrscheinlich auf auf Windows-Patches etc. zurück, die ich mal dringend installieren sollte, oder?Jepp, damit kommen wir zum ersten Punkt: 1. Installiere unbedingt SP3 für XP. http://www.heise.de/software/download/windows_xp_service_pack_3_sp3/35572 (oder besuche mit dem IE www.update.microsoft.com) Der Support seitens Microsoft für SP2 wurde am 13. Juli eingestellt. 2. Könntest Du bitte die Ordner C:\_OTL und C:\Qoobox zippen, die zip-Datei auf http://www.file-upload.net/ hochladen und mir den Downloadlink per PM schicken? Das sind die Quarantäne-Ordner. Ich würde mir die Sachen ansehen und ggf. an verschiedene AV-Hersteller schicken, um die Erkennung zu verbessern. Danke Danach (sonst sind die Ordner weg): 3. Starte OTL und klicke bitte auf CleanUP 4. Hol Dir bitte http://secunia.com/vulnerability_scanning/personal/ und halte damit Dein System auf dem neuesten Stand. Damit werden auch installierte Programme auf Aktualität überprüft, wie z.B. Java (nein, Java wird nicht mit Windows-Updates aktualisiert) 5. Lies Dir bitte das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar Wir sind fertig Gruß, gangren |
|
|
||
ich doktere nun schon 2 Tage an meinem infizierten System herum. Alles begann nach
Besuch einer vermeintlich seriösen Webseite. AntiVirur gab mir plötzlich die Meldung aus, dass
ein Webseiten-Objekt (*.php-Datei) in Wirklichkeit eine ausführbare Datei war, und sich nun auf meinem System befindet. Ich habe dann mit AntiVirus die betreffende Datei sofort entfernt (leider habe ich den Namen des Virus/Trojaners nicht aufgeschrieben). Doch in diesem Moment ging Plötzlich
die Windows-Hilfefunmktion unter dem Stickwort "anything", das ich natürlich nicht eingegeben hatte, auf und ein fiktivier Virenscanner names Antivirus 2010 startete. Ausserdem konnte ich eine EXE-Dateien mehr öffnen bzw. fast eine Programme mehr starten. Ich fuhr darauf hin sofort mein System herunter und führte im agesicherten Modus mit AntiVir, A-Squared und Security Task Manager einige Suchen durch, und fand prompt einige Viren-Dateien, die ich dann auch entfernte, darunter:
- IM-Flooder.Win32.QuietStorm in c:\windows\system32\DartWeb.oca
- TR/Vundo.Gen in C:\Dokumente und Einstellungen\...\Lokale Einstellungen\...\346468.exe
sowie in F:\Temporary Internet Files\Content.IE5\DXL9WUYP\Server1[1].exe
- ivrssres.dll (?)
Mein Sytem weisst (auch nach Durchführung der unten aufgelisteten Schritte) folgende Fehler auf:
- Windows Update funktionert nicht
- Systemwiederherstellung funktioniert nicht
- Internet Exlorer und Firefox öffnen keine Microsoft Support bzw. Update Seiten. Beim Versuch
solche Seiten zu öffnen, öffnen sich plötzlich andere verdächdtige Seiten.
- Bei laufendem IE gehen manchmal plötzlich ominöse Google-Seiten u.ä. auf
Irgendwie scheint es ein technisches Problem mit dem Posting zum geben. Darum werde ich mein Posting auf zwei Teile aufteilen.
__________
"The rug really tied the room together."