| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: PSW.Generic9.RDX in services.exe (908)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2012, 17:40
| #1 |
 |  Trojaner: PSW.Generic9.RDX in services.exe (908) Hallo, gestern wurde mein PC (Windows XP) plötzlich sehr langsam und hatte Probleme beim Booten. Der Bildschirm wurde beim hochfahren irgendwann schwarz und es war nur die Maus zu sehen. Danach passierte nichts mehr. Wenn ich dann über den Reset-Knopf nochmal neu gestartet habe, fuhr er (etwas langsamer) hoch. Habe daraufhin einen Virenscan mit AVG-Free gemacht. Der zeigte mir folgendes an: C:\Windows\system32\services.exe (908) | Infektion: Trojaner: PSW.Generic9.RDX | Ergebnis: gelöscht C:\Windows\system32\services.exe (908):\memory_00d10000 | Infektion: Trojaner: PSW.Generic9.RDX | Ergebnis: infiziert Darüber hinaus noch folgende Information: C:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB\Conduitinstaller.exe | Die Datei wurde von einer beschädigten digitalen Signatur signiert. Habe daraufhin auch schon Spybot und Malwarebytes drüber laufen lassen. Die haben das Problem nicht gefunden. Habe es dann nochmal im abgesicherten Modus mit dem AVG Scanner probiert. Da wurde aber nur die letzte Information angezeigt. Habe es dann noch über die AVG Rescue CD versucht, aber auch ohne Erfolg. Jetzt habe ich nochmal einen Test mit AVG Free gemacht und das Resultat war wieder genau dasselbe. Heute habe ich auch nicht das Gefühl, dass der Computer viel langsamer ist. Soviel zu den Symptomen. Ich hoffe ihr könnt mir helfen  Hier mein OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.01.2012 16:05:34 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\Downloads\Virus Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,65% Memory free 4,34 Gb Paging File | 3,86 Gb Available in Paging File | 88,81% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34,47 Gb Total Space | 13,92 Gb Free Space | 40,39% Space Free | Partition Type: NTFS Drive G: | 186,31 Gb Total Space | 78,46 Gb Free Space | 42,11% Space Free | Partition Type: NTFS Computer Name: ICH-0112C52BCD8 | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Downloads\Virus\OTL.exe PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\Programme\Java\bin\jqs.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.09.22 20:18:18 | 000,040,960 | ---- | M] (Topdownloads Networks) -- G:\Programme\Wallpaper Juggler\WallPaperJugglerM.exe PRC - [2003.10.06 07:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE ========== Modules (No Company Name) ========== MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- G:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.04.01 19:10:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- G:\Programme\Java\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- G:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011.11.03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011.11.03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2008.08.01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008.08.01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.11.19 03:13:54 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003.11.05 07:26:02 | 000,645,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2003.10.21 10:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003.10.21 10:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2003.10.14 04:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2003.10.13 10:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2003.10.08 03:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003.10.08 03:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2003.10.08 03:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003.03.05 08:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT) DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: G:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: G:\Programme\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: G:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: G:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Programme\Java\lib\deploy\jqs\ff [2010.12.05 22:21:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.22 18:55:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: G:\Programme\Mozilla Firefox\components [2011.12.23 14:13:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012.01.13 11:20:59 | 000,000,000 | ---D | M] [2010.10.24 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Extensions [2012.01.15 17:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions [2011.04.03 13:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.15 17:22:41 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2011.09.25 10:28:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.24 14:37:43 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\fastdial@telega.phpnet.us [2011.02.05 15:34:22 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\firefox@tvunetworks.com [2010.11.11 10:01:55 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\searchplugins\youtube-videosuche.xml [2011.12.22 18:55:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4 [2010.12.05 22:21:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAMME\JAVA\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010.10.25 20:58:10 | 000,423,305 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14591 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Wallpaper Juggler Monitor] G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks) O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5EBAF6-9EB2-4AB4-B120-39D2E8040FE7}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E6C79398-8351-A195-39DA-98768D40FCB8} - Java (Sun) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - G:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.22 12:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2012.01.22 12:42:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.01.22 12:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Simply Super Software [2012.01.22 12:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software [2012.01.21 23:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes [2012.01.21 23:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.21 22:18:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Recent [2012.01.13 12:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\Aktuell [2012.01.06 12:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Exodus-Logs [2012.01.06 11:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus [2012.01.06 11:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Exodus [2012.01.06 11:50:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll [2012.01.06 11:50:52 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll [2012.01.06 11:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple [2012.01.04 10:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.12.29 20:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Calibre Bibliothek [2011.12.29 20:36:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre [2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Programme\Calibre2 [2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management [2011.12.28 14:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Deluxe Ski Jump 4 [2011.12.24 11:32:53 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll [2011.12.24 11:32:53 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll [2011.12.24 11:32:53 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2011.12.24 11:32:53 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll [2011.12.24 11:32:53 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.10.24 14:27:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE [2010.10.24 14:27:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.22 16:03:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable [2012.01.22 16:02:35 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF [2012.01.22 16:01:07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.01.22 15:59:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.22 14:40:37 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.22 14:40:37 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.22 14:40:37 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.22 14:40:37 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.22 14:40:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2012.01.22 14:40:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2012.01.22 14:40:37 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2012.01.22 14:40:37 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2012.01.22 14:30:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.01.22 14:20:32 | 087,204,930 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012.01.21 09:43:49 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.01.18 10:45:49 | 000,182,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf [2012.01.18 10:42:54 | 001,371,215 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf [2012.01.18 10:28:33 | 005,970,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf [2012.01.18 10:28:22 | 000,680,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf [2012.01.18 10:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.01.18 10:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.01.17 19:04:48 | 000,125,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012.01.16 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.01.06 11:52:44 | 000,000,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk [2012.01.01 21:09:23 | 000,515,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.01.01 21:09:23 | 000,492,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.01 21:09:23 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.01.01 21:09:23 | 000,083,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.01.01 21:09:23 | 000,064,045 | ---- | M] () -- C:\WINDOWS\System32\perfh009.gnq [2011.12.29 20:36:37 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk [2011.12.28 12:29:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.12.24 12:10:09 | 000,093,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.24 12:04:18 | 036,279,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6158.MOV.AVI [2011.12.24 12:02:10 | 022,097,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6432.MOV.AVI [2011.12.24 12:00:34 | 034,084,426 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6650.MOV.AVI [2011.12.24 11:54:55 | 013,344,466 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6069.MOV.AVI [2011.12.24 11:50:53 | 113,229,636 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6717.MOV.AVI [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.22 16:03:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable [2012.01.18 10:45:49 | 000,182,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf [2012.01.18 10:42:54 | 001,371,215 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf [2012.01.18 10:28:33 | 005,970,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf [2012.01.18 10:28:22 | 000,680,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf [2012.01.06 11:52:44 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk [2011.12.30 16:41:35 | 034,084,426 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6650.MOV.AVI [2011.12.30 16:41:33 | 022,097,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6432.MOV.AVI [2011.12.30 16:41:31 | 036,279,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6158.MOV.AVI [2011.12.29 20:36:37 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk [2011.12.24 11:54:06 | 013,344,466 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6069.MOV.AVI [2011.12.24 11:45:06 | 113,229,636 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6717.MOV.AVI [2011.12.24 11:32:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.08.25 20:00:28 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2011.08.17 09:25:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.08.17 09:25:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.07.16 14:26:27 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ShiftN.ini [2011.07.13 18:58:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.06.22 17:01:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2011.05.01 15:21:18 | 000,508,942 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1123561945-1708537768-1801674531-1004-0.dat [2011.05.01 15:21:17 | 000,187,766 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.03.30 15:54:49 | 000,049,288 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.01.31 21:21:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2011.01.31 20:59:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.12.14 17:07:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.23 21:13:31 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.23 21:13:29 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.11.23 21:13:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.11.23 21:13:23 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010.11.21 20:08:50 | 000,000,484 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010.11.06 11:54:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2010.10.25 21:30:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [2010.10.25 21:30:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL [2010.10.25 21:30:08 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2010.10.25 21:30:07 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2010.10.25 21:29:52 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll [2010.10.25 21:29:51 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe [2010.10.24 21:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2010.10.24 15:41:16 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.24 14:40:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.10.24 14:38:05 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.24 14:28:14 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2010.10.24 14:28:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2010.10.24 14:28:08 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2010.10.24 14:27:34 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2010.10.24 14:27:34 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010.10.24 14:27:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2010.10.24 14:27:23 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat [2010.10.24 14:27:23 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT [2010.10.24 14:27:23 | 000,217,272 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2010.10.24 14:27:23 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2010.10.24 14:27:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat [2010.10.24 14:27:22 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2010.10.24 14:27:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2010.10.24 14:27:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2010.10.24 14:27:19 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2010.10.24 14:27:19 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2010.10.24 14:27:02 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat [2010.10.24 14:05:17 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2010.10.24 14:05:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.10.24 14:05:09 | 000,005,396 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.10.24 14:05:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.10.24 13:49:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.10.24 13:46:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.04.14 07:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,515,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 13:00:00 | 000,492,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 13:00:00 | 000,083,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.24 17:45:54 | 000,000,000 | -H-D | M] -- C:\$AVG [2010.11.06 11:54:57 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2012.01.22 13:06:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.01.22 12:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.10.25 21:02:07 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.01.31 21:18:04 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.01.22 13:00:08 | 000,000,000 | R--D | M] -- C:\Programme [2010.10.24 22:02:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.10.24 13:51:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.22 12:45:11 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys [2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys [2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys [2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys [2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys [2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE > [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys [2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: REGEDIT.EXE > [2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-21 14:19:38 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > Gmer-Log und Extras.txt sind als zip im Anhang. Ich bin heute noch den ganzen Abend am PC, dann bin ich erstmal die nächsten drei Tage im Urlaub. Wenn ich mich also dann nicht melde, ist es nicht aus Unhöflichkeit, sondern weil ich nicht da bin Vielen Dank! |
|
23.01.2012, 14:28
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner: PSW.Generic9.RDX in services.exe (908)Zitat:
__________________ |
|
26.01.2012, 20:25
| #3 |
| | Trojaner: PSW.Generic9.RDX in services.exe (908) Hallo,
__________________ich habe jetzt Malwarebytes nochmal aktualisiert und einen vollständigen Scan gemacht. Dabei wurde noch "Trojan.FakeMS" in C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Sun\Java\Deployment\cache\.... gefunden. Der befindet sich jetzt in Quarantäne. Habe danach nochmal AVG drüber laufen lassen. Da hat sich nichts geändert. Danach habe ich nochmal alle Logfiles neu erstellt. Allerdings hat OTL mir keine Extras.txt mehr ausgespuckt. Hier der OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.01.2012 20:08:07 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = G:\Downloads\Virus Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,02% Memory free 4,34 Gb Paging File | 3,94 Gb Available in Paging File | 90,62% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34,47 Gb Total Space | 14,65 Gb Free Space | 42,49% Space Free | Partition Type: NTFS Drive G: | 186,31 Gb Total Space | 79,74 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Computer Name: ICH-0112C52BCD8 | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Downloads\Virus\OTL.exe PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\Programme\Java\bin\jqs.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.09.22 20:18:18 | 000,040,960 | ---- | M] (Topdownloads Networks) -- G:\Programme\Wallpaper Juggler\WallPaperJugglerM.exe PRC - [2003.10.06 07:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE ========== Modules (No Company Name) ========== MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.04.01 19:10:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- G:\Programme\Java\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- G:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2008.08.01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008.08.01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.11.19 03:13:54 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003.11.05 07:26:02 | 000,645,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2003.10.21 10:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003.10.21 10:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2003.10.14 04:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2003.10.13 10:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2003.10.08 03:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003.10.08 03:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2003.10.08 03:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003.03.05 08:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT) DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: G:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: G:\Programme\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: G:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: G:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Programme\Java\lib\deploy\jqs\ff [2010.12.05 22:21:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.22 18:55:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: G:\Programme\Mozilla Firefox\components [2011.12.23 14:13:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012.01.13 11:20:59 | 000,000,000 | ---D | M] [2010.10.24 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Extensions [2012.01.26 13:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions [2011.04.03 13:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.15 17:22:41 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2011.11.24 14:37:43 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\fastdial@telega.phpnet.us [2011.02.05 15:34:22 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\firefox@tvunetworks.com [2010.11.11 10:01:55 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\searchplugins\youtube-videosuche.xml [2011.12.22 18:55:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4 [2010.12.05 22:21:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAMME\JAVA\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010.10.25 20:58:10 | 000,423,305 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14591 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Wallpaper Juggler Monitor] G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks) O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5EBAF6-9EB2-4AB4-B120-39D2E8040FE7}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E6C79398-8351-A195-39DA-98768D40FCB8} - Java (Sun) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - G:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.26 13:32:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Recent [2012.01.26 10:43:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.26 10:43:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.26 10:43:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.01.22 12:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2012.01.22 12:42:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.01.22 12:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Simply Super Software [2012.01.22 12:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software [2012.01.21 23:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes [2012.01.21 23:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.13 12:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\Aktuell [2012.01.06 12:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Exodus-Logs [2012.01.06 11:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus [2012.01.06 11:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Exodus [2012.01.06 11:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple [2012.01.04 10:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.12.29 20:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Calibre Bibliothek [2011.12.29 20:36:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre [2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Programme\Calibre2 [2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management [2011.12.28 14:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Deluxe Ski Jump 4 [2010.10.24 14:27:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE [2010.10.24 14:27:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.26 19:30:33 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.01.26 19:30:23 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF [2012.01.26 19:29:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.01.26 19:29:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.26 14:59:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.26 14:59:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.26 14:59:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.26 14:59:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.26 14:59:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2012.01.26 14:59:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2012.01.26 14:59:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2012.01.26 14:59:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2012.01.26 10:45:38 | 087,445,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012.01.26 10:43:20 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 10:38:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.22 16:03:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable [2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.01.18 10:45:49 | 000,182,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf [2012.01.18 10:42:54 | 001,371,215 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf [2012.01.18 10:28:33 | 005,970,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf [2012.01.18 10:28:22 | 000,680,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf [2012.01.18 10:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.01.18 10:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.01.17 19:04:48 | 000,125,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012.01.16 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.01.06 11:52:44 | 000,000,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk [2012.01.01 21:09:23 | 000,515,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.01.01 21:09:23 | 000,492,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.01 21:09:23 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.01.01 21:09:23 | 000,083,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.01.01 21:09:23 | 000,064,045 | ---- | M] () -- C:\WINDOWS\System32\perfh009.gnq [2011.12.29 20:36:37 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.26 10:43:20 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.22 16:03:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable [2012.01.18 10:45:49 | 000,182,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf [2012.01.18 10:42:54 | 001,371,215 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf [2012.01.18 10:28:33 | 005,970,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf [2012.01.18 10:28:22 | 000,680,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf [2012.01.06 11:52:44 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk [2011.12.30 16:41:35 | 034,084,426 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6650.MOV.AVI [2011.12.30 16:41:33 | 022,097,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6432.MOV.AVI [2011.12.30 16:41:31 | 036,279,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6158.MOV.AVI [2011.12.29 20:36:37 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk [2011.12.24 11:32:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.08.25 20:00:28 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2011.08.17 09:25:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.08.17 09:25:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.07.16 14:26:27 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ShiftN.ini [2011.07.13 18:58:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.06.22 17:01:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2011.05.01 15:21:18 | 000,508,942 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1123561945-1708537768-1801674531-1004-0.dat [2011.05.01 15:21:17 | 000,187,766 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.03.30 15:54:49 | 000,049,288 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.01.31 21:21:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2011.01.31 20:59:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.12.14 17:07:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.23 21:13:31 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.23 21:13:29 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.11.23 21:13:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.11.23 21:13:23 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010.11.21 20:08:50 | 000,000,484 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010.11.06 11:54:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2010.10.25 21:30:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [2010.10.25 21:30:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL [2010.10.25 21:30:08 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2010.10.25 21:30:07 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2010.10.25 21:29:52 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll [2010.10.25 21:29:51 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe [2010.10.24 21:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2010.10.24 15:41:16 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.24 14:40:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.10.24 14:38:05 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.24 14:28:14 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2010.10.24 14:28:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2010.10.24 14:28:08 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2010.10.24 14:27:34 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2010.10.24 14:27:34 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010.10.24 14:27:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2010.10.24 14:27:23 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat [2010.10.24 14:27:23 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT [2010.10.24 14:27:23 | 000,217,272 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2010.10.24 14:27:23 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2010.10.24 14:27:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat [2010.10.24 14:27:22 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2010.10.24 14:27:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2010.10.24 14:27:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2010.10.24 14:27:19 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2010.10.24 14:27:19 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2010.10.24 14:27:02 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat [2010.10.24 14:05:17 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2010.10.24 14:05:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.10.24 14:05:09 | 000,005,396 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.10.24 14:05:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.10.24 13:49:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.10.24 13:46:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.04.14 07:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,515,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 13:00:00 | 000,492,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 13:00:00 | 000,083,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011.05.06 19:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2011.04.05 14:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BMWiSoftware [2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.05.14 09:23:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2010.12.04 12:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAXQDA10 [2011.05.06 19:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2011.07.02 16:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase One [2012.01.22 12:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.05.22 13:16:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications [2010.12.07 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.# [2012.01.06 11:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple [2011.08.08 19:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Acumen Business Systems Ltd [2012.01.22 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Alpen 3D Online [2010.10.24 22:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\AVG10 [2011.12.29 20:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre [2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canneverbe Limited [2011.03.31 20:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canon [2011.05.22 11:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Duden [2011.09.25 10:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoft [2011.09.25 10:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.01.06 12:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus [2011.12.17 14:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\FILEminimizerPictures [2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Haufe [2010.11.21 21:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Leadertech [2010.11.05 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\MAXQDA10 [2011.06.21 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PersBackup5 [2011.05.01 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\rooms-configurator [2012.01.22 12:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software [2011.05.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SoftGrid Client [2011.08.11 10:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP [2011.08.25 18:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Unity [2011.12.07 21:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WordToPDF [2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.24 17:45:54 | 000,000,000 | -H-D | M] -- C:\$AVG [2010.11.06 11:54:57 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2012.01.22 16:38:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.01.22 12:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.10.25 21:02:07 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.01.31 21:18:04 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.01.26 19:17:11 | 000,000,000 | R--D | M] -- C:\Programme [2010.10.24 22:02:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.10.24 13:51:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.26 19:29:57 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys [2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys [2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys [2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys [2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys [2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys [2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE > [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys [2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: REGEDIT.EXE > [2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-21 14:19:38 ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > Und im Anhang Malwarebytes und die gmer.txt. Vielen Dank schonmal! |
|
26.01.2012, 21:17
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Generic9.RDX in services.exe (908)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2012, 10:36
| #5 |
| | Trojaner: PSW.Generic9.RDX in services.exe (908) Hallo, im Anhang der Log mit dem Fund. Musste den Scan leider abbrechen, weil ich schnell weg musste. Wie gesagt, oben ist dann nochmal der Log von einem vollständigen Scan danach. |
|
27.01.2012, 11:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Generic9.RDX in services.exe (908) Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> Trojaner: PSW.Generic9.RDX in services.exe (908) |
|
28.01.2012, 13:54
| #7 | |
| | Trojaner: PSW.Generic9.RDX in services.exe (908) Hallo und danke für die schnelle Antwort! Hier das neue Log: Zitat:
|
|
29.01.2012, 18:37
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Generic9.RDX in services.exe (908)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 10:33
| #9 |
| | Trojaner: PSW.Generic9.RDX in services.exe (908) Hallo, die Datei ist ein Excel-Template zum Erstellen von Gantt-Charts. Ist schon lange her, dass ich das gebraucht habe. Habe es aber nochmal gegooglet und ich nehme an, dass ich es direkt von download.cnet.com runtergeladen habe (hxxp://download.cnet.com/Gantt-Chart-Template-for-Excel/3010-2076_4-75326607.html). |
|
30.01.2012, 10:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Generic9.RDX in services.exe (908) Dann ist es wohl ein Fehlalarm. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 11:06
| #11 |
| | Trojaner: PSW.Generic9.RDX in services.exe (908) Das ging ja mal wieder schnell. Danke Hier das neue Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.01.2012 10:56:46 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Ich\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 76,77% Memory free 4,34 Gb Paging File | 3,81 Gb Available in Paging File | 87,65% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34,47 Gb Total Space | 14,45 Gb Free Space | 41,92% Space Free | Partition Type: NTFS Drive G: | 186,31 Gb Total Space | 79,74 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Computer Name: ICH-0112C52BCD8 | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\Programme\Java\bin\jqs.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.09.22 20:18:18 | 000,040,960 | ---- | M] (Topdownloads Networks) -- G:\Programme\Wallpaper Juggler\WallPaperJugglerM.exe PRC - [2003.10.06 07:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE ========== Modules (No Company Name) ========== MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.04.01 19:10:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- G:\Programme\Java\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- G:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2008.08.01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008.08.01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.11.19 03:13:54 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003.11.05 07:26:02 | 000,645,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2003.10.21 10:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003.10.21 10:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2003.10.14 04:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2003.10.13 10:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2003.10.08 03:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2003.10.08 03:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2003.10.08 03:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003.03.05 08:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT) DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: G:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: G:\Programme\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: G:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: G:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Programme\Java\lib\deploy\jqs\ff [2010.12.05 22:21:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.22 18:55:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: G:\Programme\Mozilla Firefox\components [2011.12.23 14:13:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012.01.13 11:20:59 | 000,000,000 | ---D | M] [2010.10.24 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Extensions [2012.01.26 13:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions [2011.04.03 13:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.15 17:22:41 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2011.11.24 14:37:43 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\fastdial@telega.phpnet.us [2011.02.05 15:34:22 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\firefox@tvunetworks.com [2010.11.11 10:01:55 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\searchplugins\youtube-videosuche.xml [2011.12.22 18:55:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4 [2010.12.05 22:21:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAMME\JAVA\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010.10.25 20:58:10 | 000,423,305 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14591 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Wallpaper Juggler Monitor] G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks) O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5EBAF6-9EB2-4AB4-B120-39D2E8040FE7}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - G:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - Reg Error: Value error. SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E6C79398-8351-A195-39DA-98768D40FCB8} - Java (Sun) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.28 12:22:13 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.01.26 20:15:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2012.01.26 13:32:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Recent [2012.01.26 10:43:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.26 10:43:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.26 10:43:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.01.22 12:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2012.01.22 12:42:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.01.22 12:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Simply Super Software [2012.01.22 12:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software [2012.01.21 23:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes [2012.01.21 23:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.13 12:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\Aktuell [2012.01.06 12:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Exodus-Logs [2012.01.06 11:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus [2012.01.06 11:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Exodus [2012.01.06 11:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple [2012.01.04 10:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2010.10.24 14:27:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE [2010.10.24 14:27:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.30 10:45:24 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF [2012.01.30 10:45:08 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.01.30 10:44:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.29 17:48:20 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.29 17:48:20 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.29 17:48:20 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.29 17:48:20 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2012.01.29 17:48:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2012.01.29 17:48:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2012.01.29 17:48:20 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2012.01.29 17:48:20 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2012.01.29 17:30:04 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.01.29 13:38:35 | 087,711,695 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012.01.26 10:43:20 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.26 10:38:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2012.01.22 16:03:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable [2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.01.18 10:45:49 | 000,182,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf [2012.01.18 10:42:54 | 001,371,215 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf [2012.01.18 10:28:33 | 005,970,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf [2012.01.18 10:28:22 | 000,680,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf [2012.01.18 10:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.01.18 10:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.01.17 19:04:48 | 000,125,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012.01.16 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.01.06 11:52:44 | 000,000,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk [2012.01.01 21:09:23 | 000,515,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.01.01 21:09:23 | 000,492,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.01 21:09:23 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.01.01 21:09:23 | 000,083,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.01.01 21:09:23 | 000,064,045 | ---- | M] () -- C:\WINDOWS\System32\perfh009.gnq [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.26 10:43:20 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.22 16:03:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable [2012.01.18 10:45:49 | 000,182,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf [2012.01.18 10:42:54 | 001,371,215 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf [2012.01.18 10:28:33 | 005,970,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf [2012.01.18 10:28:22 | 000,680,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf [2012.01.06 11:52:44 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk [2011.12.24 11:32:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.08.25 20:00:28 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2011.08.17 09:25:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.08.17 09:25:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.07.16 14:26:27 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ShiftN.ini [2011.07.13 18:58:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.06.22 17:01:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2011.05.01 15:21:18 | 000,508,942 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1123561945-1708537768-1801674531-1004-0.dat [2011.05.01 15:21:17 | 000,187,766 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.03.30 15:54:49 | 000,049,288 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.01.31 21:21:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2011.01.31 20:59:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.12.14 17:07:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.23 21:13:31 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.23 21:13:29 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.11.23 21:13:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.11.23 21:13:23 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010.11.21 20:08:50 | 000,000,484 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010.11.06 11:54:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL [2010.10.25 21:30:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [2010.10.25 21:30:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL [2010.10.25 21:30:08 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2010.10.25 21:30:07 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2010.10.25 21:29:52 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll [2010.10.25 21:29:51 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe [2010.10.24 21:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat [2010.10.24 15:41:16 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.24 14:40:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.10.24 14:38:05 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.24 14:28:14 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2010.10.24 14:28:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2010.10.24 14:28:08 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2010.10.24 14:27:34 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2010.10.24 14:27:34 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010.10.24 14:27:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2010.10.24 14:27:23 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat [2010.10.24 14:27:23 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT [2010.10.24 14:27:23 | 000,217,272 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2010.10.24 14:27:23 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2010.10.24 14:27:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat [2010.10.24 14:27:22 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2010.10.24 14:27:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2010.10.24 14:27:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2010.10.24 14:27:19 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2010.10.24 14:27:19 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2010.10.24 14:27:02 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat [2010.10.24 14:05:17 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2010.10.24 14:05:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.10.24 14:05:09 | 000,005,396 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.10.24 14:05:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.10.24 13:49:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.10.24 13:46:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.04.14 07:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,515,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 13:00:00 | 000,492,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 13:00:00 | 000,083,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011.05.06 19:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2011.04.05 14:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BMWiSoftware [2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2011.05.14 09:23:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2010.12.04 12:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAXQDA10 [2011.05.06 19:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2011.07.02 16:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase One [2012.01.22 12:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.05.22 13:16:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications [2010.12.07 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.# [2012.01.06 11:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple [2011.08.08 19:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Acumen Business Systems Ltd [2012.01.22 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Alpen 3D Online [2010.10.24 22:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\AVG10 [2011.12.29 20:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre [2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canneverbe Limited [2011.03.31 20:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canon [2011.05.22 11:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Duden [2011.09.25 10:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoft [2011.09.25 10:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.01.06 12:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus [2011.12.17 14:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\FILEminimizerPictures [2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Haufe [2010.11.21 21:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Leadertech [2010.11.05 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\MAXQDA10 [2011.06.21 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PersBackup5 [2011.05.01 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\rooms-configurator [2012.01.22 12:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software [2011.05.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SoftGrid Client [2011.08.11 10:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP [2011.08.25 18:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Unity [2011.12.07 21:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WordToPDF [2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.# [2012.01.06 11:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple [2011.08.08 19:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Acumen Business Systems Ltd [2011.12.06 16:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Adobe [2012.01.22 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Alpen 3D Online [2011.11.07 11:59:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Apple Computer [2010.10.24 22:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\AVG10 [2011.12.29 20:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre [2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canneverbe Limited [2011.03.31 20:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canon [2010.10.24 14:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Creative [2010.11.04 15:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DivX [2011.05.22 11:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Duden [2011.09.25 10:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoft [2011.09.25 10:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.01.06 12:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus [2011.12.17 14:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\FILEminimizerPictures [2011.04.09 12:58:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Google [2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Haufe [2010.10.31 13:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Help [2010.10.24 13:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Identities [2010.11.21 21:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Leadertech [2011.04.12 12:00:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Macromedia [2012.01.21 23:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes [2010.11.05 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\MAXQDA10 [2011.12.06 16:46:23 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft [2010.10.24 21:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla [2011.06.21 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PersBackup5 [2011.05.01 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\rooms-configurator [2010.11.21 21:07:51 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SecuROM [2012.01.22 12:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software [2011.11.26 12:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Skype [2011.06.20 20:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\skypePM [2011.05.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SoftGrid Client [2010.12.05 22:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Sun [2011.08.11 10:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP [2011.08.25 18:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Unity [2011.08.22 10:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\vlc [2012.01.21 22:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Winamp [2010.10.31 13:31:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WinRAR [2011.12.07 21:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WordToPDF [2011.03.31 20:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ZoomBrowser EX < %APPDATA%\*.exe /s > [2011.12.05 21:15:20 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.12.07 16:53:01 | 000,043,385 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_112D608FD02CD87FDC7735.exe [2011.12.07 16:53:01 | 000,043,385 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_1A508631B9BA7A5663EE5C.exe [2011.12.07 16:53:01 | 000,032,579 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_853F67D554F05449430E7E.exe [2011.12.05 21:05:39 | 000,032,579 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{B539E69D-DD59-457D-A926-CF01ACA6D04C}\_853F67D554F05449430E7E.exe [2010.07.05 14:30:36 | 003,687,344 | ---- | M] (Simply Super Software) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software\Trojan Remover\iaa6.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\drivers\nvatabus.sys [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvatabus.sys [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvatabus.sys < MD5 for: NVGTS.SYS > [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=37954CD1D0AFC11BECD149F7C3EC88C2 -- C:\NVIDIA\nForceWin2k\15.23\IS\IDE\WinXP\sataraid\nvgts.sys [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\NVIDIA\nForceWin2k\15.23\IS\IDE\WinXP\sata_ide\nvgts.sys [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.10.24 15:37:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010.10.24 15:37:06 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010.10.24 15:37:06 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > [/code] |
|
30.01.2012, 11:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Generic9.RDX in services.exe (908) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
[2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.#
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 12:59
| #13 |
| | Trojaner: PSW.Generic9.RDX in services.exe (908) Hier das neue Log: Code:
ATTFilter All processes killed
========== OTL ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
G:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
C:\WINDOWS\system32\cmd.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
File D:\ASUSACPI.exe not found.
C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.# folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 721485 bytes
->Temporary Internet Files folder emptied: 12331512 bytes
->Flash cache emptied: 56475 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Ich
->Temp folder emptied: 5514486 bytes
->Temporary Internet Files folder emptied: 833504 bytes
->Java cache emptied: 5813044 bytes
->FireFox cache emptied: 50458148 bytes
->Flash cache emptied: 57485 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2512158 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 400464 bytes
RecycleBin emptied: 13017 bytes
Total Files Cleaned = 75,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01302012_125218
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\577beb9a scheduled to be moved on reboot.
C:\WINDOWS\temp\68055cd moved successfully.
File move failed. C:\WINDOWS\temp\9ac821d5 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\faa62aa scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
30.01.2012, 13:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Generic9.RDX in services.exe (908) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 13:17
| #15 |
| | Trojaner: PSW.Generic9.RDX in services.exe (908) Und das nächste Log Code:
ATTFilter 13:13:48.0453 2120 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:13:48.0656 2120 ============================================================
13:13:48.0656 2120 Current date / time: 2012/01/30 13:13:48.0656
13:13:48.0656 2120 SystemInfo:
13:13:48.0656 2120
13:13:48.0656 2120 OS Version: 5.1.2600 ServicePack: 3.0
13:13:48.0656 2120 Product type: Workstation
13:13:48.0656 2120 ComputerName: ICH-0112C52BCD8
13:13:48.0656 2120 UserName: Ich
13:13:48.0656 2120 Windows directory: C:\WINDOWS
13:13:48.0656 2120 System windows directory: C:\WINDOWS
13:13:48.0656 2120 Processor architecture: Intel x86
13:13:48.0656 2120 Number of processors: 1
13:13:48.0656 2120 Page size: 0x1000
13:13:48.0656 2120 Boot type: Normal boot
13:13:48.0656 2120 ============================================================
13:13:49.0125 2120 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5EA22, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000058
13:13:49.0140 2120 Drive \Device\Harddisk1\DR1 - Size: 0x89E89C000 (34.48 Gb), SectorSize: 0x200, Cylinders: 0x1194, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:13:49.0234 2120 Initialize success
13:14:52.0484 4060 ============================================================
13:14:52.0484 4060 Scan started
13:14:52.0484 4060 Mode: Manual; SigCheck; TDLFS;
13:14:52.0484 4060 ============================================================
13:14:52.0968 4060 Abiosdsk - ok
13:14:52.0984 4060 abp480n5 - ok
13:14:53.0015 4060 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:14:53.0625 4060 ACPI - ok
13:14:53.0656 4060 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:14:53.0765 4060 ACPIEC - ok
13:14:53.0781 4060 adpu160m - ok
13:14:53.0812 4060 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:14:53.0906 4060 aec - ok
13:14:53.0921 4060 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:14:53.0968 4060 AFD - ok
13:14:53.0984 4060 Aha154x - ok
13:14:53.0984 4060 aic78u2 - ok
13:14:54.0000 4060 aic78xx - ok
13:14:54.0031 4060 AliIde - ok
13:14:54.0031 4060 amsint - ok
13:14:54.0078 4060 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:14:54.0187 4060 Arp1394 - ok
13:14:54.0187 4060 asc - ok
13:14:54.0203 4060 asc3350p - ok
13:14:54.0218 4060 asc3550 - ok
13:14:54.0250 4060 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:14:54.0375 4060 AsyncMac - ok
13:14:54.0406 4060 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:14:54.0531 4060 atapi - ok
13:14:54.0546 4060 Atdisk - ok
13:14:54.0578 4060 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:14:54.0687 4060 Atmarpc - ok
13:14:54.0718 4060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:14:54.0828 4060 audstub - ok
13:14:54.0859 4060 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:14:54.0875 4060 AVGIDSDriver - ok
13:14:54.0906 4060 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:14:54.0906 4060 AVGIDSEH - ok
13:14:54.0921 4060 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:14:54.0937 4060 AVGIDSFilter - ok
13:14:54.0953 4060 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:14:54.0953 4060 AVGIDSShim - ok
13:14:55.0000 4060 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:14:55.0015 4060 Avgldx86 - ok
13:14:55.0015 4060 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:14:55.0031 4060 Avgmfx86 - ok
13:14:55.0062 4060 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:14:55.0062 4060 Avgrkx86 - ok
13:14:55.0093 4060 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:14:55.0109 4060 Avgtdix - ok
13:14:55.0140 4060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:14:55.0234 4060 Beep - ok
13:14:55.0265 4060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:14:55.0406 4060 cbidf2k - ok
13:14:55.0406 4060 cd20xrnt - ok
13:14:55.0421 4060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:14:55.0531 4060 Cdaudio - ok
13:14:55.0562 4060 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:14:55.0671 4060 Cdfs - ok
13:14:55.0718 4060 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:14:55.0812 4060 Cdrom - ok
13:14:55.0828 4060 Changer - ok
13:14:55.0859 4060 CmdIde - ok
13:14:55.0875 4060 Cpqarray - ok
13:14:55.0921 4060 ctac32k (39e4d8f8e627eca4a76d9843606bae0a) C:\WINDOWS\system32\drivers\ctac32k.sys
13:14:55.0937 4060 ctac32k - ok
13:14:55.0968 4060 ctaud2k (de80bd73c255f8fecaf271c04a022a2f) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:14:56.0000 4060 ctaud2k - ok
13:14:56.0031 4060 ctdvda2k (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:14:56.0046 4060 ctdvda2k - ok
13:14:56.0093 4060 ctprxy2k (a07820a06bfdbffa1d207c7778205a4d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:14:56.0093 4060 ctprxy2k - ok
13:14:56.0125 4060 ctsfm2k (d29b3eeb5155a06b94f8d75c126a9c0c) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:14:56.0125 4060 ctsfm2k - ok
13:14:56.0140 4060 dac2w2k - ok
13:14:56.0156 4060 dac960nt - ok
13:14:56.0171 4060 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:14:56.0296 4060 Disk - ok
13:14:56.0343 4060 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:14:56.0468 4060 dmboot - ok
13:14:56.0500 4060 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:14:56.0609 4060 dmio - ok
13:14:56.0640 4060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:14:56.0750 4060 dmload - ok
13:14:56.0781 4060 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:14:56.0890 4060 DMusic - ok
13:14:56.0906 4060 dpti2o - ok
13:14:56.0921 4060 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:14:57.0031 4060 drmkaud - ok
13:14:57.0062 4060 emupia (39fbced3e762b85846b3da494fcd33fe) C:\WINDOWS\system32\drivers\emupia2k.sys
13:14:57.0078 4060 emupia - ok
13:14:57.0109 4060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:14:57.0218 4060 Fastfat - ok
13:14:57.0234 4060 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:14:57.0359 4060 Fdc - ok
13:14:57.0375 4060 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:14:57.0484 4060 Fips - ok
13:14:57.0500 4060 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:14:57.0625 4060 Flpydisk - ok
13:14:57.0671 4060 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:14:57.0781 4060 FltMgr - ok
13:14:57.0796 4060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:14:57.0921 4060 Fs_Rec - ok
13:14:57.0937 4060 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:14:58.0046 4060 Ftdisk - ok
13:14:58.0062 4060 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:14:58.0187 4060 gameenum - ok
13:14:58.0218 4060 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:14:58.0343 4060 Gpc - ok
13:14:58.0406 4060 ha10kx2k (848f9033ad1c2c6f7ee7e65c2daf45f1) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:14:58.0453 4060 ha10kx2k - ok
13:14:58.0484 4060 hap16v2k (d2fe992041527ef54e438a3fc82d3b23) C:\WINDOWS\system32\drivers\hap16v2k.sys
13:14:58.0515 4060 hap16v2k - ok
13:14:58.0562 4060 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:14:58.0687 4060 HidUsb - ok
13:14:58.0703 4060 hpn - ok
13:14:58.0765 4060 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:14:58.0781 4060 HTTP - ok
13:14:58.0796 4060 i2omgmt - ok
13:14:58.0812 4060 i2omp - ok
13:14:58.0828 4060 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:14:58.0937 4060 i8042prt - ok
13:14:58.0968 4060 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:14:59.0078 4060 Imapi - ok
13:14:59.0109 4060 ini910u - ok
13:14:59.0125 4060 IntelIde - ok
13:14:59.0140 4060 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:14:59.0250 4060 Ip6Fw - ok
13:14:59.0265 4060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:14:59.0390 4060 IpFilterDriver - ok
13:14:59.0406 4060 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:14:59.0531 4060 IpInIp - ok
13:14:59.0562 4060 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:14:59.0671 4060 IpNat - ok
13:14:59.0687 4060 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:14:59.0812 4060 IPSec - ok
13:14:59.0828 4060 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:14:59.0875 4060 IRENUM - ok
13:14:59.0890 4060 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:15:00.0000 4060 isapnp - ok
13:15:00.0031 4060 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:15:00.0140 4060 Kbdclass - ok
13:15:00.0171 4060 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:15:00.0296 4060 kmixer - ok
13:15:00.0328 4060 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:15:00.0343 4060 KSecDD - ok
13:15:00.0421 4060 Lavasoft Kernexplorer - ok
13:15:00.0437 4060 lbrtfdc - ok
13:15:00.0468 4060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:15:00.0593 4060 mnmdd - ok
13:15:00.0609 4060 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:15:00.0718 4060 Modem - ok
13:15:00.0750 4060 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:15:00.0859 4060 Mouclass - ok
13:15:00.0890 4060 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:15:01.0000 4060 mouhid - ok
13:15:01.0015 4060 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:15:01.0125 4060 MountMgr - ok
13:15:01.0140 4060 mraid35x - ok
13:15:01.0156 4060 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:15:01.0265 4060 MRxDAV - ok
13:15:01.0296 4060 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:15:01.0312 4060 MRxSmb - ok
13:15:01.0343 4060 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:15:01.0437 4060 Msfs - ok
13:15:01.0468 4060 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:15:01.0578 4060 MSKSSRV - ok
13:15:01.0593 4060 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:15:01.0703 4060 MSPCLOCK - ok
13:15:01.0718 4060 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:15:01.0843 4060 MSPQM - ok
13:15:01.0859 4060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:15:01.0968 4060 mssmbios - ok
13:15:02.0000 4060 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
13:15:02.0125 4060 ms_mpu401 - ok
13:15:02.0156 4060 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:15:02.0171 4060 MTsensor - ok
13:15:02.0187 4060 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:15:02.0234 4060 Mup - ok
13:15:02.0265 4060 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:15:02.0390 4060 NDIS - ok
13:15:02.0421 4060 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:15:02.0453 4060 NdisTapi - ok
13:15:02.0468 4060 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:15:02.0593 4060 Ndisuio - ok
13:15:02.0609 4060 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:15:02.0718 4060 NdisWan - ok
13:15:02.0750 4060 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:15:02.0781 4060 NDProxy - ok
13:15:02.0796 4060 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:15:02.0906 4060 NetBIOS - ok
13:15:02.0921 4060 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:15:03.0031 4060 NetBT - ok
13:15:03.0062 4060 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:15:03.0171 4060 NIC1394 - ok
13:15:03.0203 4060 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:15:03.0312 4060 Npfs - ok
13:15:03.0343 4060 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:15:03.0453 4060 Ntfs - ok
13:15:03.0500 4060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:15:03.0625 4060 Null - ok
13:15:03.0906 4060 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:15:04.0156 4060 nv - ok
13:15:04.0187 4060 nvatabus (c8daa008f9e390b9da504c1cd0da1ee9) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
13:15:04.0203 4060 nvatabus ( UnsignedFile.Multi.Generic ) - warning
13:15:04.0203 4060 nvatabus - detected UnsignedFile.Multi.Generic (1)
13:15:04.0250 4060 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:15:04.0250 4060 NVENETFD - ok
13:15:04.0265 4060 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:15:04.0281 4060 nvgts - ok
13:15:04.0312 4060 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:15:04.0328 4060 nvnetbus - ok
13:15:04.0359 4060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:15:04.0453 4060 NwlnkFlt - ok
13:15:04.0468 4060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:15:04.0578 4060 NwlnkFwd - ok
13:15:04.0625 4060 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:15:04.0718 4060 ohci1394 - ok
13:15:04.0750 4060 ossrv (64631723b13cbcc153294347535844be) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:15:04.0765 4060 ossrv - ok
13:15:04.0796 4060 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:15:04.0906 4060 Parport - ok
13:15:04.0921 4060 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:15:05.0031 4060 PartMgr - ok
13:15:05.0062 4060 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:15:05.0171 4060 ParVdm - ok
13:15:05.0203 4060 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:15:05.0312 4060 PCI - ok
13:15:05.0312 4060 PCIDump - ok
13:15:05.0328 4060 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:15:05.0453 4060 PCIIde - ok
13:15:05.0484 4060 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:15:05.0593 4060 Pcmcia - ok
13:15:05.0593 4060 PDCOMP - ok
13:15:05.0609 4060 PDFRAME - ok
13:15:05.0625 4060 PDRELI - ok
13:15:05.0640 4060 PDRFRAME - ok
13:15:05.0656 4060 perc2 - ok
13:15:05.0671 4060 perc2hib - ok
13:15:05.0703 4060 PfDetNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
13:15:05.0718 4060 PfDetNT - ok
13:15:05.0750 4060 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:15:05.0859 4060 PptpMiniport - ok
13:15:05.0875 4060 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:15:05.0984 4060 Processor - ok
13:15:06.0000 4060 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:15:06.0109 4060 PSched - ok
13:15:06.0140 4060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:15:06.0281 4060 Ptilink - ok
13:15:06.0312 4060 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:15:06.0312 4060 PxHelp20 - ok
13:15:06.0328 4060 ql1080 - ok
13:15:06.0343 4060 Ql10wnt - ok
13:15:06.0359 4060 ql12160 - ok
13:15:06.0375 4060 ql1240 - ok
13:15:06.0390 4060 ql1280 - ok
13:15:06.0406 4060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:15:06.0531 4060 RasAcd - ok
13:15:06.0546 4060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:15:06.0656 4060 Rasl2tp - ok
13:15:06.0671 4060 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:15:06.0781 4060 RasPppoe - ok
13:15:06.0796 4060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:15:06.0890 4060 Raspti - ok
13:15:06.0921 4060 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:15:07.0046 4060 Rdbss - ok
13:15:07.0062 4060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:15:07.0140 4060 RDPCDD - ok
13:15:07.0187 4060 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:15:07.0203 4060 RDPWD - ok
13:15:07.0234 4060 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:15:07.0343 4060 redbook - ok
13:15:07.0390 4060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:15:07.0437 4060 Secdrv - ok
13:15:07.0468 4060 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:15:07.0578 4060 serenum - ok
13:15:07.0609 4060 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:15:07.0703 4060 Serial - ok
13:15:07.0765 4060 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:15:07.0875 4060 Sfloppy - ok
13:15:07.0890 4060 Simbad - ok
13:15:07.0906 4060 Sparrow - ok
13:15:07.0937 4060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:15:08.0031 4060 splitter - ok
13:15:08.0078 4060 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:15:08.0125 4060 sr - ok
13:15:08.0171 4060 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:15:08.0187 4060 Srv - ok
13:15:08.0234 4060 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:15:08.0234 4060 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:15:08.0234 4060 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:15:08.0265 4060 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:15:08.0375 4060 swenum - ok
13:15:08.0468 4060 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:15:08.0578 4060 swmidi - ok
13:15:08.0593 4060 symc810 - ok
13:15:08.0609 4060 symc8xx - ok
13:15:08.0625 4060 sym_hi - ok
13:15:08.0640 4060 sym_u3 - ok
13:15:08.0656 4060 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:15:08.0781 4060 sysaudio - ok
13:15:08.0828 4060 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:15:08.0843 4060 Tcpip - ok
13:15:08.0890 4060 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:15:09.0031 4060 TDPIPE - ok
13:15:09.0046 4060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:15:09.0140 4060 TDTCP - ok
13:15:09.0171 4060 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:15:09.0281 4060 TermDD - ok
13:15:09.0296 4060 TosIde - ok
13:15:09.0343 4060 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:15:09.0437 4060 Udfs - ok
13:15:09.0453 4060 ultra - ok
13:15:09.0484 4060 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:15:09.0578 4060 Update - ok
13:15:09.0625 4060 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:15:09.0734 4060 usbccgp - ok
13:15:09.0781 4060 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:15:09.0890 4060 usbehci - ok
13:15:09.0906 4060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:15:10.0000 4060 usbhub - ok
13:15:10.0015 4060 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:15:10.0140 4060 usbohci - ok
13:15:10.0156 4060 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:15:10.0265 4060 usbprint - ok
13:15:10.0281 4060 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:15:10.0375 4060 usbscan - ok
13:15:10.0406 4060 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:15:10.0515 4060 USBSTOR - ok
13:15:10.0546 4060 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:15:10.0640 4060 VgaSave - ok
13:15:10.0656 4060 ViaIde - ok
13:15:10.0671 4060 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:15:10.0781 4060 VolSnap - ok
13:15:10.0812 4060 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:15:10.0921 4060 Wanarp - ok
13:15:10.0921 4060 WDICA - ok
13:15:10.0968 4060 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:15:11.0062 4060 wdmaud - ok
13:15:11.0140 4060 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:15:11.0234 4060 WS2IFSL - ok
13:15:11.0265 4060 xcpip - ok
13:15:11.0281 4060 xpsec - ok
13:15:11.0296 4060 yjlck5l8.sys - ok
13:15:11.0375 4060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:15:11.0421 4060 \Device\Harddisk0\DR0 - ok
13:15:11.0437 4060 MBR (0x1B8) (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk1\DR1
13:15:11.0437 4060 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - infected
13:15:11.0437 4060 \Device\Harddisk1\DR1 - detected Backdoor.Win32.Sinowal.knf (0)
13:15:11.0531 4060 Boot (0x1200) (fb4d094934f7b17682ad395bfe5b8266) \Device\Harddisk0\DR0\Partition0
13:15:11.0531 4060 \Device\Harddisk0\DR0\Partition0 - ok
13:15:11.0562 4060 Boot (0x1200) (4c273b1809c7eed5d127e27c1de43e37) \Device\Harddisk1\DR1\Partition0
13:15:11.0562 4060 \Device\Harddisk1\DR1\Partition0 - ok
13:15:11.0562 4060 ============================================================
13:15:11.0562 4060 Scan finished
13:15:11.0562 4060 ============================================================
13:15:11.0671 1220 Detected object count: 3
13:15:11.0671 1220 Actual detected object count: 3
13:15:30.0937 1220 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:30.0937 1220 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:30.0937 1220 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:30.0937 1220 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:30.0937 1220 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
13:15:30.0937 1220 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
|
|
| Themen zu Trojaner: PSW.Generic9.RDX in services.exe (908) |
| .com, 0x00000001, ad-aware, alternate, bho, bildschirm, bonjour, c:\windows\system32\cmd.exe, cdburnerxp, computer, converter, desktop, einstellungen, error, firefox, google earth, home, langsam, logfile, maus, mp3, msvcrt, otl-log, plug-in, registry, required, rescue cd, rundll, scan, sehr langsam, services.exe, software, studio, super, system, trojaner, version=1.0, win32k.sys, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
