| |
| |||||||
Log-Analyse und Auswertung: verdacht von spyeye infizierungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.07.2012, 16:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  verdacht von spyeye infizierungCode:
ATTFilter Scan Mode: Current user
Haken bei alle Benutzer UND CustomScan muss es sein
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.07.2012, 12:36
| #17 |
 | verdacht von spyeye infizierung Code:
ATTFilter OTL logfile created on: 18.07.2012 20:25:06 - Run 4 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\olli\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 77,28% Memory free 6,02 Gb Paging File | 5,41 Gb Available in Paging File | 89,96% Paging File free Paging file location(s): C:\pagefile.sys 3000 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 119,99 Gb Total Space | 73,00 Gb Free Space | 60,84% Space Free | Partition Type: NTFS Drive D: | 345,75 Gb Total Space | 335,80 Gb Free Space | 97,12% Space Free | Partition Type: NTFS Computer Name: ABE1 | User Name: olli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.15 16:41:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\olli\Desktop\OTL.exe PRC - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.02.09 12:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe PRC - [2011.10.28 15:36:43 | 001,617,416 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe PRC - [2011.10.28 03:40:14 | 001,554,184 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe PRC - [2011.08.17 15:00:02 | 001,011,208 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe PRC - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe PRC - [2011.08.10 14:20:30 | 001,613,424 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2008.05.21 14:30:26 | 001,423,360 | ---- | M] () -- C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe PRC - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2002.07.23 12:09:48 | 000,477,184 | ---- | M] (Chicony) -- C:\WINDOWS\mHotkey.exe ========== Modules (No Company Name) ========== MOD - [2012.07.17 21:34:52 | 001,783,808 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\G DATA\AVKScanP\Avast5\defs\12071701\algo.dll MOD - [2008.05.21 14:30:26 | 001,423,360 | ---- | M] () -- C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe MOD - [2008.02.25 16:08:54 | 000,208,896 | ---- | M] () -- C:\Programme\ASUS\AI Suite\AiNap\AiNap.dll MOD - [2001.07.02 21:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2011.10.28 03:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.08.10 14:20:30 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2010.05.14 15:02:54 | 000,246,256 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_73F2BDBC) SRV - [2010.04.22 14:16:34 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GenBus.sys -- (EST_BusEnum) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.02.16 20:12:55 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61) DRV - [2012.02.16 20:12:49 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.12.22 15:32:33 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2011.12.22 15:32:33 | 000,040,568 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.12.22 15:32:33 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2011.10.10 20:19:40 | 000,052,216 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2011.09.15 19:31:28 | 000,069,272 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2011.09.08 10:23:13 | 000,030,200 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc) DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.10.22 16:33:26 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2010.10.22 16:33:24 | 000,038,664 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2010.10.22 16:33:20 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2010.02.24 16:38:48 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser) DRV - [2010.02.24 16:38:48 | 000,043,520 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm) DRV - [2009.10.22 17:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.10.22 17:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2009.08.02 14:55:00 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32) DRV - [2009.03.16 23:33:02 | 003,597,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.01.14 19:37:31 | 000,006,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\HWACCESS.SYS -- (HWACCESS) DRV - [2009.01.04 21:46:38 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2008.12.25 18:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2008.08.11 18:01:32 | 000,151,552 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GenHC.sys -- (EST_Server) DRV - [2008.06.25 18:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008.06.24 00:21:48 | 000,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv61xx.sys -- (mv61xx) DRV - [2007.12.19 05:40:34 | 000,053,760 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mchpusb.sys -- (MCHPUSB) DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM) DRV - [2007.11.14 18:14:02 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2004.08.31 20:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.04.30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus) DRV - [2004.04.30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi) DRV - [2003.10.29 11:13:22 | 000,030,329 | ---- | M] (NAVMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Navcar.sys -- (Navcar) DRV - [2000.06.29 18:24:14 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DLPORTIO.SYS -- (DLPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1390067357-492894223-725345543-1003\..\SearchScopes,DefaultScope = {0899070E-19D6-4121-81BC-A2E22DF5B3FF} IE - HKU\S-1-5-21-1390067357-492894223-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1390067357-492894223-725345543-1003\..\SearchScopes\{0899070E-19D6-4121-81BC-A2E22DF5B3FF}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-1390067357-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997 FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..network.proxy.backup.ftp: "anonym.maxonymous.com" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "anonym.maxonymous.com" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "anonym.maxonymous.com" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "anonym.maxonymous.com" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "anonym.maxonymous.com" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "anonym.maxonymous.com" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "anonym.maxonymous.com" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "anonym.maxonymous.com" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "anonym.maxonymous.com" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.14 19:47:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.10 20:44:18 | 000,000,000 | ---D | M] [2009.08.07 15:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Mozilla\Extensions [2009.08.07 15:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.07.11 22:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Mozilla\Firefox\Profiles\kdk0guoi.default\extensions [2010.07.03 19:21:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Mozilla\Firefox\Profiles\kdk0guoi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.28 00:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.18 13:09:05 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2011.09.08 10:23:27 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2012.01.24 17:55:19 | 000,138,614 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\OLLI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KDK0GUOI.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2012.07.03 16:12:24 | 000,109,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\OLLI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KDK0GUOI.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2012.05.14 19:47:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.28 00:25:33 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.28 00:25:33 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.28 00:25:33 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.28 00:25:33 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.28 00:25:33 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.28 00:25:33 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ai Nap] C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony) O4 - HKLM..\Run: [Cpu Level Up help] C:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [QFan Help] C:\Programme\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1390067357-492894223-725345543-1003..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-21-1390067357-492894223-725345543-1003..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe () O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\olli\Startmenü\Programme\Autostart\Verknüpfung mit VPNUK L2TP (2).lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262352746234 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341397041093 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55314E96-E69F-431E-80CD-5F25287658E0}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55314E96-E69F-431E-80CD-5F25287658E0}: NameServer = 216.87.84.211 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O27 - HKLM IFEO\googleupdater.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\labelprint.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\mediashow.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\olrsubmission.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdr.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdvdlaunchpolicy.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\power2go.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\powerstarter.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\producer.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.04 19:23:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - c:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {588A559B-BBC9-4148-A2C0-96A33D1DBC26} - Microsoft .NET Framework 1.0 Hotfix (KB928367) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {65289DE3-4C1A-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461) ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9BFBE94F-2FAF-11D6-8712-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461) ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {D82A39FB-1784-4608-BFE8-1ACBFF3079C1} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F279058C-50B2-4BE4-60C9-369CACF06821} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.18 01:28:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\olli\Recent [2012.07.15 16:42:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\olli\Desktop\OTL.exe [2012.07.06 14:56:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\olli\Startmenü\Programme\MODELLBAU [2012.07.06 13:39:24 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.05 21:26:00 | 000,000,000 | ---D | C] -- C:\Programme\RamBooster 2.0 [2011.12.13 23:22:50 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pcouffin.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.18 20:27:00 | 000,721,652 | ---- | M] () -- C:\WINDOWS\System32\sig.bin [2012.07.18 20:27:00 | 000,041,814 | ---- | M] () -- C:\WINDOWS\System32\nmp.map [2012.07.18 20:23:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.18 20:22:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.15 16:41:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\olli\Desktop\OTL.exe [2012.07.13 20:09:36 | 000,624,883 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Desktop\adwcleaner0.exe [2012.07.13 20:08:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd61229003cb44.job [2012.07.12 03:21:46 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.12 03:04:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.05 17:04:08 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.04 19:46:19 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2012.07.04 01:47:29 | 001,092,268 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.07.04 01:47:29 | 000,986,754 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.07.04 01:47:29 | 000,331,688 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.07.04 01:47:29 | 000,285,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.07.03 16:09:50 | 000,000,054 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\defogger_reenable [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.13 20:10:08 | 000,624,883 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Desktop\adwcleaner0.exe [2012.07.13 20:08:53 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd61229003cb44.job [2012.07.05 17:04:08 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.03 16:09:48 | 000,000,054 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\defogger_reenable [2012.02.16 19:20:13 | 000,000,538 | RHS- | C] () -- C:\Dokumente und Einstellungen\olli\ntuser.pol [2012.02.16 17:52:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.13 13:16:09 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\agwdll32.dll [2012.02.13 13:16:09 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RACCD32a.dll [2012.02.13 13:16:09 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\GoWin32.dll [2012.02.13 13:16:09 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\Hamcal32.dll [2011.12.13 23:22:50 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\inst.exe [2011.12.13 23:22:50 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pcouffin.cat [2011.12.13 23:22:50 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\pcouffin.inf [2011.12.13 23:14:17 | 000,001,057 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\vso_ts_preview.xml [2011.09.08 10:29:51 | 000,721,652 | ---- | C] () -- C:\WINDOWS\System32\sig.bin [2011.04.20 20:04:04 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\wsc32.dll [2011.04.20 20:04:04 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\xym32.dll [2011.04.20 20:04:04 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\asd32.dll [2011.04.20 20:04:04 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\mio32.dll [2011.03.07 12:09:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011.02.23 00:48:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2011.02.23 00:01:56 | 000,000,004 | ---- | C] () -- C:\Programme\50031.dat [2010.12.10 21:37:17 | 000,001,099 | -H-- | C] () -- C:\Dokumente und Einstellungen\olli\hpothb07.dat [2010.12.10 21:37:16 | 000,001,603 | -H-- | C] () -- C:\Dokumente und Einstellungen\olli\hpothb07.tif [2010.12.10 21:31:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2009.05.08 13:28:50 | 000,001,373 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2009.01.16 16:45:56 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2009.01.05 14:27:47 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.01.04 23:41:17 | 000,146,944 | ---- | C] () -- C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.04 23:07:37 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009.01.04 23:07:37 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009.01.04 23:07:37 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak ========== LOP Check ========== [2012.02.18 12:40:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2011.11.29 20:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery [2009.08.26 19:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012.02.03 17:57:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.11.28 16:59:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2012.03.15 21:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2012.03.15 21:43:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2012.02.28 14:56:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher [2011.02.23 01:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2012.02.28 00:51:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OO Software [2009.01.14 19:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2010.12.07 18:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Photographerbook [2009.02.10 13:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhotoStitch [2009.08.28 10:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2009.01.05 14:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PowerQuest [2011.02.24 12:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2009.05.08 13:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2011.02.23 00:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2012.02.28 00:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.01.16 19:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2010.06.28 18:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VOWSoft [2011.12.14 00:13:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk [2009.01.05 15:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.02.28 00:37:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2009.01.21 16:39:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2012.02.16 20:16:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Acronis [2009.12.01 16:24:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Arduino [2011.11.29 20:49:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Avery [2009.02.09 22:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\avidemux [2010.06.03 21:35:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\AVS Video Converter [2011.07.01 20:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon [2009.02.05 15:29:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint [2011.01.13 01:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Cuttermaran [2010.09.21 23:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Dr. Regener [2012.02.14 16:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Easeware [2012.02.03 17:58:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\elsterformular [2009.02.23 13:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\GetRightToGo [2009.02.09 22:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\gtk-2.0 [2010.10.04 02:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ilqy [2010.08.28 17:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\IMSI [2010.08.28 17:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\IMSIDesign [2009.01.05 14:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\IsolatedStorage [2009.02.01 19:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\LogView [2009.01.04 22:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\MSNInstaller [2012.05.31 17:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\OpenOffice.org [2010.01.01 16:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ordner HP Share-to-Web [2010.07.14 16:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Programme [2010.10.03 21:43:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PTGui [2010.12.17 12:36:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PTV AG [2009.06.02 15:17:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Publish Providers [2010.08.09 21:32:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Scilab [2009.06.02 15:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Sony [2010.07.14 18:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Mobile [2010.07.14 18:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Mobile Internet Manager [2009.08.07 15:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\TomTom [2012.02.28 00:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\TuneUp Software [2009.01.16 19:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ulead Systems [2010.06.28 18:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\VOWSoft [2011.12.20 17:15:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Vso [2010.10.04 11:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Zaac ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.16 20:16:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Acronis [2011.02.28 18:28:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Adobe [2009.08.11 13:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Apple Computer [2009.01.16 19:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Arcsoft [2009.12.01 16:24:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Arduino [2009.01.14 17:40:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\ATI [2011.11.29 20:49:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Avery [2009.02.09 22:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\avidemux [2010.06.03 21:35:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\AVS Video Converter [2010.06.28 19:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\AVS4YOU [2011.07.01 20:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Canon [2009.02.05 15:29:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CD-LabelPrint [2011.01.13 01:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Cuttermaran [2009.05.16 22:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\CyberLink [2009.08.29 15:02:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DivX [2010.09.21 23:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Dr. Regener [2011.12.13 23:11:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\DVD Flick [2011.12.18 13:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\dvdcss [2012.02.14 16:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Easeware [2012.02.03 17:58:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\elsterformular [2009.02.23 13:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\GetRightToGo [2009.01.28 14:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Google [2009.02.09 22:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\gtk-2.0 [2009.01.04 21:54:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Help [2010.01.01 16:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Hewlett-Packard [2009.01.04 19:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Identities [2010.10.04 02:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ilqy [2010.08.28 17:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\IMSI [2010.08.28 17:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\IMSIDesign [2009.01.04 19:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\InstallShield [2009.01.05 14:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\IsolatedStorage [2009.02.01 19:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\LogView [2012.07.18 20:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Macromedia [2009.11.03 15:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Malwarebytes [2009.01.04 23:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Media Player Classic [2012.02.16 17:55:36 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft [2009.01.16 19:34:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Mozilla [2009.01.04 22:52:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\MSNInstaller [2011.02.24 15:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nero [2009.08.11 12:46:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Nero8 [2012.05.31 17:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\OpenOffice.org [2010.01.01 16:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ordner HP Share-to-Web [2010.07.14 16:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Programme [2010.10.03 21:43:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PTGui [2010.12.17 12:36:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\PTV AG [2009.06.02 15:17:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Publish Providers [2010.08.09 21:32:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Scilab [2009.06.02 15:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Sony [2010.06.28 18:42:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Sony Corporation [2009.11.09 14:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Sun [2010.07.14 18:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Mobile [2010.07.14 18:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Mobile Internet Manager [2009.08.07 15:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\TomTom [2012.02.28 00:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\TuneUp Software [2009.01.16 19:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ulead Systems [2012.05.31 17:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\vlc [2010.06.28 18:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\VOWSoft [2011.12.20 17:15:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Vso [2009.01.05 15:46:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\WinRAR [2010.10.04 11:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Zaac [2009.05.29 18:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\ZoomBrowser EX < %APPDATA%\*.exe /s > [2011.12.13 23:22:50 | 000,087,608 | ---- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\inst.exe [2012.02.28 14:56:39 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{284CA82B-0E52-41E4-A895-B3446E120BCE}\ARPPRODUCTICON.exe [2012.02.28 14:56:39 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{284CA82B-0E52-41E4-A895-B3446E120BCE}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe [2012.02.28 14:56:39 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{284CA82B-0E52-41E4-A895-B3446E120BCE}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7_1.exe [2012.02.28 14:56:39 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{284CA82B-0E52-41E4-A895-B3446E120BCE}\RunProductNameShor_985F828E0E98429F9C05EF3BDE7568F7.exe [2012.02.28 14:56:39 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{284CA82B-0E52-41E4-A895-B3446E120BCE}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe [2011.01.13 01:30:42 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_098231E8AF6507C191677C.exe [2011.01.13 01:30:42 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_6FEFF9B68218417F98F549.exe [2011.01.13 01:30:43 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_AC5D6544F4892BDBD4043C.exe [2011.01.13 01:30:43 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_D28C1E9A54DE09F40958F2.exe [2011.01.13 01:30:42 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_FDD89BD3451E0373300C7A.exe [2010.09.24 17:00:23 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe [2010.09.24 17:00:23 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2010.09.24 17:00:23 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2010.09.24 17:00:23 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2010.09.24 17:00:23 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2010.09.24 17:00:23 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe [2010.08.20 15:53:28 | 000,043,385 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}\_21F3885A18D238E15AAE81.exe [2010.08.20 15:53:28 | 000,043,385 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}\_31A8886BD09993C528048B.exe [2010.08.20 15:53:28 | 000,032,579 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}\_6FEFF9B68218417F98F549.exe [2010.09.22 00:14:10 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2010.09.22 00:14:10 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2010.09.22 00:14:10 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2010.09.22 00:14:10 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2010.09.22 00:14:10 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Microsoft\Installer\{D2CA31E1-EE00-11DD-B5A6-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe [2009.06.30 11:52:18 | 000,983,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\T-Mobile Internet Manager\LiveUpdate.exe < %SYSTEMDRIVE%\*.exe > [2001.01.10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009.01.04 21:04:32 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009.01.04 21:04:32 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009.01.04 21:04:32 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009.01.04 21:04:32 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.04.15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaStor_EBC4D34763FEC9E3CCCBBDF46C69E033AE459AD5\iaStor.sys [2008.04.15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.01.04 20:14:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.01.04 20:14:33 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.01.04 20:14:33 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
19.07.2012, 19:20
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht von spyeye infizierungCode:
ATTFilter [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
 Incredimail ist zwar bunt und nett animiert, aber leider als Spyware einzustufen, da es das Nutzerverhalten analysiert und diese an den Hersteller übermittelt. Ich kann nur die sofortige Deinstallation und Umstieg auf einen anderen Mailclient wie zB Mozilla Thunderbird empfehlen. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.04 19:23:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2010.10.04 02:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ilqy
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
19.07.2012, 21:06
| #19 |
| | verdacht von spyeye infizierung alles gemacht.nach dem neustart war das logfenster kurz offen... danach schloß es sich allerdings. nun finde ich es nicht mehr ! wo ist es hin ? weder auf C: noch auf dem desktop ist eines zu finden .... olli ich habe es doch noch gefunden: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\olli\Anwendungsdaten\Ilqy folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7107868 bytes
->Flash cache emptied: 2627 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes
User: olli
->Temp folder emptied: 853483 bytes
->Temporary Internet Files folder emptied: 13680110 bytes
->Java cache emptied: 9829 bytes
->FireFox cache emptied: 54668817 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134357 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18915 bytes
RecycleBin emptied: 8528298 bytes
Total Files Cleaned = 83,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
User: olli
Total Flash Files Cleaned = 0,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_215416
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
echt ? incredimail funkt auch nach hause ?  ist bekannt, was so gesendet / gemeldet wird ??? ich werde mir mal den Thunderbird ansehen.... |
|
19.07.2012, 22:00
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht von spyeye infizierung Hm ok, Spyware ist vllt etwas überzogen, aber ich meinte es wurde damals mit Spyware verglichen. Vgl. => MAILHILFE - Sammelt IncrediMail Informationen über die Nutzer? Und in der "free" version soll auch ne ganze Menge Adware drin sein bzw. mal gewesen - naja, ich traue diesem Programm nicht Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 10:48
| #21 |
| | verdacht von spyeye infizierung 15 dinge gefunden.für meinen geschmack ziemlich viel  Code:
ATTFilter 11:41:51.0093 5040 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
11:41:51.0109 5040 ============================================================
11:41:51.0109 5040 Current date / time: 2012/07/20 11:41:51.0109
11:41:51.0109 5040 SystemInfo:
11:41:51.0109 5040
11:41:51.0109 5040 OS Version: 5.1.2600 ServicePack: 3.0
11:41:51.0109 5040 Product type: Workstation
11:41:51.0109 5040 ComputerName: ABE1
11:41:51.0109 5040 UserName: olli
11:41:51.0109 5040 Windows directory: C:\WINDOWS
11:41:51.0109 5040 System windows directory: C:\WINDOWS
11:41:51.0109 5040 Processor architecture: Intel x86
11:41:51.0109 5040 Number of processors: 2
11:41:51.0109 5040 Page size: 0x1000
11:41:51.0109 5040 Boot type: Normal boot
11:41:51.0109 5040 ============================================================
11:41:51.0390 5040 Drive \Device\Harddisk0\DR0 - Size: 0x1E00000000 (120.00 Gb), SectorSize: 0x200, Cylinders: 0x3D31, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:41:51.0406 5040 Drive \Device\Harddisk1\DR1 - Size: 0x5670D00000 (345.76 Gb), SectorSize: 0x200, Cylinders: 0xB050, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:41:51.0421 5040 ============================================================
11:41:51.0421 5040 \Device\Harddisk0\DR0:
11:41:51.0421 5040 MBR partitions:
11:41:51.0421 5040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEFFC0F1
11:41:51.0421 5040 \Device\Harddisk1\DR1:
11:41:51.0421 5040 MBR partitions:
11:41:51.0421 5040 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2B380D50
11:41:51.0421 5040 ============================================================
11:41:51.0453 5040 D: <-> \Device\Harddisk1\DR1\Partition0
11:41:51.0484 5040 C: <-> \Device\Harddisk0\DR0\Partition0
11:41:51.0484 5040 ============================================================
11:41:51.0484 5040 Initialize success
11:41:51.0484 5040 ============================================================
11:43:13.0437 5208 ============================================================
11:43:13.0437 5208 Scan started
11:43:13.0437 5208 Mode: Manual; SigCheck; TDLFS;
11:43:13.0437 5208 ============================================================
11:43:13.0937 5208 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
11:43:14.0171 5208 61883 - ok
11:43:14.0203 5208 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
11:43:14.0203 5208 a347bus ( UnsignedFile.Multi.Generic ) - warning
11:43:14.0203 5208 a347bus - detected UnsignedFile.Multi.Generic (1)
11:43:14.0203 5208 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\System32\Drivers\a347scsi.sys
11:43:14.0218 5208 a347scsi ( UnsignedFile.Multi.Generic ) - warning
11:43:14.0218 5208 a347scsi - detected UnsignedFile.Multi.Generic (1)
11:43:14.0218 5208 Abiosdsk - ok
11:43:14.0218 5208 abp480n5 - ok
11:43:14.0234 5208 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:43:14.0281 5208 ACPI - ok
11:43:14.0312 5208 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:43:14.0375 5208 ACPIEC - ok
11:43:14.0375 5208 adpu160m - ok
11:43:14.0421 5208 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:43:14.0484 5208 aec - ok
11:43:14.0531 5208 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:43:14.0578 5208 AFD - ok
11:43:14.0578 5208 Aha154x - ok
11:43:14.0578 5208 aic78u2 - ok
11:43:14.0578 5208 aic78xx - ok
11:43:14.0609 5208 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:43:14.0671 5208 Alerter - ok
11:43:14.0703 5208 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:43:14.0765 5208 ALG - ok
11:43:14.0765 5208 AliIde - ok
11:43:14.0765 5208 amsint - ok
11:43:14.0812 5208 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
11:43:14.0828 5208 AnyDVD - ok
11:43:14.0875 5208 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:43:14.0937 5208 AppMgmt - ok
11:43:14.0968 5208 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:43:15.0031 5208 Arp1394 - ok
11:43:15.0031 5208 asc - ok
11:43:15.0031 5208 asc3350p - ok
11:43:15.0031 5208 asc3550 - ok
11:43:15.0046 5208 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
11:43:15.0062 5208 AsIO - ok
11:43:15.0093 5208 Aspi32 (eb62fa6d7da4e774e47d376e4d19ca5f) C:\WINDOWS\system32\drivers\aspi32.sys
11:43:15.0093 5208 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
11:43:15.0093 5208 Aspi32 - detected UnsignedFile.Multi.Generic (1)
11:43:15.0171 5208 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:43:15.0234 5208 aspnet_state - ok
11:43:15.0234 5208 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:43:15.0296 5208 AsyncMac - ok
11:43:15.0296 5208 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:43:15.0359 5208 atapi - ok
11:43:15.0359 5208 Atdisk - ok
11:43:15.0390 5208 Ati HotKey Poller (9902dfeb0943b70b7358c7b598de377d) C:\WINDOWS\system32\Ati2evxx.exe
11:43:15.0468 5208 Ati HotKey Poller - ok
11:43:15.0484 5208 ATI Smart (5f90b5a3381f5795e852960fccebff6a) C:\WINDOWS\system32\ati2sgag.exe
11:43:15.0500 5208 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
11:43:15.0500 5208 ATI Smart - detected UnsignedFile.Multi.Generic (1)
11:43:15.0640 5208 ati2mtag (554e45746a2ff688af87282c4d742255) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:43:15.0687 5208 ati2mtag - ok
11:43:15.0968 5208 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:43:16.0031 5208 Atmarpc - ok
11:43:16.0046 5208 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:43:16.0109 5208 AudioSrv - ok
11:43:16.0125 5208 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:43:16.0187 5208 audstub - ok
11:43:16.0218 5208 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
11:43:16.0281 5208 Avc - ok
11:43:16.0437 5208 AVKProxy (b0a3876af08b4cbe7044bb1721e8a86e) C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
11:43:16.0468 5208 AVKProxy - ok
11:43:16.0562 5208 AVKService (8507922e170a23acbc20da53ce7af7e5) C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe
11:43:16.0578 5208 AVKService - ok
11:43:16.0687 5208 AVKWCtl (aacb33ad6e29704bba20bcaf55e5ab76) C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe
11:43:16.0734 5208 AVKWCtl - ok
11:43:16.0796 5208 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:43:16.0843 5208 Beep - ok
11:43:16.0890 5208 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:43:17.0000 5208 BITS - ok
11:43:17.0015 5208 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:43:17.0078 5208 Browser - ok
11:43:17.0078 5208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:43:17.0140 5208 cbidf2k - ok
11:43:17.0187 5208 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Programme\Canon\CAL\CALMAIN.exe
11:43:17.0187 5208 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
11:43:17.0187 5208 CCALib8 - detected UnsignedFile.Multi.Generic (1)
11:43:17.0218 5208 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:43:17.0281 5208 CCDECODE - ok
11:43:17.0281 5208 cd20xrnt - ok
11:43:17.0296 5208 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:43:17.0375 5208 Cdaudio - ok
11:43:17.0421 5208 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:43:17.0484 5208 Cdfs - ok
11:43:17.0515 5208 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:43:17.0578 5208 Cdrom - ok
11:43:17.0578 5208 Changer - ok
11:43:17.0593 5208 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:43:17.0671 5208 CiSvc - ok
11:43:17.0687 5208 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:43:17.0750 5208 ClipSrv - ok
11:43:17.0953 5208 CLKMSVC10_73F2BDBC (fe1c81a049e5c5d67c4ab7c31c899f6f) C:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
11:43:18.0000 5208 CLKMSVC10_73F2BDBC - ok
11:43:18.0203 5208 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:43:18.0296 5208 clr_optimization_v2.0.50727_32 - ok
11:43:18.0296 5208 CmdIde - ok
11:43:18.0296 5208 COMSysApp - ok
11:43:18.0296 5208 Cpqarray - ok
11:43:18.0328 5208 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:43:18.0390 5208 CryptSvc - ok
11:43:18.0390 5208 dac2w2k - ok
11:43:18.0406 5208 dac960nt - ok
11:43:18.0453 5208 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:43:18.0484 5208 DcomLaunch - ok
11:43:18.0515 5208 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:43:18.0578 5208 Dhcp - ok
11:43:18.0578 5208 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:43:18.0640 5208 Disk - ok
11:43:18.0656 5208 DLPortIO (1d95d36db805787d54eb50e45ed4af40) C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
11:43:18.0671 5208 DLPortIO ( UnsignedFile.Multi.Generic ) - warning
11:43:18.0671 5208 DLPortIO - detected UnsignedFile.Multi.Generic (1)
11:43:18.0671 5208 dmadmin - ok
11:43:18.0734 5208 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:43:18.0812 5208 dmboot - ok
11:43:18.0828 5208 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:43:18.0890 5208 dmio - ok
11:43:18.0906 5208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:43:18.0968 5208 dmload - ok
11:43:18.0984 5208 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:43:19.0031 5208 dmserver - ok
11:43:19.0046 5208 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:43:19.0109 5208 DMusic - ok
11:43:19.0140 5208 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
11:43:19.0203 5208 Dnscache - ok
11:43:19.0218 5208 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:43:19.0281 5208 Dot3svc - ok
11:43:19.0281 5208 dpti2o - ok
11:43:19.0296 5208 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:43:19.0359 5208 drmkaud - ok
11:43:19.0375 5208 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:43:19.0437 5208 EapHost - ok
11:43:19.0453 5208 ElbyCDFL (6b3e1cb23f35c755d88944769cab3738) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
11:43:19.0468 5208 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
11:43:19.0468 5208 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
11:43:19.0500 5208 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
11:43:19.0515 5208 ElbyCDIO - ok
11:43:19.0531 5208 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:43:19.0593 5208 ERSvc - ok
11:43:19.0593 5208 EST_BusEnum - ok
11:43:19.0625 5208 EST_Server (89d835752cf755587baab0b06a8a1d8d) C:\WINDOWS\system32\DRIVERS\GenHC.sys
11:43:19.0640 5208 EST_Server ( UnsignedFile.Multi.Generic ) - warning
11:43:19.0640 5208 EST_Server - detected UnsignedFile.Multi.Generic (1)
11:43:19.0671 5208 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:43:19.0687 5208 Eventlog - ok
11:43:19.0718 5208 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:43:19.0750 5208 EventSystem - ok
11:43:19.0750 5208 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:43:19.0812 5208 Fastfat - ok
11:43:19.0843 5208 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:43:19.0890 5208 FastUserSwitchingCompatibility - ok
11:43:19.0890 5208 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:43:19.0953 5208 Fdc - ok
11:43:19.0953 5208 filtertdidriver - ok
11:43:19.0984 5208 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:43:20.0046 5208 Fips - ok
11:43:20.0046 5208 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:43:20.0125 5208 Flpydisk - ok
11:43:20.0140 5208 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:43:20.0203 5208 FltMgr - ok
11:43:20.0218 5208 fltsrv (d85453baf5de7e55cb13441452a4e2d3) C:\WINDOWS\system32\DRIVERS\fltsrv.sys
11:43:20.0250 5208 fltsrv - ok
11:43:20.0312 5208 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:43:20.0343 5208 FontCache3.0.0.0 - ok
11:43:20.0359 5208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:43:20.0421 5208 Fs_Rec - ok
11:43:20.0453 5208 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
11:43:20.0468 5208 FTDIBUS - ok
11:43:20.0484 5208 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:43:20.0531 5208 Ftdisk - ok
11:43:20.0578 5208 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
11:43:20.0609 5208 FTSER2K - ok
11:43:20.0640 5208 GDBehave (1b519753da1e7e51f37001e23f1bb045) C:\WINDOWS\system32\drivers\GDBehave.sys
11:43:20.0656 5208 GDBehave - ok
11:43:20.0812 5208 GDFwSvc (05787ed926cd5cd2fdac57f9adc22dec) C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
11:43:20.0843 5208 GDFwSvc - ok
11:43:21.0156 5208 GDMnIcpt (cd58774324a78bba15b89c35bed81593) C:\WINDOWS\system32\drivers\MiniIcpt.sys
11:43:21.0171 5208 GDMnIcpt - ok
11:43:21.0203 5208 GDNdisIc (4e7f16b1698772d4b57b989e569c14db) C:\WINDOWS\system32\drivers\GDNdisIc.sys
11:43:21.0218 5208 GDNdisIc - ok
11:43:21.0281 5208 GDScan (b6bf441373adc1596d8bb1d61281814d) C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
11:43:21.0296 5208 GDScan - ok
11:43:21.0328 5208 GDTdiInterceptor (564777071576ce55b9204a02ec8fd645) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
11:43:21.0343 5208 GDTdiInterceptor - ok
11:43:21.0375 5208 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
11:43:21.0390 5208 GearAspiWDM - ok
11:43:21.0406 5208 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:43:21.0484 5208 Gpc - ok
11:43:21.0515 5208 GRD (3d141520bae54e5f1f2a0711fc7b4bcd) C:\WINDOWS\system32\drivers\GRD.sys
11:43:21.0531 5208 GRD - ok
11:43:21.0578 5208 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
11:43:21.0593 5208 gupdate - ok
11:43:21.0593 5208 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
11:43:21.0609 5208 gupdatem - ok
11:43:21.0671 5208 gusvc (5467f1ff0af264566740f67e8b810735) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
11:43:21.0687 5208 gusvc - ok
11:43:21.0734 5208 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:43:21.0796 5208 HDAudBus - ok
11:43:21.0875 5208 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:43:21.0968 5208 helpsvc - ok
11:43:21.0968 5208 HidServ - ok
11:43:22.0000 5208 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:43:22.0078 5208 hidusb - ok
11:43:22.0109 5208 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:43:22.0171 5208 hkmsvc - ok
11:43:22.0187 5208 HookCentre (f60c377c72bb24f5212ff994420f511f) C:\WINDOWS\system32\drivers\HookCentre.sys
11:43:22.0218 5208 HookCentre - ok
11:43:22.0250 5208 hotcore3 (3a4fdebd84e81a170cba24226798e765) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
11:43:22.0265 5208 hotcore3 - ok
11:43:22.0265 5208 hpn - ok
11:43:22.0312 5208 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:43:22.0375 5208 HTTP - ok
11:43:22.0390 5208 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:43:22.0468 5208 HTTPFilter - ok
11:43:22.0500 5208 HWACCESS (cc850a63130d15fc044d44fb9e0f7ebb) C:\WINDOWS\SYSTEM32\HWACCESS.SYS
11:43:22.0500 5208 HWACCESS ( UnsignedFile.Multi.Generic ) - warning
11:43:22.0500 5208 HWACCESS - detected UnsignedFile.Multi.Generic (1)
11:43:22.0500 5208 i2omgmt - ok
11:43:22.0500 5208 i2omp - ok
11:43:22.0515 5208 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:43:22.0562 5208 i8042prt - ok
11:43:22.0625 5208 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:43:22.0640 5208 IAANTMON - ok
11:43:22.0687 5208 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
11:43:22.0718 5208 iaStor - ok
11:43:22.0796 5208 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:43:22.0828 5208 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:43:22.0828 5208 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:43:22.0921 5208 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:43:22.0968 5208 idsvc - ok
11:43:22.0984 5208 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:43:23.0031 5208 Imapi - ok
11:43:23.0125 5208 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:43:23.0187 5208 ImapiService - ok
11:43:23.0187 5208 ini910u - ok
11:43:23.0468 5208 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:43:23.0609 5208 IntcAzAudAddService - ok
11:43:23.0875 5208 IntelIde - ok
11:43:23.0906 5208 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:43:23.0968 5208 intelppm - ok
11:43:24.0015 5208 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:43:24.0078 5208 Ip6Fw - ok
11:43:24.0109 5208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:43:24.0171 5208 IpFilterDriver - ok
11:43:24.0187 5208 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:43:24.0250 5208 IpInIp - ok
11:43:24.0265 5208 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:43:24.0328 5208 IpNat - ok
11:43:24.0343 5208 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:43:24.0390 5208 IPSec - ok
11:43:24.0406 5208 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:43:24.0468 5208 IRENUM - ok
11:43:24.0500 5208 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:43:24.0546 5208 isapnp - ok
11:43:24.0593 5208 JavaQuickStarterService - ok
11:43:24.0593 5208 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:43:24.0656 5208 Kbdclass - ok
11:43:24.0687 5208 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:43:24.0750 5208 kmixer - ok
11:43:24.0765 5208 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:43:24.0796 5208 KSecDD - ok
11:43:24.0796 5208 L1e (93e64bab9dee162ca0ca5258d132a047) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
11:43:24.0828 5208 L1e - ok
11:43:24.0859 5208 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
11:43:24.0890 5208 lanmanserver - ok
11:43:24.0937 5208 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:43:24.0984 5208 lanmanworkstation - ok
11:43:24.0984 5208 lbrtfdc - ok
11:43:25.0078 5208 LightScribeService (17203d81a68d9162db9022a1fc601778) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
11:43:25.0125 5208 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:43:25.0125 5208 LightScribeService - detected UnsignedFile.Multi.Generic (1)
11:43:25.0171 5208 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:43:25.0218 5208 LmHosts - ok
11:43:25.0250 5208 MCHPUSB (5a4268fa5157c7c9352bf3d2625a3b32) C:\WINDOWS\system32\DRIVERS\mchpusb.sys
11:43:25.0281 5208 MCHPUSB - ok
11:43:25.0328 5208 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:43:25.0375 5208 Messenger - ok
11:43:25.0390 5208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:43:25.0453 5208 mnmdd - ok
11:43:25.0468 5208 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:43:25.0546 5208 mnmsrvc - ok
11:43:25.0546 5208 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:43:25.0609 5208 Modem - ok
11:43:25.0625 5208 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:43:25.0687 5208 Mouclass - ok
11:43:25.0703 5208 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:43:25.0765 5208 mouhid - ok
11:43:25.0765 5208 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:43:25.0828 5208 MountMgr - ok
11:43:25.0828 5208 mraid35x - ok
11:43:25.0828 5208 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:43:25.0890 5208 MRxDAV - ok
11:43:25.0921 5208 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:43:25.0968 5208 MRxSmb - ok
11:43:25.0968 5208 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:43:26.0046 5208 MSDTC - ok
11:43:26.0078 5208 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
11:43:26.0140 5208 MSDV - ok
11:43:26.0140 5208 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:43:26.0203 5208 Msfs - ok
11:43:26.0203 5208 MSIServer - ok
11:43:26.0234 5208 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:43:26.0281 5208 MSKSSRV - ok
11:43:26.0296 5208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:43:26.0359 5208 MSPCLOCK - ok
11:43:26.0359 5208 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:43:26.0421 5208 MSPQM - ok
11:43:26.0421 5208 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:43:26.0484 5208 mssmbios - ok
11:43:26.0500 5208 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:43:26.0562 5208 MSTEE - ok
11:43:26.0593 5208 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:43:26.0609 5208 MTsensor - ok
11:43:26.0640 5208 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:43:26.0656 5208 Mup - ok
11:43:26.0671 5208 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) C:\WINDOWS\system32\DRIVERS\mv61xx.sys
11:43:26.0687 5208 mv61xx - ok
11:43:26.0718 5208 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:43:26.0781 5208 NABTSFEC - ok
11:43:26.0812 5208 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:43:26.0875 5208 napagent - ok
11:43:26.0906 5208 Navcar (4a2b254aa2d3e375d478ee4c90fbe235) C:\WINDOWS\system32\DRIVERS\Navcar.sys
11:43:26.0906 5208 Navcar ( UnsignedFile.Multi.Generic ) - warning
11:43:26.0906 5208 Navcar - detected UnsignedFile.Multi.Generic (1)
11:43:26.0921 5208 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:43:27.0000 5208 NDIS - ok
11:43:27.0015 5208 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:43:27.0062 5208 NdisIP - ok
11:43:27.0093 5208 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:43:27.0125 5208 NdisTapi - ok
11:43:27.0140 5208 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:43:27.0187 5208 Ndisuio - ok
11:43:27.0203 5208 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:43:27.0250 5208 NdisWan - ok
11:43:27.0281 5208 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:43:27.0312 5208 NDProxy - ok
11:43:27.0328 5208 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:43:27.0390 5208 NetBIOS - ok
11:43:27.0437 5208 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:43:27.0500 5208 NetBT - ok
11:43:27.0515 5208 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:43:27.0578 5208 NetDDE - ok
11:43:27.0578 5208 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:43:27.0640 5208 NetDDEdsdm - ok
11:43:27.0671 5208 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:43:27.0734 5208 Netlogon - ok
11:43:27.0750 5208 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:43:27.0812 5208 Netman - ok
11:43:27.0890 5208 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:43:27.0921 5208 NetTcpPortSharing - ok
11:43:27.0937 5208 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:43:27.0984 5208 NIC1394 - ok
11:43:28.0031 5208 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
11:43:28.0078 5208 Nla - ok
11:43:28.0078 5208 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:43:28.0140 5208 Npfs - ok
11:43:28.0156 5208 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:43:28.0218 5208 Ntfs - ok
11:43:28.0218 5208 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:43:28.0281 5208 NtLmSsp - ok
11:43:28.0328 5208 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:43:28.0390 5208 NtmsSvc - ok
11:43:28.0406 5208 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:43:28.0484 5208 Null - ok
11:43:28.0515 5208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:43:28.0593 5208 NwlnkFlt - ok
11:43:28.0609 5208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:43:28.0656 5208 NwlnkFwd - ok
11:43:28.0671 5208 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:43:28.0718 5208 ohci1394 - ok
11:43:28.0734 5208 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
11:43:28.0750 5208 oreans32 ( UnsignedFile.Multi.Generic ) - warning
11:43:28.0750 5208 oreans32 - detected UnsignedFile.Multi.Generic (1)
11:43:28.0765 5208 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
11:43:28.0828 5208 Parport - ok
11:43:28.0828 5208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:43:28.0890 5208 PartMgr - ok
11:43:28.0890 5208 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:43:28.0953 5208 ParVdm - ok
11:43:28.0953 5208 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:43:29.0015 5208 PCI - ok
11:43:29.0015 5208 PCIDump - ok
11:43:29.0015 5208 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:43:29.0078 5208 PCIIde - ok
11:43:29.0093 5208 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:43:29.0156 5208 Pcmcia - ok
11:43:29.0156 5208 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
11:43:29.0156 5208 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
11:43:29.0156 5208 Pcouffin - detected UnsignedFile.Multi.Generic (1)
11:43:29.0156 5208 PDCOMP - ok
11:43:29.0156 5208 PDFRAME - ok
11:43:29.0156 5208 PDRELI - ok
11:43:29.0156 5208 PDRFRAME - ok
11:43:29.0156 5208 perc2 - ok
11:43:29.0156 5208 perc2hib - ok
11:43:29.0187 5208 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:43:29.0218 5208 PlugPlay - ok
11:43:29.0218 5208 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:43:29.0265 5208 PolicyAgent - ok
11:43:29.0265 5208 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:43:29.0328 5208 PptpMiniport - ok
11:43:29.0328 5208 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:43:29.0390 5208 ProtectedStorage - ok
11:43:29.0390 5208 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:43:29.0453 5208 PSched - ok
11:43:29.0453 5208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:43:29.0531 5208 Ptilink - ok
11:43:29.0531 5208 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:43:29.0546 5208 PxHelp20 - ok
11:43:29.0546 5208 ql1080 - ok
11:43:29.0546 5208 Ql10wnt - ok
11:43:29.0546 5208 ql12160 - ok
11:43:29.0546 5208 ql1240 - ok
11:43:29.0562 5208 ql1280 - ok
11:43:29.0562 5208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:43:29.0609 5208 RasAcd - ok
11:43:29.0640 5208 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:43:29.0703 5208 RasAuto - ok
11:43:29.0718 5208 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:43:29.0781 5208 Rasl2tp - ok
11:43:29.0812 5208 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:43:29.0875 5208 RasMan - ok
11:43:29.0875 5208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:43:29.0937 5208 RasPppoe - ok
11:43:29.0937 5208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:43:29.0984 5208 Raspti - ok
11:43:30.0015 5208 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:43:30.0078 5208 Rdbss - ok
11:43:30.0078 5208 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:43:30.0140 5208 RDPCDD - ok
11:43:30.0156 5208 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:43:30.0218 5208 rdpdr - ok
11:43:30.0250 5208 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:43:30.0281 5208 RDPWD - ok
11:43:30.0312 5208 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:43:30.0375 5208 RDSessMgr - ok
11:43:30.0406 5208 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:43:30.0484 5208 redbook - ok
11:43:30.0500 5208 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:43:30.0562 5208 RemoteAccess - ok
11:43:30.0578 5208 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:43:30.0640 5208 RemoteRegistry - ok
11:43:30.0734 5208 RichVideo (2fcead838e64a79250046dd2a15b6a8a) C:\Programme\CyberLink\Shared files\RichVideo.exe
11:43:30.0750 5208 RichVideo ( UnsignedFile.Multi.Generic ) - warning
11:43:30.0750 5208 RichVideo - detected UnsignedFile.Multi.Generic (1)
11:43:30.0765 5208 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:43:30.0828 5208 RpcLocator - ok
11:43:30.0906 5208 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
11:43:30.0937 5208 RpcSs - ok
11:43:31.0000 5208 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:43:31.0078 5208 RSVP - ok
11:43:31.0218 5208 RTHDMIAzAudService (a5a9f4b77d7ff2b02633999ff71a7e9b) C:\WINDOWS\system32\drivers\RtKHDMI.sys
11:43:31.0343 5208 RTHDMIAzAudService - ok
11:43:31.0625 5208 s3017bus (aa786ad3a2684d39630744787b00e6f4) C:\WINDOWS\system32\DRIVERS\s3017bus.sys
11:43:31.0640 5208 s3017bus - ok
11:43:31.0671 5208 s3017mdfl (cba4ca5bce44084e98ce420fd6692d3a) C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys
11:43:31.0687 5208 s3017mdfl - ok
11:43:31.0703 5208 s3017mdm (68036eff647970d6c0399789c8707cad) C:\WINDOWS\system32\DRIVERS\s3017mdm.sys
11:43:31.0734 5208 s3017mdm - ok
11:43:31.0765 5208 s3017mgmt (3672e7f9349bd98fd3f5ac33e7b2b1a6) C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys
11:43:31.0781 5208 s3017mgmt - ok
11:43:31.0796 5208 s3017nd5 (b1133b37eb184aef81d56b4302dbae9c) C:\WINDOWS\system32\DRIVERS\s3017nd5.sys
11:43:31.0812 5208 s3017nd5 - ok
11:43:31.0843 5208 s3017obex (d81b1d504aa1426622e7ec09f25130a9) C:\WINDOWS\system32\DRIVERS\s3017obex.sys
11:43:31.0875 5208 s3017obex - ok
11:43:31.0890 5208 s3017unic (7b95c53ea8bb585013767eef2875c0a0) C:\WINDOWS\system32\DRIVERS\s3017unic.sys
11:43:31.0906 5208 s3017unic - ok
11:43:31.0937 5208 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:43:31.0984 5208 SamSs - ok
11:43:32.0015 5208 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:43:32.0078 5208 SCardSvr - ok
11:43:32.0125 5208 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:43:32.0187 5208 Schedule - ok
11:43:32.0234 5208 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:43:32.0296 5208 Secdrv - ok
11:43:32.0312 5208 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:43:32.0375 5208 seclogon - ok
11:43:32.0375 5208 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:43:32.0437 5208 SENS - ok
11:43:32.0437 5208 Ser2pl - ok
11:43:32.0468 5208 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:43:32.0531 5208 serenum - ok
11:43:32.0531 5208 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:43:32.0578 5208 Serial - ok
11:43:32.0609 5208 sermouse (e8f3e51da8098201f50678cec5fce179) C:\WINDOWS\system32\DRIVERS\sermouse.sys
11:43:32.0671 5208 sermouse - ok
11:43:32.0687 5208 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:43:32.0750 5208 Sfloppy - ok
11:43:32.0781 5208 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:43:32.0859 5208 SharedAccess - ok
11:43:32.0906 5208 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:43:32.0921 5208 ShellHWDetection - ok
11:43:32.0968 5208 silabenm (4bd319bf5a4a273ae776afb9f1107d25) C:\WINDOWS\system32\DRIVERS\silabenm.sys
11:43:33.0046 5208 silabenm - ok
11:43:33.0078 5208 silabser (12c48d71cfd011d59fba28027341cc12) C:\WINDOWS\system32\DRIVERS\silabser.sys
11:43:33.0093 5208 silabser - ok
11:43:33.0093 5208 Simbad - ok
11:43:33.0125 5208 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:43:33.0187 5208 SLIP - ok
11:43:33.0187 5208 Sparrow - ok
11:43:33.0203 5208 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:43:33.0265 5208 splitter - ok
11:43:33.0281 5208 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:43:33.0312 5208 Spooler - ok
11:43:33.0343 5208 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:43:33.0390 5208 sr - ok
11:43:33.0406 5208 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:43:33.0484 5208 srservice - ok
11:43:33.0562 5208 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:43:33.0593 5208 Srv - ok
11:43:33.0609 5208 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:43:33.0671 5208 SSDPSRV - ok
11:43:33.0687 5208 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:43:33.0750 5208 stisvc - ok
11:43:33.0781 5208 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:43:33.0843 5208 streamip - ok
11:43:33.0859 5208 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:43:33.0921 5208 swenum - ok
11:43:33.0953 5208 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:43:34.0000 5208 swmidi - ok
11:43:34.0000 5208 SwPrv - ok
11:43:34.0015 5208 symc810 - ok
11:43:34.0015 5208 symc8xx - ok
11:43:34.0015 5208 sym_hi - ok
11:43:34.0015 5208 sym_u3 - ok
11:43:34.0031 5208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:43:34.0093 5208 sysaudio - ok
11:43:34.0109 5208 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:43:34.0171 5208 SysmonLog - ok
11:43:34.0234 5208 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:43:34.0296 5208 TapiSrv - ok
11:43:34.0328 5208 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:43:34.0359 5208 Tcpip - ok
11:43:34.0359 5208 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:43:34.0437 5208 TDPIPE - ok
11:43:34.0453 5208 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:43:34.0500 5208 TDTCP - ok
11:43:34.0531 5208 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:43:34.0578 5208 TermDD - ok
11:43:34.0609 5208 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:43:34.0656 5208 TermService - ok
11:43:34.0687 5208 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:43:34.0703 5208 Themes - ok
11:43:34.0734 5208 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:43:34.0796 5208 TlntSvr - ok
11:43:34.0796 5208 TosIde - ok
11:43:34.0796 5208 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:43:34.0859 5208 TrkWks - ok
11:43:35.0062 5208 TuneUp.UtilitiesSvc (06569e1e2f7eb137abcebf753ceaac20) C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
11:43:35.0093 5208 TuneUp.UtilitiesSvc - ok
11:43:35.0140 5208 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
11:43:35.0156 5208 TuneUpUtilitiesDrv - ok
11:43:35.0406 5208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:43:35.0484 5208 Udfs - ok
11:43:35.0531 5208 UimBus (d463651b9f2bc22f6726423323f6e729) C:\WINDOWS\system32\DRIVERS\UimBus.sys
11:43:35.0546 5208 UimBus - ok
11:43:35.0593 5208 Uim_IM (42d99df9097bda9a1721644acbea697c) C:\WINDOWS\system32\Drivers\Uim_IM.sys
11:43:35.0609 5208 Uim_IM - ok
11:43:35.0609 5208 ultra - ok
11:43:35.0640 5208 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:43:35.0718 5208 Update - ok
11:43:35.0796 5208 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:43:35.0843 5208 upnphost - ok
11:43:35.0859 5208 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:43:35.0921 5208 UPS - ok
11:43:35.0937 5208 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:43:36.0015 5208 usbehci - ok
11:43:36.0015 5208 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:43:36.0078 5208 usbhub - ok
11:43:36.0109 5208 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:43:36.0171 5208 usbprint - ok
11:43:36.0203 5208 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:43:36.0281 5208 usbscan - ok
11:43:36.0296 5208 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:43:36.0359 5208 USBSTOR - ok
11:43:36.0390 5208 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:43:36.0453 5208 usbuhci - ok
11:43:36.0468 5208 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:43:36.0531 5208 VgaSave - ok
11:43:36.0531 5208 ViaIde - ok
11:43:36.0562 5208 vidsflt61 (7140e9ea599c2e5ffca0e783af9ede2e) C:\WINDOWS\system32\DRIVERS\vsflt61.sys
11:43:36.0578 5208 vidsflt61 - ok
11:43:36.0593 5208 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:43:36.0656 5208 VolSnap - ok
11:43:36.0703 5208 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:43:36.0765 5208 VSS - ok
11:43:36.0796 5208 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:43:36.0859 5208 W32Time - ok
11:43:36.0875 5208 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:43:36.0937 5208 Wanarp - ok
11:43:36.0968 5208 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:43:37.0015 5208 Wdf01000 - ok
11:43:37.0015 5208 WDICA - ok
11:43:37.0062 5208 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:43:37.0109 5208 wdmaud - ok
11:43:37.0156 5208 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:43:37.0218 5208 WebClient - ok
11:43:37.0265 5208 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:43:37.0328 5208 winmgmt - ok
11:43:37.0343 5208 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
11:43:37.0390 5208 WmdmPmSN - ok
11:43:37.0468 5208 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:43:37.0484 5208 Wmi - ok
11:43:37.0531 5208 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:43:37.0593 5208 WmiApSrv - ok
11:43:37.0609 5208 WpdUsb (d7467f619f574ab36286d2903e751deb) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:43:37.0640 5208 WpdUsb - ok
11:43:37.0656 5208 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
11:43:37.0718 5208 wscsvc - ok
11:43:37.0750 5208 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:43:37.0812 5208 WSTCODEC - ok
11:43:37.0812 5208 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:43:37.0906 5208 wuauserv - ok
11:43:37.0984 5208 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:43:38.0046 5208 WZCSVC - ok
11:43:38.0093 5208 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:43:38.0171 5208 xmlprov - ok
11:43:38.0187 5208 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:43:38.0453 5208 \Device\Harddisk0\DR0 - ok
11:43:38.0468 5208 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:43:38.0515 5208 \Device\Harddisk1\DR1 - ok
11:43:38.0515 5208 Boot (0x1200) (95d550ba81cf07c6ed1c1f080d0358ee) \Device\Harddisk0\DR0\Partition0
11:43:38.0515 5208 \Device\Harddisk0\DR0\Partition0 - ok
11:43:38.0531 5208 Boot (0x1200) (7d5dbd309b13f391e2784cc65bde20a5) \Device\Harddisk1\DR1\Partition0
11:43:38.0531 5208 \Device\Harddisk1\DR1\Partition0 - ok
11:43:38.0531 5208 ============================================================
11:43:38.0531 5208 Scan finished
11:43:38.0531 5208 ============================================================
11:43:38.0640 5200 Detected object count: 15
11:43:38.0640 5200 Actual detected object count: 15
11:43:55.0671 5200 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0671 5200 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0671 5200 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0671 5200 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0671 5200 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0671 5200 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0671 5200 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0671 5200 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0671 5200 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0671 5200 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0671 5200 DLPortIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0671 5200 DLPortIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0671 5200 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0671 5200 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 EST_Server ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 EST_Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 HWACCESS ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 HWACCESS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 Navcar ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 Navcar ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 oreans32 ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 oreans32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:43:55.0687 5200 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
11:43:55.0687 5200 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:13.0203 3564 Deinitialize success
|
|
20.07.2012, 17:32
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht von spyeye infizierung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 18:21
| #23 |
| | verdacht von spyeye infizierung g-data hatte ich ausgeschaltet... gemeckert hat er trotzdem... ich habe dann den dateizugriff erlaubt.so ging es mit CF weiter.hier das log: Code:
ATTFilter ComboFix 12-07-20.02 - olli 20.07.2012 19:04:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3327.2565 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\olli\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G Data Personal Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\dokumente und einstellungen\olli\Anwendungsdaten\inst.exe
c:\dokumente und einstellungen\olli\Anwendungsdaten\vso_ts_preview.xml
c:\dokumente und einstellungen\olli\WINDOWS
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-20 bis 2012-07-20 ))))))))))))))))))))))))))))))
.
.
2012-07-19 19:54 . 2012-07-19 19:54 -------- d-----w- C:\_OTL
2012-07-06 11:39 . 2012-07-06 11:39 -------- d-----w- c:\programme\ESET
2012-07-05 19:26 . 2012-07-13 18:09 -------- d-----w- c:\programme\RamBooster 2.0
2012-07-05 19:25 . 2012-07-05 19:25 53248 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Engine\6\Intel 32\msihook.dll
2012-07-05 19:25 . 2012-07-05 19:25 126976 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Engine\6\Intel 32\knlwrap.exe
2012-07-05 19:25 . 2012-07-05 19:25 114688 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2012-07-03 14:05 . 2012-05-11 14:40 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 02:22 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2009-08-06 18:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-01-01 13:33 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-01-04 18:45 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-01-04 17:21 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-01-04 17:21 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-01-04 17:21 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-01-04 18:45 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-01-04 18:45 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-01-04 17:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-01-04 17:21 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-01-04 18:45 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-01-04 17:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-01-04 17:21 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2011-03-02 16:11 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-03-02 16:11 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-04 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-01-04 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-14 17:47 . 2011-04-20 18:05 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programme\IncrediMail\bin\IncMail.exe" [2012-03-15 366024]
"Xvid"="c:\programme\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"Ai Nap"="c:\programme\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\programme\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\programme\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"UpdateLBPShortCut"="c:\programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="c:\programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePPShortCut"="c:\programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"G Data AntiVirus Tray Application"="c:\programme\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-08-17 1011208]
"GDFirewallTray"="c:\programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\olli\Startmenü\Programme\Autostart\
Verknüpfung mit VPNUK L2TP (2).lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-09-03 10:35 1406248 ----a-w- c:\programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-17 19:24 61440 ----a-w- c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"CloneCDTray"="c:\programme\CloneCD\CloneCDTray.exe" /s
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"UpdatePDRShortCut"="c:\programme\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\programme\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
"BDRegion"=c:\programme\Cyberlink\Shared files\brs.exe
"CLMLServer"="c:\programme\CyberLink\Power2Go\CLMLSvc.exe"
"RemoteControl9"=c:\programme\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Programme\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programme\\IncrediMail\\bin\\IMApp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [16.02.2012 20:12 77696]
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [26.08.2009 10:24 40440]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [04.01.2009 21:46 30200]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [28.02.2012 14:56 56208]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [24.06.2008 00:21 150568]
R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [16.02.2012 20:12 84544]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [04.01.2009 23:05 79992]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [04.01.2009 23:30 69272]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [08.09.2011 10:23 40568]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [02.08.2009 14:55 33824]
R2 AVKProxy;G Data AntiVirus Proxy;c:\programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [17.08.2011 15:00 1506824]
R2 AVKService;G Data Scheduler;c:\programme\G DATA\InternetSecurity\AVK\AVKService.exe [17.08.2011 15:00 464392]
R2 AVKWCtl;G Data Dateisystem Wächter;c:\programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe [28.07.2011 03:12 1554184]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [04.01.2009 21:46 52216]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [09.02.2012 12:59 1529152]
R3 GDFwSvc;G Data Personal Firewall;c:\programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [10.08.2011 14:20 1613424]
R3 GDScan;G Data Scanner;c:\programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [17.08.2011 15:00 457536]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [09.02.2012 12:48 10064]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.01.2011 14:10 136176]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [21.01.2009 16:57 3584]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys --> c:\windows\system32\DRIVERS\GenBus.sys [?]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [21.01.2009 16:29 151552]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [16.01.2011 14:10 136176]
S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [14.01.2009 19:37 6808]
S3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [19.12.2007 05:40 53760]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [20.07.2009 17:13 30329]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [05.04.2009 07:54 39488]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [26.08.2009 19:45 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [26.08.2009 19:45 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [26.08.2009 19:45 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [26.08.2009 19:45 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [26.08.2009 19:45 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [26.08.2009 19:45 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [26.08.2009 19:45 110120]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [20.05.2010 15:36 43520]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [20.05.2010 15:36 63488]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [16.01.2009 16:30 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [16.01.2009 16:30 5248]
S4 CLKMSVC10_73F2BDBC;CyberLink Product - 2011/02/22 23:44;c:\programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [14.05.2010 15:02 246256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 12:09 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 10:48]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd61229003cb44.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-16 12:10]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-492894223-725345543-1003Core1cb9e27e2308f5c.job
- c:\dokumente und einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-09-21 22:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
TCP: Interfaces\{55314E96-E69F-431E-80CD-5F25287658E0}: NameServer = 216.87.84.211
FF - ProfilePath - c:\dokumente und einstellungen\olli\Anwendungsdaten\Mozilla\Firefox\Profiles\kdk0guoi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de
FF - prefs.js: network.proxy.ftp - anonym.maxonymous.com
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - anonym.maxonymous.com
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - anonym.maxonymous.com
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - anonym.maxonymous.com
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - anonym.maxonymous.com
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-2005 Karte Europa City - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-20 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E60CA7022E72A5C06B695D3C131813D44B68A5AD9ACD71EF13935772840CBE89172876B0CD232EF95F5FF4D6602AF82721F47DB456B62E7ACB8F565C50E11D341E6BCB59D2234706D65E31373A7BEB7D6A276D4E3F691CC4CF0F9DF106B160285C58BDDA45FC727B297FE9F6F3BA7E3E154D2FF28D597F9F48356727E7D69F44520726C58F0EB7E6536F3B643FE7C8C239C73F4DDF5020D2833730A51CFB745B2922245F028820C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808ED2FE3F8049C2D0E0CDCC40C3DCADAFBFE6F5BA86FB206C28254015544784DDE0FCFDCBFD114A6E0B56C14AAB8EA0EC58B3B883357B5D4A9A264A6E60D3BF3BD158742A60F5970181FEC8BDFC459D6D1CB838307C09D3F6EACB594F63E97E09CA4852A8EB88FBDC24580E0A809BE58D7B67F455E9B38F4953034271D301FF76D880BEC0A32AF445CCB618D37909A3884E6FC09A83CA8B19763E077A6A1B9A2152FEF28E240863CD97958D1F14B3D21779EDA4C875B672E611ED1661133A54E6F299C3C968F36E4A139C6AC718CCC43C3400ED3D2953D2AD5DD31989069EFE9C9AC90CFD2AD317E8F991EE7040BC3CE72541EA592EA486BC7C3B9768CAF7E6BE413DCCBFE8B43CF704EE58B29E36E7B8086298D87C0FD3782143FAAA1D187CAF7DBA9DBB18106A20A2DB965981470845CA6DC1A24DDA25B40B8A6271F029705ADA92F72B8496B4312B149883C803EA86B29801F0EEE53A4343D679E86D58D1B233FBCC314013983347B574BAE71222984A46A342006FC6A83D3108A91459E11EA08354A78AB073B0E4B3B47C38FB94E735706336895E281C45042A6AA2F51EE89920E414D2F43C0338AE0DA816D7761F89ED53B29771BC508AC3372725482C2FA8FD02C31D5ACF42C4247A71F7C9F32C97F6CB1DAE792984D04ABB13A5AE01D2DD61ECDF24ED8B6712380948C93CD130DA2F33A2705065C089908ED0CCA719100602631982CAFEDF47DB54B6A706E5A5E52A6C3EAD609F823513C73A2938A3ACB4BAFA358637003964BA03A0DB0C3E1CE00D5FABA4382D97A32CAD06C84D9B25AD794B4A04FA96330A591147F58E30BE13EE4D25C972DEE606CCE5B0F53DC9BE7EDC43A9230C0810BCB6BCD7E4E37B48F46CD04CA0417AB194FF3AADF9BE8192896C0CD00A56E53672025A27C5EFC4944F29B89B31D24095DCF7D9BEAD8A555C1FE21CBF3384051F7AACA8F9D3847315FC36E21F9DA8A805A86BE4E706B8D7CCB7A0DD52B51167A6215FAD73D6EFADA35DE7B4EB31AD412B1B022A5E49BF2BE577EC451133EA4CEC22F6980E679D13A8D0A8A5AAC9B62C2773025CBEC90F6D06424996753B3F455A8"
"OOSE05.00.00.01PRO"="3EAFF970AB046529FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D6794BA7FD869164D6794B585E661A355E6DC59E5B1D96778E9F585765D651675D966A2D48A4126EBD74AD342789DBEB66181781B2C2823291BC28054691FF2D873B71312FCF9B277922A0247D29EA93E9CC50EE8E2A911673EE4FCB2614109BB926E7A76D0016E26CD44507ED36C73E7C345E985587587C9B457A6AF8F951DEB6B060228B4F02C2135B684B92D1198D31ADE0C07E2A8D507745ADCCC0DE6695DCA428632AAE5B3B187E2192BE29B104671B52D6C2FE0BC7D857132EF4B871CA28DA617020403BEC5176FBA68D11FBF2634B1B794B9C2EFAD076570E08CCA5877A57CF86A6CECFC72CD47CAEFA5318401DC7C484356F51A3CA84390CD6A0AB2BA9A50A523DF4D126DA417DF20606DAE047C8633A2ABA6577130D9C3C94FA1356D067448442ED19490AB5142BB57F00206B603FDBD358439BB773EECC6FB725FB396FD42CDFC2C8EDC862DEF6A365F36FCC468E406BF41442B6BC723A004E1A15A0D452821C5920074EA241A37F8E0780672F054CEF01771748C13B315CED662CD41684206D33EDB1EA6F3A792731E66609F9D6F513D40ADF0F0011CC498BEFB1F1D488C25C8EC89C4179F30CEC8C597EF41310DAA70FBDA9DC23411B3700CBC869E89B88E995FE3F7306C8324748B11BCDF3238D829104D9ABD95F8CD3B30E5DBD8152A348EDCB969F865202EC2A5CFF2976C2E42D841CE2EB251F05F2FA62F1EF01979EBC4AE4DEF0C583EEAD7CE44E1176E622E49DC9ABF09D74819D86AC0EEA286F370AC21D6871B57C6BE27C4D2FDA48B7BCA9233E4DC385C809198FBB8143A911ADF8A86014FE6B8D5F17B4C515E97DBD326A4174F374FD7D3412261A9789BB49F3D79B5EA88C795BEADF2290EBFDC3979B6C1DFF4A16D062C06FBA21A28BBAB6E6E6307A69B29CC07047F29C803F343AFD302E86297C8E7A92103CB8355A6F822BD8AD83D920A0266666598B4A971DC6C39CD1397B3AB419E38E66E535879E18AD9040CA71DFD99CB2C3FCA7A5C7D2DD90965C18AB871991454AB1E6DA766EDAC553808D50EABBD59127C9635E8D4A0D746DBDBA40B0EBD46E328F426E334EA4227E234AB5B4E5D62B65CD6F5BCC7E4F75A18CD43B2043DA1B6890E47CCBC6AB628967E7D9FB5AA729D75E9406D3A6D0190D306B55DEDECCC03CD0B114A6F422A97B6D91A1CC59A462E32B28C3224F16C9A1F7942DB78E31EE24A9133654C0AF2987CBB3DB1F3E7CF34CF17C5E5136DEA8BDA1FA1A2660020D226C754CA6B2097AFF31D1CE7CD9233DDE0034D8AA51E5D5CBF7381CA0BE014B35C5B8FCEF6A555C900FB5C697059CCBF4A6377431108"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-07-20 19:16:57
ComboFix-quarantined-files.txt 2012-07-20 17:16
.
Vor Suchlauf: 13 Verzeichnis(se), 77.998.743.552 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 78.079.893.504 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6D170FFE1B4F512AB6E4CB3F4EA963B9
|
|
21.07.2012, 15:09
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht von spyeye infizierung Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2012, 19:05
| #25 |
| | verdacht von spyeye infizierung Gmer hing beim ersten mal.beim 2. mal bekam ich irgendwann ein "runtime error...." ein log bzw. ein stückchen log konnte ich speichern. Gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-22 06:57:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: 9yg58nok.exe; Driver: C:\DOKUME~1\olli\LOKALE~1\Temp\pxtdrpoc.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwCreateKey [0xA34FC382]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwDeleteKey [0xA34FC606]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwDeleteValueKey [0xA34FC628]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwOpenKey [0xA34FC4C4]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwOpenProcess [0xA34FC23E]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG) ZwSetValueKey [0xA34FC5D8]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB82CF000, 0x1C8292, 0xE8000020]
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xA34BA280, 0x7B1C, 0xE8000020]
? C:\DOKUME~1\olli\LOKALE~1\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA3423DA] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA3423DA] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA3423DA] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA3423DA] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA3423DA] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [BA3423DA] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA3423B0] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA3423DA] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA342116] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA342186] GDNdisIc.sys (NDIS packet redirector/G Data Software AG)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G Data Software AG)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys (G Data Software AG)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 54120
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E60CA7022E72A5C06B695D3C131813D44B68A5AD9ACD71EF13935772840CBE89172876B0CD232EF95F5FF4D6602AF82721F47DB456B62E7ACB8F565C50E11D341E6BCB59D2234706D65E31373A7BEB7D6A276D4E3F691CC4CF0F9DF106B160285C58BDDA45FC727B297FE9F6F3BA7E3E154D2FF28D597F9F48356727E7D69F44520726C58F0EB7E6536F3B643FE7C8C239C73F4DDF5020D2833730A51CFB745B2922245F028820C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808ED2FE3F8049C2D0E0CDCC40C3DCADAFBFE6F5BA86FB206C28254015544784DDE0FCFDCBFD114A6E0B56C14AAB8EA0EC58B3B883357B5D4A9A264A6E60D3BF3BD158742A60F5970181FEC8BDFC459D6D1CB838307C09D3F6EACB594F63E97E09CA4852A8EB88FBDC24580E0A809BE58D7B67F455E9B38F4953034271D301FF76D880BEC0A32AF445CCB618D37909A3884E6FC09A83CA8B19763E077A6A1B9A2152FEF28E240863CD97958D1F14B3D21779EDA4C875B672E611ED1661133A54E6F299C3C968F36E4A139C6AC718CCC43C3400ED3D2953D2AD5DD31989069EFE9C9AC90CFD2AD317E8F991EE7040BC3CE72541EA592EA486BC7C3B9768CAF7E6BE413DCCBFE8B43CF7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSE05.00.00.01PRO 3EAFF970AB046529FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D6794BA7FD869164D6794B585E661A355E6DC59E5B1D96778E9F585765D651675D966A2D48A4126EBD74AD342789DBEB66181781B2C2823291BC28054691FF2D873B71312FCF9B277922A0247D29EA93E9CC50EE8E2A911673EE4FCB2614109BB926E7A76D0016E26CD44507ED36C73E7C345E985587587C9B457A6AF8F951DEB6B060228B4F02C2135B684B92D1198D31ADE0C07E2A8D507745ADCCC0DE6695DCA428632AAE5B3B187E2192BE29B104671B52D6C2FE0BC7D857132EF4B871CA28DA617020403BEC5176FBA68D11FBF2634B1B794B9C2EFAD076570E08CCA5877A57CF86A6CECFC72CD47CAEFA5318401DC7C484356F51A3CA84390CD6A0AB2BA9A50A523DF4D126DA417DF20606DAE047C8633A2ABA6577130D9C3C94FA1356D067448442ED19490AB5142BB57F00206B603FDBD358439BB773EECC6FB725FB396FD42CDFC2C8EDC862DEF6A365F36FCC468E406BF41442B6BC723A004E1A15A0D452821C5920074EA241A37F8E0780672F054CEF01771748C13B315CED662CD41684206D33EDB1EA6F3A792731E66609F9D6F513D40ADF0F0011CC498BEFB1F1D488C25C8EC89C4179F30CEC8C597EF413
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 07:03:38 on 22.07.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cd61229003cb44.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1390067357-492894223-725345543-1003Core1cb9e27e2308f5c.job" - "Google Inc." - C:\Dokumente und Einstellungen\olli\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Storage Filter Management" (fltsrv) - "Acronis" - C:\WINDOWS\System32\DRIVERS\fltsrv.sys "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys (File found, but it contains no detailed information) "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys "aswMBR" (aswMBR) - ? - C:\DOKUME~1\olli\LOKALE~1\Temp\aswMBR.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\DOKUME~1\olli\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DriverLINX Port I/O Driver" (DLPortIO) - ? - C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS (File found, but it contains no detailed information) "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "filtertdidriver" (filtertdidriver) - ? - C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys (File not found) "G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\WINDOWS\system32\drivers\GRD.sys "GDBehave" (GDBehave) - "G Data Software AG" - C:\WINDOWS\System32\drivers\GDBehave.sys "GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\WINDOWS\system32\drivers\MiniIcpt.sys "GDNdisIc" (GDNdisIc) - "G Data Software AG" - C:\WINDOWS\System32\drivers\GDNdisIc.sys "GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys "GearAspiWDM" (GearAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\drivers\GEARAspiWDM.sys "hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\WINDOWS\System32\DRIVERS\hotcore3.sys "HookCentre" (HookCentre) - "G Data Software AG" - C:\WINDOWS\system32\drivers\HookCentre.sys "HWACCESS" (HWACCESS) - ? - C:\WINDOWS\SYSTEM32\HWACCESS.SYS (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Low level access layer for CD devices" (Pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\Pcouffin.sys "Navman In-car Navigator USB Driver Service" (Navcar) - "NAVMAN" - C:\WINDOWS\System32\DRIVERS\Navcar.sys "Network USB Device" (EST_Server) - " " - C:\WINDOWS\System32\DRIVERS\GenHC.sys "Network USB Device Bus" (EST_BusEnum) - ? - C:\WINDOWS\System32\DRIVERS\GenBus.sys (File not found) "oreans32" (oreans32) - ? - C:\WINDOWS\system32\drivers\oreans32.sys (File found, but it contains no detailed information) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Prolific Serial port driver" (Ser2pl) - ? - C:\WINDOWS\System32\DRIVERS\ser2pl.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys "UIM Drive Backup Image Plugin" (Uim_IM) - "Paragon" - C:\WINDOWS\System32\Drivers\Uim_IM.sys "Universal Image Mounter Controller" (UimBus) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\UimBus.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll {6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\Programme\AVSVideoConverter6\AVSVideoConverterShExt.dll {79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "Microsoft Image Composite Editor" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\NeroShellExt\NeroShellExt.dll {E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7} "SafeEraseObj Class" - "O&O Software GmbH" - C:\Programme\OO Software\SafeErase\oosesh.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\SDShelEx-win32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {6F15128C-E66A-490C-B848-5000B5ABEEAC} "HP Download Manager" - "Hewlett-Packard Co." - C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll / https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - ? - C:\Programme\Java\jre6\bin\npjpi160_29.dll (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341397041093 {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10m.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Programme\G Data\InternetSecurity\WebFilter\AVKWebIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\BanksafeBHO.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Programme\G Data\InternetSecurity\WebFilter\AVKWebIE.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\olli\Startmenü\Programme\Autostart\desktop.ini "Verknüpfung mit VPNUK L2TP (2).lnk" - ? - C:\Dokumente und Einstellungen\olli\Startmenü\Programme\Autostart\Verknüpfung mit VPNUK L2TP (2).lnk (Shortcut exists | File not found) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IncrediMail" - "IncrediMail, Ltd." - C:\Programme\IncrediMail\bin\IncMail.exe /c "Xvid" - ? - C:\Programme\Xvid\CheckUpdate.exe (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Ai Nap" - ? - "C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe" (File found, but it contains no detailed information) "CHotkey" - "Chicony" - mHotkey.exe "Cpu Level Up help" - ? - C:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe "G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe "GDFirewallTray" - "G Data Software AG" - C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe "IAAnotif" - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe "MDS_Menu" - "CyberLink Corp." - "C:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" "QFan Help" - ? - "C:\Programme\ASUS\AI Suite\QFan3\QFanHelp.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePPShortCut" - "CyberLink Corp." - "C:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" "UpdatePSTShortCut" - "CyberLink Corp." - "C:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared files\RichVideo.exe "G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe "G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe "G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe "G Data Scanner" (GDScan) - "G Data Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe "G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Java Quick Starter" (JavaQuickStarterService) - ? - "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" (File not found) "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-22 07:05:16
-----------------------------
07:05:16.281 OS Version: Windows 5.1.2600 Service Pack 3
07:05:16.281 Number of processors: 2 586 0x170A
07:05:16.281 ComputerName: ABE1 UserName: olli
07:05:16.578 Initialize success
07:09:38.265 AVAST engine defs: 12072101
07:16:14.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:16:14.234 Disk 0 Vendor: Intel___ 1.0. Size: 122880MB BusType: 8
07:16:14.234 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
07:16:14.234 Disk 1 Vendor: Intel___ 1.0. Size: 354061MB BusType: 8
07:16:14.250 Disk 0 MBR read successfully
07:16:14.250 Disk 0 MBR scan
07:16:14.281 Disk 0 Windows XP default MBR code
07:16:14.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122872 MB offset 63
07:16:14.281 Disk 0 scanning sectors +251642160
07:16:14.343 Disk 0 scanning C:\WINDOWS\system32\drivers
07:16:24.203 Service scanning
07:16:36.484 Modules scanning
07:16:40.750 Disk 0 trace - called modules:
07:16:40.750
07:16:41.187 AVAST engine scan C:\WINDOWS
07:16:50.390 AVAST engine scan C:\WINDOWS\system32
07:19:16.484 AVAST engine scan C:\WINDOWS\system32\drivers
07:19:28.765 AVAST engine scan C:\Dokumente und Einstellungen\olli
07:26:53.890 AVAST engine scan C:\Dokumente und Einstellungen\All Users
07:28:18.812 Scan finished successfully
19:59:50.125 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\olli\Desktop\MBR.dat"
19:59:50.125 The log file has been saved successfully to "C:\Dokumente und Einstellungen\olli\Desktop\aswMBR.txt"
|
|
23.07.2012, 14:55
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht von spyeye infizierung Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.07.2012, 18:28
| #27 |
| | verdacht von spyeye infizierung neue logs.... MWB: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 olli :: ABE1 [Administrator] 23.07.2012 18:54:44 mbam-log-2012-07-23 (18-54-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 317422 Laufzeit: 5 Stunde(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/24/2012 at 06:43 PM
Application Version : 5.5.1012
Core Rules Database Version : 8948
Trace Rules Database Version: 6760
Scan type : Complete Scan
Total Scan Time : 00:56:01
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 35863
Registry threats detected : 32
File items scanned : 130471
File threats detected : 12
Unclassified.Oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\olli\Cookies\9C8RA308.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\olli\Cookies\3J14R4N4.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\olli\Cookies\3MSMM0OX.txt [ /rambler.ru ]
C:\Dokumente und Einstellungen\olli\Cookies\4AV5BENZ.txt [ /ads.creative-serving.com ]
C:\Dokumente und Einstellungen\olli\Cookies\BU10TEMJ.txt [ /www.rambler.ru ]
C:\Dokumente und Einstellungen\olli\Cookies\E5AK956W.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\olli\Cookies\XAOUMAP0.txt [ /2o7.net ]
Application.Oreans32
HKLM\system\controlset001\services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_OREANS32
HKLM\System\ControlSet002\Services\OREANS32
HKLM\System\ControlSet002\Enum\Root\LEGACY_OREANS32
HKLM\System\ControlSet003\Services\OREANS32
HKLM\System\ControlSet003\Enum\Root\LEGACY_OREANS32
Trojan.WinLog/Panama
D:\DOWNLOAD\WIN_LOG\WIN_LOG\WINLOG.EXE
D:\DOWNLOAD\WIN_LOG\WIN_LOG\VERKNüPFUNG MIT WINLOG.LNK
C:\DOKUMENTE UND EINSTELLUNGEN\OLLI\DESKTOP\WINLOG.LNK
Unclassified.Monitor/ActualSpy
C:\PROGRAMME\MG12\SUPPORT\MGGSTR32.DLL
 |
|
24.07.2012, 21:01
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht von spyeye infizierung Hm, ich hatte in Erinnerung, dass dieser oreans32-Krempel nicht unbedingt ein Schädling sein muss, aber offensichtlich ist er das Code:
ATTFilter C:\WINDOWS\system32\drivers\oreans32.sys
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2012, 20:06
| #29 |
| | verdacht von spyeye infizierung https://www.virustotal.com/file/d786de9fb254dcec3d131cbeae13e4020d9e353835ad2e4bef9580b1d638b4ad/analysis/ |
|
26.07.2012, 13:38
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verdacht von spyeye infizierung Das Teil ist von einem Kopierschutztreiber! Code:
ATTFilter Trojan.WinLog/Panama
D:\DOWNLOAD\WIN_LOG\WIN_LOG\WINLOG.EXE
D:\DOWNLOAD\WIN_LOG\WIN_LOG\VERKNüPFUNG MIT WINLOG.LNK
C:\DOKUMENTE UND EINSTELLUNGEN\OLLI\DESKTOP\WINLOG.LNK
Unclassified.Monitor/ActualSpy
C:\PROGRAMME\MG12\SUPPORT\MGGSTR32.DLL
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu verdacht von spyeye infizierung |
| adobe, antivirus, asus, avast, bankguard, bho, canon, cpu, download, einstellungen, explorer, firefox, firewall, format, google earth, helper, logfile, nicht sicher, nodrives, object, ordner, plug-in, prüfen, realtek, registry, scan, searchscopes, security, server, software, super, udp, usb |
Linear-Darstellung
