| |
| |||||||
Log-Analyse und Auswertung: Taskmananger läuft nicht -Bedrohungen gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.07.2012, 16:40
| #1 |
| |  Taskmananger läuft nicht -Bedrohungen gefunden Hallo ich habe das Problem, dass mein Taskmananger nicht mehr öffnet. Ich hab mit mailwarebytes gescannt und die bedrohungen entfernt. Leide habe ich keine Kopie erstellt. Anbei sende ich die Log.file von OTL.txt OTL logfile created on: 19.07.2012 15:33:26 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Kleine\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,18% Memory free 3,33 Gb Paging File | 2,07 Gb Available in Paging File | 62,09% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 92,11 Gb Total Space | 20,84 Gb Free Space | 22,63% Space Free | Partition Type: NTFS Drive D: | 19,68 Gb Total Space | 1,68 Gb Free Space | 8,52% Space Free | Partition Type: NTFS Drive H: | 148,08 Gb Total Space | 23,70 Gb Free Space | 16,00% Space Free | Partition Type: NTFS Drive L: | 148,08 Gb Total Space | 23,70 Gb Free Space | 16,00% Space Free | Partition Type: NTFS Drive M: | 148,08 Gb Total Space | 23,70 Gb Free Space | 16,00% Space Free | Partition Type: NTFS Computer Name: KLEINE | User Name: Kleine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.19 15:32:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kleine\Eigene Dateien\Downloads\OTL.exe PRC - [2012.07.19 14:37:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.07.10 10:38:59 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.10 10:38:58 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.05.30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.03.30 01:09:18 | 000,071,024 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe PRC - [2012.03.30 01:01:44 | 000,011,120 | ---- | M] (Haufe Mediengruppe) -- D:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 22:28:38 | 000,013,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\SyncServer.exe PRC - [2012.01.27 13:42:18 | 000,010,848 | ---- | M] (DATEV eG) -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe PRC - [2011.11.28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2011.11.23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgfws.exe PRC - [2011.11.04 09:51:48 | 000,176,128 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe PRC - [2011.11.04 09:51:20 | 000,356,412 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe PRC - [2011.11.04 02:00:00 | 001,245,184 | ---- | M] (DATEV eG) -- D:\DATEV\SYSTEM\ccsrv3.exe PRC - [2011.09.08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2011.08.15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2011.07.25 02:49:00 | 000,269,920 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe PRC - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe PRC - [2011.06.28 09:22:08 | 000,549,472 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe PRC - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe PRC - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) -- D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe PRC - [2011.05.09 14:52:02 | 000,595,552 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0000398\SiPaHost.exe PRC - [2011.03.15 18:43:38 | 000,200,704 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\DFUEWS\MNANTB\mnantb.exe PRC - [2010.09.22 17:47:22 | 000,292,960 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe PRC - [2010.09.22 16:47:40 | 000,368,736 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe PRC - [2010.09.13 18:58:00 | 000,866,912 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0001363\SCmIdentityScanner.exe PRC - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) -- D:\DATEV\PROGRAMM\B0001364\DtvScSer.exe PRC - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) -- D:\DATEV\PROGRAMM\B0000404\msdisrv.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.05.27 15:27:00 | 000,045,056 | ---- | M] () -- D:\DATEV\PROGRAMM\A0000007\DHNC.exe PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.RECHERCHE2009\MSSQL\Binn\sqlservr.exe PRC - [2008.06.18 08:13:20 | 000,036,448 | ---- | M] (DATEV eG) -- D:\DATEV\SYSTEM\RzpjWtch.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.02.07 21:47:54 | 000,070,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\ssonsvr.exe PRC - [2006.04.20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012.07.19 14:37:29 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.07.19 03:11:45 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.07.19 03:11:37 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.07.19 03:11:35 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2012.07.19 03:11:34 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll MOD - [2012.07.19 03:11:32 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2012.07.19 03:11:31 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2012.07.16 10:06:29 | 009,465,032 | ---- | M] () -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012.07.10 10:38:59 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe MOD - [2012.07.10 10:38:59 | 000,132,704 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.07.10 10:38:58 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.06.14 03:47:49 | 001,449,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\f3b4289b9c73d5800c2c9ccf5f18fb46\Datev.Framework.RemoteServiceModel.ni.dll MOD - [2012.06.14 03:47:04 | 000,209,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dir#\0aafb60677c4a72cc6f74dd969d9856d\Datev.Framework.DirectStart.ni.dll MOD - [2012.06.14 03:46:55 | 000,664,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\4beaf4b4d66ac27c73ba827915da3ce5\Datev.ConfigDB.ni.dll MOD - [2012.06.14 03:22:20 | 000,559,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\624a168a8657b12287dd291408b8b4d8\Datev.Framework.MicroParts.Interface.ni.dll MOD - [2012.06.14 03:21:25 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll MOD - [2012.06.14 03:11:22 | 002,413,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\3a11aa3856f203fc91bb8ccd76c8868f\Datev.Framework.Interface.ni.dll MOD - [2012.06.14 03:09:12 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012.05.14 11:48:24 | 000,092,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\791d2fa5cc30d967482f61d349c69897\Datev.Framework.LicenseManagement.PlugIn.ni.dll MOD - [2012.05.14 11:47:39 | 000,064,512 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\9012d2a7bd1c2e5ba651a971675de08c\Datev.Framework.Environment.ni.dll MOD - [2012.05.14 11:46:13 | 000,114,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\fdc1f39da15bbf602484c35d65176bd3\Datev.ConfigDB.StorageProvider.ni.dll MOD - [2012.05.14 11:46:13 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\d43837854fb10e60b3d7d5bc53245977\Datev.ConfigDB.PlugIn.ni.dll MOD - [2012.05.14 09:20:08 | 000,338,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\d882d057880e48d773f67a462dbaeac5\Datev.ConfigDB.Interop.ni.dll MOD - [2012.05.14 09:17:29 | 000,016,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Arbeitsplatz.#\4e65848d3e41e6784160d87102c10e5e\Datev.Arbeitsplatz.IEO.InstalledEnvironmentManage r.Interface.ni.dll MOD - [2012.05.14 09:16:30 | 000,428,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ext#\78f3e7b819ec3261554c5623887abde1\Datev.Lexinform.ExternalInterface.ni.dll MOD - [2012.05.14 09:16:30 | 000,104,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Hos#\49d1dabe17d7c4f510aa81a9a0204875\Datev.Framework.Hosting.Interface.ni.dll MOD - [2012.05.14 09:15:54 | 000,065,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\30a9f94196e66e1b613fcdff74ae327d\Datev.ConfigDB.Interfaces.ni.dll MOD - [2012.05.14 09:14:39 | 001,072,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll MOD - [2012.05.14 09:14:37 | 018,058,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll MOD - [2012.05.14 09:14:18 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll MOD - [2012.05.14 09:14:18 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll MOD - [2012.05.14 09:14:17 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll MOD - [2012.05.14 09:14:16 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll MOD - [2012.05.14 09:14:06 | 000,241,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\e3e96fc42df0d98b36f394812470e0c0\System.Runtime.Caching.ni.dll MOD - [2012.05.14 09:13:54 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll MOD - [2012.05.14 09:13:51 | 000,647,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\f2684949f82c5b9bd79082d63e84b352\Datev.Framework.Diagnostics.RealTimeTracing.ni.dl l MOD - [2012.05.14 09:13:50 | 002,470,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\1474c88993d19d7dbf90b4f6741b9ce3\Datev.Framework.MicroKernel.ni.dll MOD - [2012.05.14 09:13:38 | 001,782,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012.05.10 15:42:52 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012.05.10 15:42:50 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.10 15:42:45 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012.05.10 15:42:44 | 009,091,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.10 15:42:36 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.03.30 02:29:04 | 000,013,168 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd MOD - [2012.03.30 02:29:02 | 000,012,656 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd MOD - [2012.03.30 02:28:58 | 000,341,360 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd MOD - [2012.03.30 02:28:56 | 000,010,096 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd MOD - [2012.03.30 02:28:52 | 000,013,168 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd MOD - [2012.03.30 02:28:46 | 000,010,096 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd MOD - [2012.03.30 02:28:44 | 000,010,096 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd MOD - [2012.03.30 02:28:36 | 000,020,848 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd MOD - [2012.03.30 02:28:36 | 000,014,192 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd MOD - [2012.03.30 02:28:34 | 000,021,360 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd MOD - [2012.03.30 02:28:32 | 000,011,120 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd MOD - [2012.03.30 02:28:28 | 000,011,632 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd MOD - [2012.03.30 02:28:26 | 000,011,120 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd MOD - [2012.03.30 02:28:24 | 000,010,096 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd MOD - [2012.03.30 02:28:22 | 000,271,728 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd MOD - [2012.03.30 02:28:18 | 000,020,848 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd MOD - [2012.03.30 02:28:18 | 000,020,336 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd MOD - [2012.03.30 02:28:16 | 000,010,608 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd MOD - [2012.03.30 02:28:14 | 000,058,736 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd MOD - [2012.03.30 02:28:12 | 000,062,832 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd MOD - [2012.03.30 02:28:10 | 000,062,832 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd MOD - [2012.03.30 02:28:08 | 000,062,832 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd MOD - [2012.03.30 02:28:04 | 000,062,832 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd MOD - [2012.03.30 02:28:04 | 000,026,480 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd MOD - [2012.03.30 02:28:02 | 000,026,992 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd MOD - [2012.03.30 01:10:06 | 000,037,744 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32service.pyd MOD - [2012.03.30 01:10:04 | 000,107,888 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32security.pyd MOD - [2012.03.30 01:10:00 | 000,032,112 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32process.pyd MOD - [2012.03.30 01:09:56 | 000,021,360 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32pipe.pyd MOD - [2012.03.30 01:09:44 | 000,083,312 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32file.pyd MOD - [2012.03.30 01:09:42 | 000,019,312 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32evtlog.pyd MOD - [2012.03.30 01:09:40 | 000,019,312 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32event.pyd MOD - [2012.03.30 01:09:36 | 000,075,120 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\win32api.pyd MOD - [2012.03.30 01:09:30 | 000,029,552 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\lib\site-packages\win32\servicemanager.pyd MOD - [2012.03.30 01:09:18 | 000,071,024 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe MOD - [2012.03.30 01:09:14 | 000,103,792 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\pywintypes24.dll MOD - [2012.03.30 01:02:02 | 000,017,264 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\DLLS\_ssl.pyd MOD - [2012.03.30 01:02:00 | 000,054,640 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\DLLS\_socket.pyd MOD - [2012.03.30 01:01:56 | 000,071,024 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\DLLS\zlib.pyd MOD - [2012.03.30 01:01:52 | 000,140,656 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\DLLS\pyexpat.pyd MOD - [2012.03.30 01:01:52 | 000,013,680 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\DLLS\select.pyd MOD - [2012.03.30 00:54:58 | 000,161,136 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\DLLS\ssleay32.dll MOD - [2012.03.30 00:54:56 | 000,832,880 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\DLLS\libeay32.dll MOD - [2012.03.29 06:41:18 | 000,607,232 | ---- | M] () -- D:\Programme\Haufe\iDesk\iDeskService\osr32v10.dll MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.28 09:22:06 | 000,068,704 | ---- | M] () -- D:\DATEV\PROGRAMM\B0000150\ScServer\ScEventSourcePlugin.dll MOD - [2011.05.09 14:52:00 | 000,203,264 | ---- | M] () -- D:\DATEV\SYSTEM\DVCCSipaHostApidll.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.02.25 14:01:34 | 000,014,680 | ---- | M] () -- C:\Windows\system32\skypdfmonpro.dll MOD - [2010.09.22 16:47:14 | 000,007,776 | ---- | M] () -- D:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardServicePS.dll MOD - [2010.09.13 18:58:00 | 000,006,752 | ---- | M] () -- D:\DATEV\PROGRAMM\B0001363\SCmIdentityScannerPS.dll MOD - [2010.07.12 09:05:32 | 000,030,304 | ---- | M] () -- D:\DATEV\PROGRAMM\B0000150\ScServer\ScWinMagicPlugin.dll MOD - [2010.06.10 10:22:24 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2010.06.10 10:22:24 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll MOD - [2010.06.10 10:22:24 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.10.30 17:42:28 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.30 17:42:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.09.22 16:06:38 | 000,087,040 | ---- | M] () -- D:\DATEV\PROGRAMM\B0000391\DokSchutzShExt.dll MOD - [2009.08.16 17:32:22 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll MOD - [2009.05.27 16:27:18 | 000,021,504 | ---- | M] () -- D:\DATEV\SYSTEM\DvDfvkTrStart003.dll MOD - [2009.05.27 16:26:36 | 000,237,568 | ---- | M] () -- D:\DATEV\SYSTEM\DvDfvkBas002.dll MOD - [2009.05.27 15:27:00 | 000,045,056 | ---- | M] () -- D:\DATEV\PROGRAMM\A0000007\DHNC.exe MOD - [2006.04.20 08:34:38 | 000,197,680 | ---- | M] () -- C:\Windows\system32\vpnapi.dll MOD - [2004.07.27 11:27:38 | 000,184,320 | ---- | M] () -- D:\DATEV\SYSTEM\DVBSKNFOMT109.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Running] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService) SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -- (Datev.Framework.RemoteServices) SRV - File not found [Auto | Running] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -- (Datev.Framework.RemoteServiceModel.EnablerService) SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 -- (Datev.Database.Conserve) SRV - [2012.07.19 14:37:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.16 10:06:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.10 10:38:59 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.05.24 13:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.03.30 01:09:18 | 000,071,024 | ---- | M] () [Auto | Running] -- D:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService) SRV - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService) SRV - [2011.11.23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2011.11.04 09:51:48 | 000,176,128 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag) SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.07.25 02:49:00 | 000,172,640 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.06.28 09:18:54 | 002,409,056 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe -- (DVckService) SRV - [2011.05.09 14:52:04 | 000,271,456 | ---- | M] (Datev eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe -- (Sicherheitspaket-Dienst) SRV - [2010.09.22 17:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe -- (SCardService) SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto | Running] -- D:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon Service) SRV - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems GmbH) [Auto | Running] -- D:\DATEV\PROGRAMM\B0000404\msdisrv.exe -- (KOBIL_MSDI) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.RECHERCHE2009\MSSQL\Binn\sqlservr.exe -- (MSSQL$RECHERCHE2009) SQL Server (RECHERCHE2009) SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.RECHERCHE2009\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$RECHERCHE2009) SQL Server-Agent (RECHERCHE2009) SRV - [2009.01.28 11:52:46 | 002,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\system32\hasplms.exe -- (hasplms) SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2007.02.06 18:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2007.02.06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2006.04.20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.02.24 11:27:26 | 000,196,669 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011.10.04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.09.13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.08.08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.07.19 14:28:42 | 000,075,320 | ---- | M] (Datev eG) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\d3_kafm.sys -- (SC_Serv3D) DRV - [2011.07.11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.07.11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.07.11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011.07.11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.05.23 02:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\avgfwdx.sys -- (Avgfwfd) DRV - [2011.05.23 02:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\avgfwdx.sys -- (Avgfwdx) DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\system32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009.02.03 04:10:12 | 000,586,752 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2009.02.03 04:10:12 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\akshasp.sys -- (akshasp) DRV - [2009.01.28 17:26:24 | 000,020,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\aksusb.sys -- (aksusb) DRV - [2009.01.16 12:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.07.10 09:56:34 | 004,449,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.04.11 16:32:46 | 000,010,640 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2007.02.06 18:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007.02.06 18:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007.02.06 18:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007.02.03 11:33:00 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2007.02.03 11:32:46 | 001,939,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC) DRV - [2007.02.03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.02.03 11:30:58 | 001,507,232 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2006.06.23 00:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\lvselsus.sys -- (lvselsus) DRV - [2006.04.20 08:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2005.09.19 03:07:00 | 000,035,275 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TwkUsb2K.sys -- (CHIPDRIVE USB SmartCardReader) DRV - [2005.08.18 19:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dne2000.sys -- (DNE) DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\vsdatant.sys -- (vsdatant) DRV - [2004.08.25 15:06:00 | 000,185,611 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\TWKSER2K.sys -- (TWKSER2K) DRV - [2004.08.14 01:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.05.24 14:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\avmport.sys -- (AVMPORT) DRV - [2003.06.18 02:00:00 | 000,481,408 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2003.06.18 02:00:00 | 000,051,200 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2003.04.24 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TWKMS.sys -- (TwkMs) DRV - [2003.02.24 11:27:26 | 000,297,984 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NETFRITZ.SYS -- (NETFRITZ) DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\avmwan.sys -- (AVMWAN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 EC CC CF AF 5D CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={0DC8DDF4-6FFB-42E1-AEDB-890CFA4C3899}&mid=8913c64e6b3aa76ed790f4db177c65b5-7b31c9acc74f209d48ddd8f1eb63eb0efb622284&lang=de&ds=AVG&pr=pr&d=2011-12-06 16:10:06&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@datev.de/DATEV_BestellManager,version=1.7: D:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: d:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: d:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: d:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG2012\Firefox4\ [2012.02.01 14:42:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\10.0.0.7\ [2012.01.27 17:00:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 14:37:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.26 10:30:26 | 000,000,000 | ---D | M] [2012.07.04 15:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Extensions [2011.01.04 15:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2012.07.04 15:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Firefox\Profiles\qd1zoqc9.Standard-Benutzer\extensions [2012.05.19 10:04:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Firefox\Profiles\qd1zoqc9.Standard-Benutzer\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.04 15:25:09 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Firefox\Profiles\qd1zoqc9.Standard-Benutzer\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.12.06 16:37:03 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Firefox\Profiles\qd1zoqc9.Standard-Benutzer\extensions\avg@toolbar [2012.02.09 13:52:57 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Firefox\Profiles\qd1zoqc9.Standard-Benutzer\extensions\piclens@cooliris.com [2011.12.06 16:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Firefox\Profiles\rh8vmqp8.default\extensions [2011.12.06 16:37:03 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Mozilla\Firefox\Profiles\rh8vmqp8.default\extensions\avg@toolbar [2012.07.04 15:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.29 11:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.25 10:18:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.26 10:30:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2012.07.19 14:37:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.02.07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2008.02.07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2008.02.07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll [2007.03.16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll [2007.03.16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll [2008.02.07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2009.05.25 16:10:28 | 001,386,600 | ---- | M] (LINK & LINK Software) -- C:\Programme\mozilla firefox\plugins\npideapl.dll [2008.02.07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2012.07.02 15:52:30 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.10 10:38:58 | 000,003,767 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2010.06.28 10:42:51 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.07.02 15:52:30 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.02 15:52:30 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.02 15:52:30 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.04 15:25:03 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml [2012.07.02 15:52:30 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.02 15:52:30 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [DATEV Update-Monitor] D:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG) O4 - HKLM..\Run: [DATEV_SCardMan] D:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG) O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] D:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Programme\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [SfWinStartInfo] C:\Programme\SFirm32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [SiPaHost] D:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [08156AE0] C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Zsrlfyycf\02870C6508156AE0C07D.exe File not found O4 - HKCU..\Run: [iCloudServices] C:\Programme\Gemeinsame Dateien\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Gemeinsame Dateien\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Basisschnittstelle Office V.5.1 Initialisierung.lnk = D:\DATEV\PROGRAMM\BSOffice\service\OfficeDiag.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DATEV-Hinweis Mitteilungsdienst.lnk = D:\DATEV\PROGRAMM\A0000007\DHNC.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DFÜ-Manager.lnk = D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RZ-Druckertreiber V.2.3.lnk = D:\DATEV\SYSTEM\RzpjWtch.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SkyUserDevmode-Update.lnk = D:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG) O4 - Startup: C:\Dokumente und Einstellungen\Kleine\Startmenü\Programme\Autostart\DATEV Arbeitsplatz.lnk = D:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe (DATEV eG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .IPC - C:\Programme\Mozilla Firefox\plugins\npideapl.dll (LINK & LINK Software) O15 - HKCU\..Trusted Domains: datev.at ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.at ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Vertrauenswürdige Sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625 (WUWebControl Class) O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} hxxp://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = steuer.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9D0406-15A2-4CF6-9051-634BCFAE2217}: NameServer = 192.168.2.2 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\dvinesasdgina.dll) - C:\Windows\system32\DvInesASDGina.Dll (DATEV eG) O20 - Winlogon\Notify\DVCCSA: DllName - (DVCCSAnotify002.dll) - C:\WINDOWS\System32\DVCCSAnotify002.dll (DATEV eG) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.15 10:28:20 | 000,022,528 | ---- | M] () - M:\AutoWiederherstellen-Speicherung von Dokument1.asd -- [ NTFS ] O33 - MountPoints2\##server#DVD\Shell - "" = AutoRun O33 - MountPoints2\##server#DVD\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##server#DVD\Shell\AutoRun\command - "" = O:\Start.exe O33 - MountPoints2\##server#VDVD1\Shell - "" = AutoRun O33 - MountPoints2\##server#VDVD1\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##server#VDVD1\Shell\AutoRun\command - "" = P:\Start.exe O33 - MountPoints2\##server#VDVD2\Shell - "" = AutoRun O33 - MountPoints2\##server#VDVD2\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##server#VDVD2\Shell\AutoRun\command - "" = Q:\Start.exe O33 - MountPoints2\{721DC7EC-A940-4292-B9E8-8EDBC7B0D817}\Shell - "" = AutoRun O33 - MountPoints2\{721DC7EC-A940-4292-B9E8-8EDBC7B0D817}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{721DC7EC-A940-4292-B9E8-8EDBC7B0D817}\Shell\AutoRun\command - "" = Q:\Browser.exe O33 - MountPoints2\{A5A58075-A1A9-42F9-B7C7-F527C13E5900}\Shell - "" = AutoRun O33 - MountPoints2\{A5A58075-A1A9-42F9-B7C7-F527C13E5900}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{A5A58075-A1A9-42F9-B7C7-F527C13E5900}\Shell\AutoRun\command - "" = P:\Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.19 12:27:08 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.18 16:08:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Malwarebytes [2012.07.18 16:08:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.18 16:08:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.07.18 16:08:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.07.18 16:08:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.07.10 14:07:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\AVG [2012.07.10 14:06:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG PC Tuneup 2011 [2012.07.06 11:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\searchquband [2012.07.06 11:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\AppData [2012.07.04 15:27:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\vlc [2012.07.04 15:26:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Lokale Einstellungen\Anwendungsdaten\Ilivid Player [2012.07.04 15:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\searchqutoolbar [2012.07.04 15:25:03 | 000,000,000 | ---D | C] -- C:\Programme\Searchqu Toolbar [2012.06.26 17:10:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Eigene Dateien\STEUER-KINDER [2012.06.25 16:26:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Simfy [2012.06.25 16:26:50 | 000,000,000 | ---D | C] -- C:\Programme\simfy [2012.06.25 16:26:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\simfy [2012.06.21 17:33:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.26 11:04:56 | 001,956,352 | ---- | C] (T.A.Kreutzer) -- C:\Programme\rüschi.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.19 15:35:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.19 15:31:06 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cce1c5fba3af7f.job [2012.07.19 15:06:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.19 09:18:43 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cce1c5fb9eedd7.job [2012.07.19 09:18:43 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Kleine Logon.job [2012.07.19 09:18:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.19 09:18:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2012.07.18 23:50:31 | 101,695,466 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012.07.18 17:16:09 | 000,002,837 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2012.07.18 16:20:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.07.18 16:08:38 | 000,000,790 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 11:24:50 | 000,005,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Kleine\Lokale Einstellungen\Anwendungsdaten\EmptySettings.xml [2012.07.17 11:50:06 | 000,252,851 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012.07.17 09:19:55 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.16 09:32:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.10 14:06:31 | 000,000,801 | ---- | M] () -- C:\Dokumente und Einstellungen\Kleine\Desktop\AVG PC Tuneup 2011.lnk [2012.07.03 14:12:37 | 000,000,021 | ---- | M] () -- C:\WINDOWS\DvInesKurusOleServer003.INI [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.25 16:27:00 | 000,000,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Kleine\.simfy [2012.06.25 16:26:50 | 000,000,606 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\simfy.lnk [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.18 16:08:38 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.10 14:06:38 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Kleine Logon.job [2012.07.10 14:06:31 | 000,000,801 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Desktop\AVG PC Tuneup 2011.lnk [2012.06.25 16:27:00 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\.simfy [2012.06.25 16:26:50 | 000,000,606 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\simfy.lnk [2012.05.10 10:32:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini.lock [2012.05.10 10:29:31 | 000,000,103 | ---- | C] () -- C:\WINDOWS\Setup_tmp.ini [2012.03.27 15:00:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wkoprog.INI [2012.02.21 10:54:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.29 12:47:48 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2011.11.02 10:58:10 | 000,000,068 | ---- | C] () -- C:\WINDOWS\WinInit.Ini [2011.10.24 19:02:47 | 000,347,590 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.10.24 17:45:34 | 001,127,948 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1950201299-3132168585-1572625380-1107-0.dat [2011.10.06 12:44:51 | 000,000,456 | -H-- | C] () -- C:\WINDOWS\br.bin [2011.08.11 14:11:35 | 000,030,601 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\x.exe [2011.05.26 11:22:21 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2011.05.26 11:22:21 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2011.05.26 11:22:21 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Lffpx90n.dll [2011.05.26 11:08:40 | 000,439,401 | ---- | C] () -- C:\Programme\rüschi.rar [2011.05.26 11:06:59 | 000,000,055 | ---- | C] () -- C:\Programme\obj.mrk [2011.05.26 11:06:59 | 000,000,054 | ---- | C] () -- C:\Programme\rüschi.ini [2011.05.17 12:35:13 | 000,000,915 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI [2011.05.16 09:42:06 | 000,000,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\govello20.properties [2011.03.10 23:30:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.11.13 16:40:48 | 000,005,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Lokale Einstellungen\Anwendungsdaten\EmptySettings.xml [2010.09.22 16:48:26 | 000,032,352 | ---- | C] () -- C:\WINDOWS\System32\JNILibrary.dll [2010.09.22 16:48:06 | 000,114,272 | ---- | C] () -- C:\WINDOWS\System32\INetCert.dll [2009.12.17 13:54:20 | 000,006,081 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\abspann_datev_idea.gif [2009.12.17 13:54:20 | 000,000,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\lastscreen.html [2009.12.17 13:54:20 | 000,000,105 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\lastscreen.ikf [2009.07.07 09:53:38 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\setup_ldm.iss [2008.10.27 13:53:49 | 000,000,094 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\BEVI.CFG [2008.08.19 16:22:56 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\.rnd [2008.07.09 12:27:10 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\default.pls [2008.02.13 14:44:56 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.02.12 13:24:55 | 000,055,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Kleine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.17 20:20:17 | 000,002,201 | ---- | C] () -- C:\Programme\Uninst.isu [2007.11.07 22:12:40 | 000,002,958 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== LOP Check ========== [2012.06.20 14:44:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search [2012.06.26 10:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012 [2011.11.30 15:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2009.05.14 13:38:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2012.07.17 15:41:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BeckRecherche 2010 [2012.07.05 09:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2009.01.05 16:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.03.15 09:21:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2011.10.12 13:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATEV [2012.03.08 15:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.02.15 16:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters [2012.04.26 13:19:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2007.11.08 13:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2012.07.19 11:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2009.02.24 11:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster [2012.05.10 10:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SFirm LOGS [2007.11.07 20:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SkyCom [2012.07.10 15:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.01.24 14:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.01.15 14:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Verlag Dr. Otto Schmidt [2009.03.25 17:42:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2012.01.20 14:10:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2010.03.31 11:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.08.31 12:33:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009.09.15 15:08:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.08 16:02:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.05.03 15:10:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.03.26 11:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Analyzer [2012.07.10 14:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\AVG [2011.12.06 16:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\AVG Secure Search [2011.12.06 16:37:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\AVG2012 [2009.06.25 16:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Azureus [2009.01.05 16:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Buhl Data Service [2009.01.05 16:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Buhl Data Service GmbH [2012.06.25 11:13:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Cflzsrl [2011.06.07 16:06:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Chipcardmaster [2008.10.14 14:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Citrix [2012.01.27 20:03:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\com.unitedinternet.ums.sms-mms-manager [2009.06.15 13:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\concept design [2010.11.16 13:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\DATEV [2010.11.13 15:24:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\DMS [2011.10.25 10:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Dropbox [2012.03.08 15:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\elsterformular [2008.02.07 15:49:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\FRITZ! [2008.02.28 17:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\GoodSync [2008.02.11 10:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Haufe [2011.01.04 15:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Haufe Mediengruppe [2012.05.15 16:13:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\ICAClient [2008.02.18 13:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Leadertech [2009.12.17 13:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\linkundlink [2009.02.09 18:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\OpenOffice.org [2012.07.06 11:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\searchquband [2012.07.06 11:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\searchqutoolbar [2008.11.26 19:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\ShadowProtect [2012.06.25 16:26:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Simfy [2010.11.18 14:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\TeamViewer [2008.02.28 15:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Teleca [2011.12.23 14:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Thinstall [2012.01.20 14:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\TuneUp Software [2011.03.17 14:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Windows Desktop Search [2011.03.17 19:46:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Windows Search [2011.09.27 14:48:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\XnView [2012.07.10 14:15:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kleine\Anwendungsdaten\Zsrlfyycf [2012.07.19 09:18:43 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On Kleine Logon.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.02.09 14:32:56 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\�ž [2010.02.09 14:32:56 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\�ž [2010.02.03 14:53:01 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\鏸ž [2010.02.03 14:53:01 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\鏸ž [2010.02.02 14:49:23 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\ [2010.02.02 14:49:23 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\ [2010.01.29 14:39:04 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\糀› [2010.01.29 14:39:04 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\糀› [2010.01.28 16:06:47 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?¢) -- C:\WINDOWS\System32\ᱰ¢ [2010.01.28 16:06:47 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?¢) -- C:\WINDOWS\System32\ᱰ¢ [2010.01.27 14:29:20 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ተŸ [2010.01.27 14:29:20 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ተŸ [2010.01.25 14:19:08 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\Ⅸɰ [2010.01.25 14:19:08 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\Ⅸɰ [2010.01.21 14:19:47 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?×) -- C:\WINDOWS\System32\孰× [2010.01.21 14:19:47 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?×) -- C:\WINDOWS\System32\孰× [2010.01.11 14:24:50 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Å) -- C:\WINDOWS\System32\㋐Å [2010.01.11 14:24:49 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Å) -- C:\WINDOWS\System32\㋐Å [2010.01.08 14:53:22 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ì) -- C:\WINDOWS\System32\㙘Ì [2010.01.08 14:53:22 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ì) -- C:\WINDOWS\System32\㙘Ì [2010.01.07 13:54:00 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\̙ [2010.01.07 13:54:00 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\̙ [2009.12.30 15:26:04 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ò) -- C:\WINDOWS\System32\敘Ò [2009.12.30 15:26:04 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ò) -- C:\WINDOWS\System32\敘Ò [2009.12.18 14:49:55 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ᱸŸ [2009.12.18 14:49:55 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ᱸŸ [2009.12.16 14:56:28 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\䀘È [2009.12.16 14:56:28 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?È) -- C:\WINDOWS\System32\䀘È [2009.12.14 16:03:25 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ú) -- C:\WINDOWS\System32\闠Ú [2009.12.14 16:03:25 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ú) -- C:\WINDOWS\System32\闠Ú [2009.12.09 15:21:40 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ž [2009.12.09 15:21:40 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\ž ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B4227B4 @Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9453D700 @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2< End of report > Die Files von EXTRAS.txt und Gmer.txt sowie das Scan-Resultat von essetsmartininstaller.exe hab ich als Anhang. Würde mich freuen wennn mir jemanden helfen kann. Viele Grüße und Danke im voraus Andreas |
|
20.07.2012, 17:52
| #2 |
| /// Malware-holic   | Taskmananger läuft nicht -Bedrohungen gefunden hi öffne malwarebytes, berichte, dort stehen alle logs, poste sie bitte.
__________________
__________________ |
|
23.07.2012, 09:05
| #3 |
| | Taskmananger läuft nicht -Bedrohungen gefunden Hallo ich hab die Log-Files von Malwarebytes in den anhängen eingefügt.
__________________Gruss Andreas |
|
| Themen zu Taskmananger läuft nicht -Bedrohungen gefunden |
| adobe, adobe flash player, avg, avg pc tuneup, avg secure search, avg security toolbar, bandoo, bho, bonjour, c:\windows\system32\cmd.exe, desktop, document, downloader, einstellungen, error, explorer, firefox, flash player, format, google earth, gruppe, homepage, index, langs, logfile, malwarebytes, microsoft, mozilla, photoshop, plug-in, problem, realtek, registry, searchqu toolbar, searchscopes, secure, secure search, senden, sfirm, vtoolbarupdater, winlogon, wrapper |
Linear-Darstellung
