| |
| |||||||
Log-Analyse und Auswertung: Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.08.2012, 18:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.08.2012, 20:11
| #17 |
 | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Hallo,
__________________hier die Logs: Code:
ATTFilter OTL logfile created on: 08.08.2012 21:24:00 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,30 Mb Total Physical Memory | 217,86 Mb Available Physical Memory | 42,61% Memory free 1,22 Gb Paging File | 0,99 Gb Available in Paging File | 81,09% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 43,28 Gb Total Space | 5,77 Gb Free Space | 13,34% Space Free | Partition Type: NTFS Drive D: | 28,76 Gb Total Space | 13,20 Gb Free Space | 45,88% Space Free | Partition Type: NTFS Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *******MAIER2 | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.08 21:21:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe PRC - [2011.08.05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe PRC - [2011.08.05 13:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- c:\Programme\Zune\ZuneBusEnum.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.09.15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.09.08 15:47:28 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006.08.10 23:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2006.08.10 17:10:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2005.08.07 14:38:28 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2005.06.03 01:31:50 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.06.03 01:26:58 | 000,245,760 | ---- | M] (Intel) -- C:\Programme\Intel\Wireless\Bin\1XConfig.exe PRC - [2005.05.31 22:50:54 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EOUWiz.exe PRC - [2005.05.31 22:50:16 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe PRC - [2005.05.31 22:46:16 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2004.12.22 01:23:38 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe ========== Modules (No Company Name) ========== MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2006.08.10 23:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe MOD - [2006.08.10 17:10:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe MOD - [2005.11.15 20:14:56 | 000,010,752 | ---- | M] () -- C:\Programme\Microsoft ActiveSync\rapiproxystub.dll MOD - [2005.06.03 01:27:02 | 000,073,728 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL MOD - [2005.01.25 11:49:54 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\libeay32.dll MOD - [2004.05.27 22:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2012.08.03 23:03:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.08.05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.08.05 13:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Zune\ZuneBusEnum.exe -- (ZuneBusEnum) SRV - [2011.05.25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.01.21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.01.07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008.12.01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2006.09.08 15:47:28 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.08.07 14:38:28 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2005.06.20 23:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.05.31 22:50:16 | 000,098,304 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe -- (OwnershipProtocol) SRV - [2005.04.20 05:27:44 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Video3D.sys -- (Video3D) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010.06.17 08:38:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.07.04 10:33:24 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2009.04.03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.01.02 13:13:52 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.12.26 11:57:16 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt) DRV - [2008.12.26 11:57:14 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec) DRV - [2008.12.26 11:57:10 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006.04.21 13:51:19 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV06.sys -- (ACEDRV06) DRV - [2006.03.16 14:24:06 | 004,249,088 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2005.09.09 10:10:18 | 000,008,246 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan) DRV - [2005.08.26 13:45:16 | 000,720,438 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini) DRV - [2005.06.09 14:10:56 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2005.05.03 07:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.04.30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.02.18 00:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005.01.16 17:48:00 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005.01.16 17:48:00 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.01.16 17:48:00 | 000,163,328 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.10.15 19:26:00 | 000,057,088 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\R592.sys -- (R592) DRV - [2004.10.15 19:26:00 | 000,027,264 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdpntk.sys -- (risdpntk) DRV - [2004.08.12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA) DRV - [2004.06.01 21:04:00 | 000,142,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp) DRV - [2004.03.11 17:24:14 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) DRV - [2003.08.19 23:28:50 | 000,014,220 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2002.07.15 11:43:06 | 000,073,660 | ---- | M] (elmeg Kommunikationstechnik) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElgTaDrv.sys -- (ElgTaDrv) DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX) DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=1D78ED7E-7EA2-4227-B8BB-F5C5629D9CCB&apn_sauid=D36A4394-671E-4DA1-B555-9450A5ED0688& IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;localhost ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Search-Results" FF - prefs.js..browser.search.defaultenginename: "Search-Results" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Search-Results" FF - prefs.js..browser.search.selectedEngine: "Search-Results" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.search-results.com/?l=dis&o=41648036" FF - prefs.js..extensions.asktb.ff-original-keyword-url: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.3.21 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132 FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=1D78ED7E-7EA2-4227-B8BB-F5C5629D9CCB&apn_ptnrs=96&apn_sauid=D36A4394-671E-4DA1-B555-9450A5ED0688&apn_dtid=YYYYYYYYDE&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.16 08:59:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.05 09:06:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.26 15:03:23 | 000,000,000 | ---D | M] [2011.11.29 08:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions [2012.02.18 18:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions [2011.11.29 08:18:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2007.11.11 20:43:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.11.29 08:17:52 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\quickdrag@mozilla.ktechcomputing.com [2011.11.29 08:16:35 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com [2012.03.06 16:53:31 | 000,003,367 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\searchplugins\search-results.xml [2012.02.18 18:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2007.09.12 11:16:22 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (no name) - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\Programme\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel AG) O3 - HKLM\..\Toolbar: (&klickTel Toolbar) - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\Programme\klickTel\klickTel Toolbar\kttoolbar.dll (klickTel AG) O3 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [Google Updater] C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [Wireless Console] C:\Programme\ASUS\Wireless Console\wcourier.exe () O4 - HKLM..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd File not found O4 - HKLM..\Run: [Zune Launcher] c:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.) O15 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..Trusted Domains: ([]msn in My Computer) O15 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..Trusted Domains: fritz.box ([]* in Local intranet) O16 - DPF: {579FC5F5-F9FE-451C-A0DC-2F7FF46F9597} hxxp://xvectormap.ptv.de/xvectormap/PTVxVectorMap20.cab (PTV xVectorMap Plugin 2.0) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DE76076-DBDE-44EF-AC19-36D5CF594ECA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Programme\Intel\Wireless\Bin\LgNotify.dll) - C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*****\Eigene Dateien\Eigene Bilder\meineKinder.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*****\Eigene Dateien\Eigene Bilder\meineKinder.bmp O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.14 03:23:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "spmgr" MsConfig - Services: "sdCoreService" MsConfig - Services: "sdAuxService" MsConfig - Services: "MDM" MsConfig - Services: "LightScribeService" MsConfig - Services: "gusvc" MsConfig - Services: "GoogleDesktopManager" MsConfig - Services: "WMPNetworkSvc" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS ChkMail.lnk - C:\Programme\ASUS\Asus ChkMail\ChkMail.exe - (asus) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk - C:\Programme\Google\Google Updater\GoogleUpdater.exe - (Google) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware Info Service.lnk - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe - (Lexware GmbH & Co. KG) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VR-NetWorld Auftragsprüfung.lnk - - File not found MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: ASUS Live Update - hkey= - key= - C:\Programme\ASUS\ASUS Live Update\ALU.exe () MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: GameFace Messenger - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found MsConfig - StartUpReg: NB Probe - hkey= - key= - C:\Programme\ASUS\NB Probe\NBProbe.exe () MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Power_Gear - hkey= - key= - C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: MSACM.CEGSM - mobilev.acm File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.asv2 - asusasv2.dll File not found Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.08 21:21:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.08.08 21:16:14 | 000,000,000 | ---D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\WPDNSE [2012.08.07 00:24:31 | 000,000,000 | -H-D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\Temporäres Verzeichnis 5 für wirelesskeyview.zip [2012.08.07 00:14:00 | 000,000,000 | ---D | C] -- C:\Programme\Direct Registry Browser [2012.08.07 00:14:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Direct Registry Browser [2012.08.07 00:13:38 | 000,563,962 | ---- | C] (SysDevSoftware Ltd. ) -- C:\Dokumente und Einstellungen\*****\Desktop\dreg.exe [2012.08.06 22:54:29 | 000,000,000 | -H-D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\Temporäres Verzeichnis 3 für wirelesskeyview.zip [2012.08.06 22:18:00 | 000,000,000 | -H-D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\Temporäres Verzeichnis 4 für wirelesskeyview.zip [2012.08.06 22:09:05 | 000,000,000 | -H-D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\Temporäres Verzeichnis 2 für wirelesskeyview.zip [2012.08.06 21:54:59 | 000,000,000 | -H-D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\Temporäres Verzeichnis 1 für wirelesskeyview.zip [2012.08.04 00:19:58 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.27 23:56:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes [2012.07.27 23:54:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.07.27 23:54:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.07.27 23:54:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.27 23:54:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.07.19 11:56:14 | 000,000,000 | ---D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\Khfspiyrwny [2012.07.19 11:49:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Pzchk [2012.07.17 13:36:02 | 001,844,976 | ---- | C] (MedienTeam66) -- C:\DOKUME~1\*****\LOKALE~1\Temp\ABCofPics.exe [2012.07.17 13:14:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Franzis [2011.05.25 11:22:20 | 003,295,968 | ---- | C] (Systweak Inc ) -- C:\Programme\Adobe Bildbearbeitung.exe [2010.01.16 13:41:59 | 003,122,816 | ---- | C] (Hewlett Packard) -- C:\Programme\bi11033ge.exe [2006.04.24 12:08:22 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\DAO350.DLL [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1133 C:\DOKUME~1\*****\LOKALE~1\Temp\*.tmp files -> C:\DOKUME~1\*****\LOKALE~1\Temp\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.08 21:21:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.08.08 21:19:38 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7EB811A9-8AB6-4C9E-BC32-DAAB0C61137A}.job [2012.08.08 21:16:10 | 000,037,106 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.08.08 21:16:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.08 21:16:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.08 21:15:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.08 21:15:48 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys [2012.08.07 21:06:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 21:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.07 00:13:52 | 000,563,962 | ---- | M] (SysDevSoftware Ltd. ) -- C:\Dokumente und Einstellungen\*****\Desktop\dreg.exe [2012.08.06 22:09:00 | 000,057,947 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\wirelesskeyview.zip [2012.08.05 09:58:26 | 000,614,903 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\adwcleaner.exe [2012.08.01 22:51:25 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2012.07.28 01:12:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\defogger_reenable [2012.07.27 23:54:50 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.27 23:30:50 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\ukm2ptpr.exe [2012.07.21 16:45:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.07.18 09:01:01 | 000,477,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.17 14:27:42 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Desktop\Microsoft Word.lnk [2012.07.17 13:40:48 | 000,000,054 | ---- | M] () -- C:\WINDOWS\ABC of Pics Photo-CD-Viewer [2012.07.17 13:31:03 | 000,001,722 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kreativ Drucken Pro.lnk [2012.07.12 16:09:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.06 23:29:34 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT4C.xml [2012.08.06 23:29:34 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT4A.xml [2012.08.06 23:29:34 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT4B.xml [2012.08.06 23:17:53 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT2D.xml [2012.08.06 23:17:53 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT2B.xml [2012.08.06 23:17:53 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT2C.xml [2012.08.06 23:17:34 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT2A.xml [2012.08.06 23:17:34 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT28.xml [2012.08.06 23:17:34 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT29.xml [2012.08.06 23:17:31 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT27.xml [2012.08.06 23:17:31 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT25.xml [2012.08.06 23:17:31 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT26.xml [2012.08.06 23:17:24 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT24.xml [2012.08.06 23:17:24 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT22.xml [2012.08.06 23:17:24 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT23.xml [2012.08.06 23:17:01 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT21.xml [2012.08.06 23:17:01 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT1F.xml [2012.08.06 23:17:01 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT20.xml [2012.08.06 23:16:40 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT1C.xml [2012.08.06 23:16:40 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT1A.xml [2012.08.06 23:16:40 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT1B.xml [2012.08.06 21:54:52 | 000,057,947 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\wirelesskeyview.zip [2012.08.06 19:51:45 | 000,000,636 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\Uninst.bat [2012.08.05 09:58:14 | 000,614,903 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\adwcleaner.exe [2012.08.01 23:08:27 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT5E.xml [2012.08.01 23:08:27 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT5C.xml [2012.08.01 23:08:27 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT5D.xml [2012.08.01 23:07:26 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT49.xml [2012.08.01 23:07:26 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT47.xml [2012.08.01 23:07:26 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT48.xml [2012.08.01 23:07:07 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT46.xml [2012.08.01 23:07:07 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT44.xml [2012.08.01 23:07:07 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT45.xml [2012.08.01 23:06:46 | 000,797,676 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT43.xml [2012.08.01 23:06:46 | 000,002,036 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT41.xml [2012.08.01 23:06:46 | 000,000,426 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\IMT42.xml [2012.07.28 01:34:40 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Desktop\ukm2ptpr.exe [2012.07.28 01:12:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\defogger_reenable [2012.07.27 23:54:50 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.21 16:45:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.07.19 14:54:03 | 000,840,596 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\1082263E484341534553.$$0 [2012.07.17 13:40:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\ABC of Pics Photo-CD-Viewer [2012.07.17 13:36:03 | 000,871,730 | R--- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\ABCofPics.chm [2012.07.17 13:36:03 | 000,000,116 | RH-- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\ABCofPics.ini [2012.07.17 13:31:03 | 000,001,722 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kreativ Drucken Pro.lnk [2012.02.17 10:40:39 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012.02.17 10:40:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012.02.17 10:40:12 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012.02.17 10:40:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2012.02.17 10:38:34 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat [2012.02.17 10:38:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2012.02.17 10:38:13 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2012.02.17 10:38:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012.02.17 10:34:52 | 000,031,864 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2012.02.17 10:30:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.17 08:21:06 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011.10.17 08:19:41 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2011.08.16 13:30:56 | 000,001,302 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini [2011.06.08 10:06:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Pcrk32.INI [2010.08.05 09:10:32 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Frameworks [2010.08.05 09:10:32 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Folder Actions Handlers [2010.08.05 09:10:32 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdw.DAT [2010.08.05 09:10:32 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grapher [2010.08.05 09:07:46 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fonts [2010.08.05 09:07:46 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Flowers [2010.08.05 09:07:46 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT [2010.08.05 09:07:46 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Galaxy Swirl [2010.01.02 12:49:42 | 001,591,280 | ---- | C] () -- C:\Programme\suresupply_2_2_0_0000_dede.exe [2008.12.16 18:52:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2008.02.10 17:32:45 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2007.04.20 15:13:31 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\$_hpcst$.hpc [2006.04.26 17:19:10 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.04.26 17:15:51 | 000,000,258 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\.java.policy [2006.04.26 15:08:07 | 000,000,644 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html [2006.04.24 12:07:30 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2006.12.21 12:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2010.08.05 09:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2007.02.16 17:29:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.10.17 08:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.08.05 09:09:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2012.07.08 15:10:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\POIbase [2012.02.17 10:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.07.28 01:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.08.05 09:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2006.04.23 10:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xVectorMap [2011.05.25 11:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.07.07 21:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Garmin [2009.01.29 14:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\klickTel [2006.07.18 10:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\LaserWare [2007.07.16 13:36:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Leadertech [2006.12.21 10:47:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Lexware [2007.03.01 18:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\map&guide [2006.06.15 19:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MSNInstaller [2010.08.05 09:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Nikon [2011.01.11 12:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\PTV AG [2012.07.28 01:04:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Pzchk [2008.12.30 18:05:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Samsung [2006.10.19 15:39:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sigel [2011.05.25 18:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Systweak [2012.08.08 21:19:38 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7EB811A9-8AB6-4C9E-BC32-DAAB0C61137A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.25 11:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Adobe [2007.01.11 16:14:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\AdobeUM [2010.08.05 09:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ArcSoft [2011.05.25 11:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant [2006.04.21 13:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\CyberLink [2012.07.07 21:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Garmin [2007.09.12 12:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Google [2006.09.19 16:40:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Help [2006.04.14 03:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Identities [2006.12.21 10:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\InstallShield [2006.04.14 03:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Intel [2009.01.29 14:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\klickTel [2006.07.18 10:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\LaserWare [2007.07.16 13:36:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Leadertech [2006.12.21 10:47:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Lexware [2006.04.14 03:47:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Macromedia [2012.07.27 23:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes [2007.03.01 18:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\map&guide [2012.08.06 22:29:23 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft [2011.11.29 08:15:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla [2006.04.26 14:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MSN6 [2006.06.15 19:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MSNInstaller [2010.08.05 09:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Nikon [2007.09.12 11:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\PC Tools [2011.01.11 12:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\PTV AG [2012.07.28 01:04:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Pzchk [2008.12.30 18:05:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Samsung [2006.10.19 15:39:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sigel [2006.05.06 10:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun [2006.04.14 03:40:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Symantec [2011.05.25 18:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Systweak [2007.10.25 16:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Talkback < %APPDATA%\*.exe /s > [2007.01.10 15:23:58 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2011.05.25 11:48:31 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2006.12.21 12:45:05 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft\Installer\{09B71899-5174-4995-AD57-B326C128584C}\ARPPRODUCTICON.exe [2010.08.05 09:13:26 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe [2010.08.05 09:12:32 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe [2010.08.05 09:14:10 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe [2009.01.29 14:30:39 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Microsoft\Installer\{F6ADC1FC-4FAC-456D-8076-3176BB926FC0}\ARPPRODUCTICON.exe [2006.06.15 19:23:26 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009.03.01 11:25:36 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2009.03.01 11:25:36 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009.03.01 11:25:36 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2009.03.01 11:25:36 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.04.14 03:14:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.04.14 03:14:52 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.04.14 03:14:52 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4 @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.08.2012 21:24:00 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,30 Mb Total Physical Memory | 217,86 Mb Available Physical Memory | 42,61% Memory free
1,22 Gb Paging File | 0,99 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 43,28 Gb Total Space | 5,77 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
Drive D: | 28,76 Gb Total Space | 13,20 Gb Free Space | 45,88% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: *******MAIER2 | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}" = MOTORRAD Tourenplaner 2008/2009
"{08B4EE6E-4FC3-4C21-A8AE-81D7F5AF4F3E}" = Lexware financial office Juli 2006a
"{09B71899-5174-4995-AD57-B326C128584C}" = klickTel Toolbar
"{0A7353C1-0C5C-45E8-BCE0-1559916CC7E8}" = Lexware financial office 2007
"{0D93041A-03EC-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}" = Lexware reisekosten 2007
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{231BBAA0-132F-4585-B9C4-A9E1482C191B}" = Lexware reisekosten 2007
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{292E9A86-A2A7-4457-96A5-57C197A48799}" = Lexware reisekosten 2007
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{331BDE5C-4C2E-4948-9C65-E6ACB327F46F}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{35B3AAB5-D879-45EF-9329-877B7A1625F4}" = Lexware financial office Juli 2006a
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{404F670E-3D94-4082-A6F0-92DD0BC73B34}" = Falk Navigator 2
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{496BE58C-60E9-4203-AC5E-F076222A242B}" = Lexware financial office 2007
"{4C45400F-57EB-4ABE-A7A5-C851C743F63F}" = MOTORRAD Tourenplaner 2006/2007 ServicePack 2
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{61F0CD5D-AFEC-4F3A-9570-55C880EB9934}" = MOTORRAD Tourenplaner 2007/2008 ServicePack 2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64D6CF34-4F50-42EB-88C6-67B1E5CDF893}" = Lexware reisekosten 2007
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B965A10-A41C-443C-8A44-0AC4027EC945}" = Lexware reisekosten 2006
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E315D6D-0F1C-4C27-920B-807B4F57C8B2}" = Brother MFL-Pro Suite MFC-5890CN
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}" = Garmin POI Loader
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C17851D-8495-4827-8E9A-52722E2EEE7B}" = Lexware Dao 350 Dao 360
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9113E635-B38F-4397-9240-1C2CAE2E30D2}" = Lexware reisekosten 2006
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{956E6B68-AFA5-4192-BB4B-67261522E516}" = Lexware reisekosten 2006
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4ABD5F4-0CAC-4B1F-ABEC-E1A4435BCACA}" = Lexware financial office 2007
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A5B77165-D6BE-44AA-90C2-4927576E0B56}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista_2 (c:\SiLabs\MCU\CP210x\Windows_2K_XP_S2K3_Vista_2)
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A87869D7-B133-498C-A347-D9BE109FF6C8}" = USB2.0 1.3M Web Cam
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B3AA1D2E-210C-445F-8822-676DEBB3B9BD}" = Lexware financial office 2006
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi
"{BD8904CD-670C-443B-A352-375FA0D7B40D}" = MOTORRAD Tourenplaner 2006/2007 ServicePack 1
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF73B032-8D89-49D0-80F8-6C73DC1B0C20}" = Lexware financial office 2007
"{C08BD3F2-5CC0-45EA-996D-5E0101ABFEBD}" = Kreativ Drucken pro
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2CFD52D-1294-40E4-B0AE-0759DC34D8F5}" = Lexware financial office 2006
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3E82E5D-68A8-4313-BDD3-315591BE702D}" = Application Suite
"{D64E1E60-2D88-4624-B048-1F8A92138709}" = MOTORRAD Tourenplaner 2007/2008 ServicePack 1
"{D868C3D5-1D65-4383-92E8-B38BE5716AFB}" = Zusatzmodul GPS-Tourenplaner
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DC064A5D-ACAC-4B52-8EB7-0B06AE3856D8}" = Lexware reisekosten 2007
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F109A292-33BA-4A96-9C9F-1739AE72EB62}" = WIN-Tools - elmeg WIN-Tools V5.44
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{F6ADC1FC-4FAC-456D-8076-3176BB926FC0}" = klickTel for PDA
"{F99898C4-4620-404A-915B-01292FA1A657}" = Lexware financial office 2007
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Asus ChkMail" = Asus ChkMail
"ASUS Live Update" = ASUS Live Update
"Asus_A6_ScreenSaver" = Asus_A6_ScreenSaver
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Direct Registry Browser_is1" = Direct Registry Browser version 1.0
"elmeg TK-Anlagen Tapi Treiber" = elmeg TK-Anlagen Tapi Treiber
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"G+P-HVW3" = G+P-HVW3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KHB_BH_M" = Lexware know how buchhaltung mini
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 5.0.3.450 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"POIbase_is1" = POIbase 1.041
"ProInst" = Intel(R) PROSet/Wireless Software
"Sigel PaperDesigner deluxe" = Sigel PaperDesigner deluxe
"SLABCOMM" = CP2101 USB to UART Bridge Controller
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Spyware Doctor" = Spyware Doctor 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TB_MJ" = toolboxx Lexware minijobs
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinBankformular" = WinBankformular
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2012 12:36:56 | Computer Name = *******MAIER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul acropdf.dll, Version 9.5.1.283, Fehleradresse 0x000071c2.
Error - 15.07.2012 12:39:56 | Computer Name = *******MAIER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul acropdf.dll, Version 9.5.1.283, Fehleradresse 0x000071c2.
Error - 15.07.2012 12:51:35 | Computer Name = *******MAIER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul acropdf.dll, Version 9.5.1.283, Fehleradresse 0x0000dc9d.
Error - 15.07.2012 13:05:37 | Computer Name = *******MAIER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.07.2012 07:33:44 | Computer Name = *******MAIER2 | Source = MsiInstaller | ID = 1013
Description = Produkt: Adobe Reader 9.1 - Deutsch -- Setup hat eine funktionsreichere
Produktversion auf Ihrem System gefunden. Setup wird jetzt beendet.
Error - 19.07.2012 05:57:27 | Computer Name = *******MAIER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.07.2012 05:57:27 | Computer Name = *******MAIER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.07.2012 21:36:56 | Computer Name = *******MAIER2 | Source = WinMgmt | ID = 27
Description = Die Repositorydatei konnte nicht geöffnet werden. Mögliche Ursache
könnte mangelnder Sicherheitszugriff auf "<SystemRoot>\System32\WBEM\Repository"
sein, unzureichender Festplattenspeicher oder Arbeitsspeicher.
Error - 27.07.2012 21:38:40 | Computer Name = *******MAIER2 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error Initialisierung des COM-Subsystems ist fehlgeschlagen.
Error - 27.07.2012 22:03:57 | Computer Name = *******MAIER2 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error Initialisierung des COM-Subsystems fehlgeschlagen.
Fehlercode: 0x80080005
[ System Events ]
Error - 06.08.2012 17:17:34 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 06.08.2012 17:17:53 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 06.08.2012 17:17:57 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 06.08.2012 17:17:59 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 06.08.2012 17:17:59 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 06.08.2012 17:17:59 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 06.08.2012 17:18:00 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 06.08.2012 17:18:06 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {834128A2-51F4-11D0-8F20-00805F2CD064}
Error - 07.08.2012 14:44:54 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "gusvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
Error - 07.08.2012 14:47:22 | Computer Name = *******MAIER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
< End of report >
|
|
09.08.2012, 15:39
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Da sind ja immer noch Toolbars!
__________________ Bitte adwCleaner neu ausführen! Erst search, dann das neue Log posten
__________________ |
|
09.08.2012, 20:11
| #19 |
| | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt tatsächlich pfui, du siehst mehr als ich! Die klickTel und die Google-toolbar sind deaktiviert, scheint aber immernoch bereit zu stehen. Müssen die bars eventuell zum scan aktiviert sein dass sie erfasst werden? Hier die AdwClean-Suche Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/09/2012 at 22:08:58
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ***** - *******MAIER2
# Running from : C:\Dokumente und Einstellungen\*****\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [3615 octets] - [05/08/2012 09:59:12]
AdwCleaner[S1].txt - [3749 octets] - [06/08/2012 19:51:48]
AdwCleaner[R2].txt - [800 octets] - [09/08/2012 21:50:35]
AdwCleaner[R3].txt - [734 octets] - [09/08/2012 22:08:58]
########## EOF - C:\AdwCleaner[R3].txt - [861 octets] ##########
|
|
10.08.2012, 21:40
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Ok, das Tool findet die nicht, fixen wir mit OTL!  Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=1D78ED7E-7EA2-4227-B8BB-F5C5629D9CCB&apn_sauid=D36A4394-671E-4DA1-B555-9450A5ED0688&
FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.startup.homepage: "http://de.search-results.com/?l=dis&o=41648036"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132
FF - prefs.js..keyword.URL: "http://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=1D78ED7E-7EA2-4227-B8BB-F5C5629D9CCB&apn_ptnrs=96&apn_sauid=D36A4394-671E-4DA1-B555-9450A5ED0688&apn_dtid=YYYYYYYYDE&q="
FF - user.js - File not found
[2011.11.29 08:16:35 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com
[2012.03.06 16:53:31 | 000,003,367 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\searchplugins\search-results.xml
O3 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4162117845-1964137181-2199891391-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.14 03:23:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.07.19 11:56:14 | 000,000,000 | ---D | C] -- C:\DOKUME~1\*****\LOKALE~1\Temp\Khfspiyrwny
[2012.07.19 11:49:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Pzchk
[2012.07.17 13:36:02 | 001,844,976 | ---- | C] (MedienTeam66) -- C:\DOKUME~1\*****\LOKALE~1\Temp\ABCofPics.exe
[2012.07.19 14:54:03 | 000,840,596 | ---- | C] () -- C:\DOKUME~1\*****\LOKALE~1\Temp\1082263E484341534553.$$0
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 09:56
| #21 |
| | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Hallo Arne, gefixt und hiermit gepostet. Warum geht eigentlich der Taskmanager nicht, weder über STRG+ALT+ENTF oder Ausführen, noch über Direktklick im Windowsordner? Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4162117845-1964137181-2199891391-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7576B9D-B442-46bc-AF74-080A9E723E01}\ not found.
Prefs.js: "Search-Results" removed from browser.search.defaultengine
Prefs.js: "Search-Results" removed from browser.search.defaultenginename
Prefs.js: "Search-Results" removed from browser.search.order.1
Prefs.js: "Search-Results" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.search-results.com/?l=dis&o=41648036" removed from browser.startup.homepage
Prefs.js: toolbar@ask.com:3.13.1.18132 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=1D78ED7E-7EA2-4227-B8BB-F5C5629D9CCB&apn_ptnrs=96&apn_sauid=D36A4394-671E-4DA1-B555-9450A5ED0688&apn_dtid=YYYYYYYYDE&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-29-Nov-2011-06-16-36-GMT folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\extensions\toolbar@ask.com folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\searchplugins\search-results.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-4162117845-1964137181-2199891391-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4162117845-1964137181-2199891391-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Zshutdown deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4162117845-1964137181-2199891391-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\DOKUME~1\*****\LOKALE~1\Temp\Khfspiyrwny folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Pzchk folder moved successfully.
C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\ABCofPics.exe moved successfully.
C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\1082263E484341534553.$$0 moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FA5F15C4 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 9247371 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56582 bytes
User: found.000
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 14472044 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: *****
->Temp folder emptied: 1133398513 bytes
->Temporary Internet Files folder emptied: 59349130 bytes
->Java cache emptied: 11428592 bytes
->FireFox cache emptied: 97907033 bytes
->Flash cache emptied: 129927 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 3401607 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153075749 bytes
RecycleBin emptied: 341659145 bytes
Total Files Cleaned = 1.740,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: found.000
User: LocalService
User: NetworkService
User: *****
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.56.0 log created on 08122012_101636
Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\WCESLog.log moved successfully.
PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\WCESLog.log not found!
Registry entries deleted on Reboot...
|
|
12.08.2012, 13:53
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2012, 19:00
| #23 |
| | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Hi, die MovedFiles.zip_1 ist hochgeladen,ich hoffe das passt so.  Grüße Steffen |
|
16.08.2012, 08:41
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 17:38
| #25 |
| | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Hallo, hier, was rauskam  Grüße Code:
ATTFilter 18:31:12.0375 0904 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
18:31:12.0640 0904 ============================================================
18:31:12.0640 0904 Current date / time: 2012/08/16 18:31:12.0640
18:31:12.0640 0904 SystemInfo:
18:31:12.0640 0904
18:31:12.0640 0904 OS Version: 5.1.2600 ServicePack: 3.0
18:31:12.0640 0904 Product type: Workstation
18:31:12.0640 0904 ComputerName: SACHSENMAIER2
18:31:12.0640 0904 UserName: Walter
18:31:12.0640 0904 Windows directory: C:\WINDOWS
18:31:12.0640 0904 System windows directory: C:\WINDOWS
18:31:12.0640 0904 Processor architecture: Intel x86
18:31:12.0640 0904 Number of processors: 1
18:31:12.0640 0904 Page size: 0x1000
18:31:12.0640 0904 Boot type: Normal boot
18:31:12.0640 0904 ============================================================
18:31:14.0421 0904 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:31:14.0421 0904 ============================================================
18:31:14.0421 0904 \Device\Harddisk0\DR0:
18:31:14.0421 0904 MBR partitions:
18:31:14.0421 0904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4FAB05, BlocksNum 0x568FF92
18:31:14.0437 0904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5B8AAD6, BlocksNum 0x39839EB
18:31:14.0437 0904 ============================================================
18:31:14.0515 0904 C: <-> \Device\Harddisk0\DR0\Partition1
18:31:14.0609 0904 D: <-> \Device\Harddisk0\DR0\Partition2
18:31:14.0671 0904 ============================================================
18:31:14.0671 0904 Initialize success
18:31:14.0671 0904 ============================================================
18:32:01.0750 3804 ============================================================
18:32:01.0750 3804 Scan started
18:32:01.0750 3804 Mode: Manual; SigCheck; TDLFS;
18:32:01.0750 3804 ============================================================
18:32:02.0359 3804 ================ Scan services =============================
18:32:02.0515 3804 Abiosdsk - ok
18:32:02.0515 3804 abp480n5 - ok
18:32:02.0578 3804 ACDaemon - ok
18:32:02.0609 3804 [ 44010948bde6ade50dd1386657c73e83 ] ACEDRV06 C:\WINDOWS\system32\drivers\ACEDRV06.sys
18:32:02.0796 3804 ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning
18:32:02.0796 3804 ACEDRV06 - detected UnsignedFile.Multi.Generic (1)
18:32:02.0843 3804 [ ec818aed40e3359fe49ddb1700151e56 ] ACEDRV09 C:\WINDOWS\system32\drivers\ACEDRV09.sys
18:32:02.0937 3804 ACEDRV09 - ok
18:32:02.0984 3804 [ ac407f1a62c3a300b4f2b5a9f1d55b2c ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:32:03.0171 3804 ACPI - ok
18:32:03.0187 3804 [ 9e1ca3160dafb159ca14f83b1e317f75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:32:03.0359 3804 ACPIEC - ok
18:32:03.0421 3804 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:32:03.0468 3804 AdobeFlashPlayerUpdateSvc - ok
18:32:03.0468 3804 adpu160m - ok
18:32:03.0500 3804 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:32:03.0671 3804 aec - ok
18:32:03.0703 3804 [ 2c5c22990156a1063e19ad162191dc1d ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:32:03.0703 3804 AegisP ( UnsignedFile.Multi.Generic ) - warning
18:32:03.0703 3804 AegisP - detected UnsignedFile.Multi.Generic (1)
18:32:03.0734 3804 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:32:03.0781 3804 AFD - ok
18:32:03.0796 3804 Aha154x - ok
18:32:03.0812 3804 aic78u2 - ok
18:32:03.0812 3804 aic78xx - ok
18:32:03.0843 3804 [ 738d80cc01d7bc7584be917b7f544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:32:04.0015 3804 Alerter - ok
18:32:04.0031 3804 [ 190cd73d4984f94d823f9444980513e5 ] ALG C:\WINDOWS\System32\alg.exe
18:32:04.0187 3804 ALG - ok
18:32:04.0187 3804 AliIde - ok
18:32:04.0203 3804 amsint - ok
18:32:04.0203 3804 AppMgmt - ok
18:32:04.0234 3804 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:32:04.0375 3804 Arp1394 - ok
18:32:04.0406 3804 asc - ok
18:32:04.0406 3804 asc3350p - ok
18:32:04.0421 3804 asc3550 - ok
18:32:04.0546 3804 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:32:04.0593 3804 aspnet_state - ok
18:32:04.0625 3804 [ 59453b241885552f645fdff4a72f868c ] asuskbnt C:\WINDOWS\system32\drivers\atkkbnt.sys
18:32:04.0640 3804 asuskbnt ( UnsignedFile.Multi.Generic ) - warning
18:32:04.0640 3804 asuskbnt - detected UnsignedFile.Multi.Generic (1)
18:32:04.0656 3804 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:32:04.0796 3804 AsyncMac - ok
18:32:04.0812 3804 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:32:04.0953 3804 atapi - ok
18:32:04.0968 3804 Atdisk - ok
18:32:05.0015 3804 [ 3f23027d8f33754f6e084b6e59e0b0bf ] ATKKeyboardService C:\WINDOWS\ATKKBService.exe
18:32:07.0734 3804 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - warning
18:32:07.0734 3804 ATKKeyboardService - detected UnsignedFile.Multi.Generic (1)
18:32:07.0781 3804 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:32:07.0937 3804 Atmarpc - ok
18:32:07.0968 3804 [ 58ed0d5452df7be732193e7999c6b9a4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:32:08.0171 3804 AudioSrv - ok
18:32:08.0203 3804 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:32:08.0359 3804 audstub - ok
18:32:08.0421 3804 [ 0fcfbd0edaa188b3d652ddce6d16d866 ] Automatisches LiveUpdate - Scheduler C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
18:32:08.0468 3804 Automatisches LiveUpdate - Scheduler - ok
18:32:08.0500 3804 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:32:08.0656 3804 Beep - ok
18:32:08.0718 3804 [ d6f603772a789bb3228f310d650b8bd1 ] BITS C:\WINDOWS\system32\qmgr.dll
18:32:08.0875 3804 BITS - ok
18:32:08.0921 3804 [ b42057f06bbb98b31876c0b3f2b54e33 ] Browser C:\WINDOWS\System32\browser.dll
18:32:09.0078 3804 Browser - ok
18:32:09.0109 3804 [ 92a964547b96d697e5e9ed43b4297f5a ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
18:32:09.0156 3804 BrScnUsb - ok
18:32:09.0187 3804 [ 1a5fc78e41840edf79d65ec16eff2787 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
18:32:09.0218 3804 BrSerIf - ok
18:32:09.0250 3804 [ a24c7b39602218f8dbdb2b6704325fc7 ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
18:32:09.0281 3804 BrUsbSer - ok
18:32:09.0312 3804 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:32:09.0437 3804 cbidf2k - ok
18:32:09.0484 3804 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:32:09.0625 3804 CCDECODE - ok
18:32:09.0640 3804 cd20xrnt - ok
18:32:09.0656 3804 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:32:09.0812 3804 Cdaudio - ok
18:32:09.0843 3804 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:32:09.0984 3804 Cdfs - ok
18:32:10.0015 3804 [ 4b0a100eaf5c49ef3cca8c641431eacc ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:32:10.0046 3804 Cdrom - ok
18:32:10.0046 3804 Changer - ok
18:32:10.0078 3804 [ 28e3040d1f1ca2008cd6b29dfebc9a5e ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:32:10.0218 3804 CiSvc - ok
18:32:10.0250 3804 [ 778a30ed3c134eb7e406afc407e9997d ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:32:10.0406 3804 ClipSrv - ok
18:32:10.0437 3804 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:32:10.0546 3804 clr_optimization_v2.0.50727_32 - ok
18:32:10.0578 3804 CLTNetCnService - ok
18:32:10.0609 3804 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:32:10.0750 3804 CmBatt - ok
18:32:10.0765 3804 CmdIde - ok
18:32:10.0765 3804 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:32:10.0937 3804 Compbatt - ok
18:32:10.0937 3804 COMSysApp - ok
18:32:10.0953 3804 Cpqarray - ok
18:32:10.0968 3804 [ 611f824e5c703a5a899f84c5f1699e4d ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:32:11.0109 3804 CryptSvc - ok
18:32:11.0125 3804 dac2w2k - ok
18:32:11.0125 3804 dac960nt - ok
18:32:11.0187 3804 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:32:11.0250 3804 DcomLaunch - ok
18:32:11.0281 3804 [ c29a1c9b75ba38fa37f8c44405dec360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:32:11.0437 3804 Dhcp - ok
18:32:11.0453 3804 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:32:11.0609 3804 Disk - ok
18:32:11.0609 3804 dmadmin - ok
18:32:11.0687 3804 [ 0dcfc8395a99fecbb1ef771cec7fe4ea ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:32:11.0890 3804 dmboot - ok
18:32:11.0921 3804 [ 53720ab12b48719d00e327da470a619a ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:32:12.0062 3804 dmio - ok
18:32:12.0109 3804 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:32:12.0250 3804 dmload - ok
18:32:12.0281 3804 [ 25c83ffbba13b554eb6d59a9b2e2ee78 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:32:12.0453 3804 dmserver - ok
18:32:12.0484 3804 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:32:12.0625 3804 DMusic - ok
18:32:12.0687 3804 [ 407f3227ac618fd1ca54b335b083de07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:32:12.0765 3804 Dnscache - ok
18:32:12.0812 3804 [ 676e36c4ff5bcea1900f44182b9723e6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:32:12.0968 3804 Dot3svc - ok
18:32:13.0015 3804 [ 3e4b043f8bc6be1d4820cc6c9c500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:32:13.0187 3804 dot4 - ok
18:32:13.0218 3804 [ 77ce63a8a34ae23d9fe4c7896d1debe7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:32:13.0375 3804 Dot4Print - ok
18:32:13.0421 3804 [ bd05306428da63369692477ddc0f6f5f ] Dot4Scan C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
18:32:13.0562 3804 Dot4Scan - ok
18:32:13.0609 3804 [ 29e86af2f3457d0441348020fe3cfbd0 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
18:32:13.0796 3804 dot4usb - ok
18:32:13.0796 3804 dpti2o - ok
18:32:13.0828 3804 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:32:13.0953 3804 drmkaud - ok
18:32:13.0984 3804 [ 4e4f2fddab0a0736d7671134dcce91fb ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:32:14.0140 3804 EapHost - ok
18:32:14.0203 3804 [ 089296aedb9b72b4916ac959752bdc89 ] eeCtrl C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
18:32:14.0250 3804 eeCtrl - ok
18:32:14.0281 3804 [ b687f79cb390e103af36dcbb5c417044 ] ElgTaDrv C:\WINDOWS\system32\Drivers\ElgTaDrv.sys
18:32:14.0296 3804 ElgTaDrv ( UnsignedFile.Multi.Generic ) - warning
18:32:14.0296 3804 ElgTaDrv - detected UnsignedFile.Multi.Generic (1)
18:32:14.0328 3804 [ 877c18558d70587aa7823a1a308ac96b ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:32:14.0468 3804 ERSvc - ok
18:32:14.0500 3804 [ a3edbe9053889fb24ab22492472b39dc ] Eventlog C:\WINDOWS\system32\services.exe
18:32:14.0546 3804 Eventlog - ok
18:32:14.0593 3804 [ af4f6b5739d18ca7972ab53e091cbc74 ] EventSystem C:\WINDOWS\system32\es.dll
18:32:14.0625 3804 EventSystem - ok
18:32:14.0671 3804 [ 76956ed607efe8f73d657de75018d94f ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
18:32:14.0703 3804 EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:32:14.0703 3804 EvtEng - detected UnsignedFile.Multi.Generic (1)
18:32:14.0750 3804 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:32:14.0890 3804 Fastfat - ok
18:32:14.0937 3804 [ 2db7d303c36ddd055215052f118e8e75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:32:14.0968 3804 FastUserSwitchingCompatibility - ok
18:32:15.0000 3804 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:32:15.0140 3804 Fdc - ok
18:32:15.0156 3804 [ b0678a548587c5f1967b0d70bacad6c1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:32:15.0312 3804 Fips - ok
18:32:15.0546 3804 [ 167d24a045499ebef438f231976158df ] FirebirdServerMAGIXInstance C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
18:32:15.0718 3804 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
18:32:15.0718 3804 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
18:32:15.0750 3804 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:32:15.0890 3804 Flpydisk - ok
18:32:15.0937 3804 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:32:16.0109 3804 FltMgr - ok
18:32:16.0171 3804 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:32:16.0203 3804 FontCache3.0.0.0 - ok
18:32:16.0218 3804 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:32:16.0359 3804 Fs_Rec - ok
18:32:16.0390 3804 [ 8f1955ce42e1484714b542f341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:32:16.0531 3804 Ftdisk - ok
18:32:16.0593 3804 [ 7bec703f31e1d441db16886c9aa4cba9 ] getPlus(R) Helper C:\Programme\NOS\bin\getPlus_HelperSvc.exe
18:32:16.0640 3804 getPlus(R) Helper - ok
18:32:16.0718 3804 [ 108a784ff664a83329549e5883c84cfd ] ghaio C:\Programme\ASUS\NB Probe\SPM\ghaio.sys
18:32:16.0750 3804 ghaio ( UnsignedFile.Multi.Generic ) - warning
18:32:16.0750 3804 ghaio - detected UnsignedFile.Multi.Generic (1)
18:32:16.0875 3804 [ d8cd4a6f464dff4b38784ae488bdeb61 ] GoogleDesktopManager C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
18:32:17.0015 3804 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
18:32:17.0015 3804 GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
18:32:17.0046 3804 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:32:17.0203 3804 Gpc - ok
18:32:17.0250 3804 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
18:32:17.0265 3804 gupdate - ok
18:32:17.0281 3804 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
18:32:17.0296 3804 gupdatem - ok
18:32:17.0359 3804 [ 408ddd80eede47175f6844817b90213e ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
18:32:17.0390 3804 gusvc - ok
18:32:17.0421 3804 [ 2a013e7530beab6e569faa83f517e836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
18:32:17.0468 3804 HdAudAddService - ok
18:32:17.0500 3804 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:32:17.0671 3804 HDAudBus - ok
18:32:17.0750 3804 [ cb66bf85bf599befd6c6a57c2e20357f ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:32:17.0906 3804 helpsvc - ok
18:32:17.0937 3804 [ b35da85e60c0103f2e4104532da2f12b ] HidServ C:\WINDOWS\System32\hidserv.dll
18:32:18.0093 3804 HidServ - ok
18:32:18.0125 3804 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:32:18.0281 3804 HidUsb - ok
18:32:18.0312 3804 [ ed29f14101523a6e0e808107405d452c ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:32:18.0453 3804 hkmsvc - ok
18:32:18.0453 3804 hpn - ok
18:32:18.0484 3804 [ 88da551b653fce4fc56f9389a5c858b7 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:32:18.0515 3804 HSFHWAZL - ok
18:32:18.0578 3804 [ 0d90b6c780156723e0991752ad94d278 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:32:18.0718 3804 HSF_DP - ok
18:32:18.0781 3804 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:32:18.0812 3804 HTTP - ok
18:32:18.0843 3804 [ 9e4adb854cebcfb81a4b36718feecd16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:32:19.0000 3804 HTTPFilter - ok
18:32:19.0000 3804 i2omgmt - ok
18:32:19.0015 3804 i2omp - ok
18:32:19.0046 3804 [ e283b97cfbeb86c1d86baed5f7846a92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:32:19.0187 3804 i8042prt - ok
18:32:19.0281 3804 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:32:19.0328 3804 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:32:19.0328 3804 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:32:19.0468 3804 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:32:19.0578 3804 idsvc - ok
18:32:19.0625 3804 [ ff9f262494fc23d77a6148d49d87d2de ] IKFileSec C:\WINDOWS\system32\drivers\ikfilesec.sys
18:32:19.0640 3804 IKFileSec - ok
18:32:19.0687 3804 [ 7e359671fd9595ecb1b0a33fb4184b19 ] IKSysFlt C:\WINDOWS\system32\drivers\iksysflt.sys
18:32:19.0703 3804 IKSysFlt - ok
18:32:19.0734 3804 [ a44cb3cf3af266665261a6e6c9cac27c ] IKSysSec C:\WINDOWS\system32\drivers\iksyssec.sys
18:32:19.0750 3804 IKSysSec - ok
18:32:19.0796 3804 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:32:19.0937 3804 Imapi - ok
18:32:19.0968 3804 [ d4b413aa210c21e46aedd2ba5b68d38e ] ImapiService C:\WINDOWS\system32\imapi.exe
18:32:20.0140 3804 ImapiService - ok
18:32:20.0140 3804 ini910u - ok
18:32:20.0328 3804 [ a575138ad572c12cffa122b89a382b7e ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:32:20.0656 3804 IntcAzAudAddService - ok
18:32:20.0687 3804 [ 69c4e3c9e67a1f103b94e14fdd5f3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:32:20.0812 3804 IntelIde - ok
18:32:20.0843 3804 [ 4c7d2750158ed6e7ad642d97bffae351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:32:20.0984 3804 intelppm - ok
18:32:21.0015 3804 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:32:21.0156 3804 Ip6Fw - ok
18:32:21.0187 3804 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:32:21.0359 3804 IpFilterDriver - ok
18:32:21.0375 3804 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:32:21.0515 3804 IpInIp - ok
18:32:21.0531 3804 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:32:21.0687 3804 IpNat - ok
18:32:21.0718 3804 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:32:21.0859 3804 IPSec - ok
18:32:21.0875 3804 [ aca5e7b54409f9cb5eed97ed0c81120e ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
18:32:22.0046 3804 irda - ok
18:32:22.0062 3804 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:32:22.0203 3804 IRENUM - ok
18:32:22.0250 3804 [ 2efe1db1ec58a26b0c14bfda122e246f ] Irmon C:\WINDOWS\System32\irmon.dll
18:32:22.0390 3804 Irmon - ok
18:32:22.0421 3804 [ 0501f0b9ab08425f8c0eacbdcc04aa32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
18:32:22.0500 3804 irsir - ok
18:32:22.0515 3804 [ 6dfb88f64135c525433e87648bda30de ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:32:22.0656 3804 isapnp - ok
18:32:22.0687 3804 [ 872d090ca5c306f62d1982bce6302376 ] IWCA C:\WINDOWS\system32\DRIVERS\iwca.sys
18:32:22.0750 3804 IWCA - ok
18:32:22.0781 3804 [ 1704d8c4c8807b889e43c649b478a452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:32:22.0906 3804 Kbdclass - ok
18:32:22.0921 3804 [ b6d6c117d771c98130497265f26d1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:32:23.0062 3804 kbdhid - ok
18:32:23.0093 3804 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:32:23.0234 3804 kmixer - ok
18:32:23.0250 3804 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:32:23.0312 3804 KSecDD - ok
18:32:23.0343 3804 [ 2bbdcb79900990f0716dfcb714e72de7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:32:23.0375 3804 lanmanserver - ok
18:32:23.0406 3804 [ 1869b14b06b44b44af70548e1ea3303f ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:32:23.0437 3804 lanmanworkstation - ok
18:32:23.0437 3804 lbrtfdc - ok
18:32:23.0500 3804 [ 00944d59948596721d17510c94cd3e4f ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
18:32:23.0515 3804 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:32:23.0515 3804 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:32:23.0640 3804 [ fb3a35318ca7f6a10fa3c3826a69affe ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:32:23.0890 3804 LiveUpdate - ok
18:32:23.0921 3804 [ 636714b7d43c8d0c80449123fd266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:32:24.0046 3804 LmHosts - ok
18:32:24.0109 3804 [ f453d1e6d881e8f8717e20ccd4199e85 ] McComponentHostService C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
18:32:24.0140 3804 McComponentHostService - ok
18:32:24.0234 3804 [ 9e67d2ba2128777feca7bfeb0761c043 ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
18:32:24.0265 3804 MDM ( UnsignedFile.Multi.Generic ) - warning
18:32:24.0265 3804 MDM - detected UnsignedFile.Multi.Generic (1)
18:32:24.0281 3804 [ 3c318b9cd391371bed62126581ee9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:32:24.0312 3804 mdmxsdk - ok
18:32:24.0343 3804 [ b7550a7107281d170ce85524b1488c98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:32:24.0515 3804 Messenger - ok
18:32:24.0531 3804 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:32:24.0703 3804 mnmdd - ok
18:32:24.0734 3804 [ c2f1d365fd96791b037ee504868065d3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:32:24.0875 3804 mnmsrvc - ok
18:32:24.0921 3804 [ 6fb74ebd4ec57a6f1781de3852cc3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:32:25.0062 3804 Modem - ok
18:32:25.0078 3804 [ b24ce8005deab254c0251e15cb71d802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:32:25.0234 3804 Mouclass - ok
18:32:25.0265 3804 [ 66a6f73c74e1791464160a7065ce711a ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:32:25.0406 3804 mouhid - ok
18:32:25.0437 3804 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:32:25.0562 3804 MountMgr - ok
18:32:25.0562 3804 mraid35x - ok
18:32:25.0578 3804 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:32:25.0734 3804 MRxDAV - ok
18:32:25.0781 3804 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:32:25.0828 3804 MRxSmb - ok
18:32:25.0875 3804 [ 35a031af38c55f92d28aa03ee9f12cc9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:32:26.0015 3804 MSDTC - ok
18:32:26.0015 3804 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:32:26.0171 3804 Msfs - ok
18:32:26.0187 3804 [ 95c6432151ccff8617352f8e616a1aa4 ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
18:32:26.0359 3804 MSIRCOMM - ok
18:32:26.0359 3804 MSIServer - ok
18:32:26.0375 3804 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:32:26.0515 3804 MSKSSRV - ok
18:32:26.0531 3804 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:32:26.0671 3804 MSPCLOCK - ok
18:32:26.0703 3804 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:32:26.0843 3804 MSPQM - ok
18:32:26.0875 3804 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:32:27.0015 3804 mssmbios - ok
18:32:27.0046 3804 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:32:27.0218 3804 MSTEE - ok
18:32:27.0265 3804 [ e333010a50bf603acc350f6019e9ce02 ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
18:32:27.0281 3804 MTsensor - ok
18:32:27.0312 3804 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:32:27.0328 3804 Mup - ok
18:32:27.0359 3804 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:32:27.0531 3804 NABTSFEC - ok
18:32:27.0593 3804 [ 46bb15ae2ac7d025d6d2567b876817bd ] napagent C:\WINDOWS\System32\qagentrt.dll
18:32:27.0765 3804 napagent - ok
18:32:27.0812 3804 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:32:27.0953 3804 NDIS - ok
18:32:27.0968 3804 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:32:28.0109 3804 NdisIP - ok
18:32:28.0140 3804 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:32:28.0171 3804 NdisTapi - ok
18:32:28.0203 3804 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:32:28.0343 3804 Ndisuio - ok
18:32:28.0375 3804 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:32:28.0515 3804 NdisWan - ok
18:32:28.0562 3804 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:32:28.0609 3804 NDProxy - ok
18:32:28.0625 3804 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:32:28.0781 3804 NetBIOS - ok
18:32:28.0812 3804 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:32:28.0953 3804 NetBT - ok
18:32:28.0984 3804 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDE C:\WINDOWS\system32\netdde.exe
18:32:29.0125 3804 NetDDE - ok
18:32:29.0140 3804 [ 8ace4251bffd09ce75679fe940e996cc ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:32:29.0281 3804 NetDDEdsdm - ok
18:32:29.0312 3804 [ afb8261b56cba0d86aeb6df682af9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:32:29.0468 3804 Netlogon - ok
18:32:29.0515 3804 [ e6d88f1f6745bf00b57e7855a2ab696c ] Netman C:\WINDOWS\System32\netman.dll
18:32:29.0656 3804 Netman - ok
18:32:29.0734 3804 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:32:29.0765 3804 NetTcpPortSharing - ok
18:32:29.0781 3804 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:32:29.0921 3804 NIC1394 - ok
18:32:29.0968 3804 [ f1b67b6b0751ae0e6e964b02821206a3 ] Nla C:\WINDOWS\System32\mswsock.dll
18:32:30.0046 3804 Nla - ok
18:32:30.0093 3804 [ 1acf98d80e95add298832c7a8996b48c ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
18:32:30.0109 3804 nosGetPlusHelper - ok
18:32:30.0140 3804 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:32:30.0265 3804 Npfs - ok
18:32:30.0281 3804 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:32:30.0484 3804 Ntfs - ok
18:32:30.0500 3804 [ afb8261b56cba0d86aeb6df682af9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:32:30.0640 3804 NtLmSsp - ok
18:32:30.0703 3804 [ 56af4064996fa5bac9c449b1514b4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:32:30.0843 3804 NtmsSvc - ok
18:32:30.0875 3804 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
18:32:31.0031 3804 Null - ok
18:32:31.0187 3804 [ 9a9713705c888412a01e4b5ef1193959 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:32:31.0453 3804 nv - ok
18:32:31.0515 3804 [ 11b4fd6d2fc7d81885dc33ed2bd02d9d ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
18:32:31.0546 3804 NVSvc - ok
18:32:31.0578 3804 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:32:31.0750 3804 NwlnkFlt - ok
18:32:31.0750 3804 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:32:31.0906 3804 NwlnkFwd - ok
18:32:31.0953 3804 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:32:32.0109 3804 ohci1394 - ok
18:32:32.0140 3804 [ ac0720fef0e1626ca3b46901d77860ef ] OwnershipProtocol C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
18:32:32.0156 3804 OwnershipProtocol ( UnsignedFile.Multi.Generic ) - warning
18:32:32.0156 3804 OwnershipProtocol - detected UnsignedFile.Multi.Generic (1)
18:32:32.0171 3804 [ f84785660305b9b903fb3bca8ba29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:32:32.0312 3804 Parport - ok
18:32:32.0343 3804 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:32:32.0468 3804 PartMgr - ok
18:32:32.0500 3804 [ c2bf987829099a3eaa2ca6a0a90ecb4f ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:32:32.0656 3804 ParVdm - ok
18:32:32.0671 3804 [ 387e8dedc343aa2d1efbc30580273acd ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:32:32.0812 3804 PCI - ok
18:32:32.0828 3804 PCIDump - ok
18:32:32.0843 3804 [ 59ba86d9a61cbcf4df8e598c331f5b82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:32:32.0984 3804 PCIIde - ok
18:32:33.0000 3804 [ a2a966b77d61847d61a3051df87c8c97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:32:33.0125 3804 Pcmcia - ok
18:32:33.0156 3804 [ aa9cfa67850893fbb168b9c4e4c86952 ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
18:32:33.0187 3804 PCTCore - ok
18:32:33.0187 3804 PDCOMP - ok
18:32:33.0203 3804 PDFRAME - ok
18:32:33.0203 3804 PDRELI - ok
18:32:33.0218 3804 PDRFRAME - ok
18:32:33.0218 3804 perc2 - ok
18:32:33.0234 3804 perc2hib - ok
18:32:33.0265 3804 [ a3edbe9053889fb24ab22492472b39dc ] PlugPlay C:\WINDOWS\system32\services.exe
18:32:33.0281 3804 PlugPlay - ok
18:32:33.0296 3804 [ afb8261b56cba0d86aeb6df682af9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:32:33.0421 3804 PolicyAgent - ok
18:32:33.0468 3804 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:32:33.0609 3804 PptpMiniport - ok
18:32:33.0609 3804 [ afb8261b56cba0d86aeb6df682af9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:32:33.0750 3804 ProtectedStorage - ok
18:32:33.0750 3804 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:32:33.0906 3804 PSched - ok
18:32:33.0953 3804 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:32:34.0109 3804 Ptilink - ok
18:32:34.0125 3804 [ 49452bfcec22f36a7a9b9c2181bc3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:32:34.0140 3804 PxHelp20 - ok
18:32:34.0156 3804 ql1080 - ok
18:32:34.0156 3804 Ql10wnt - ok
18:32:34.0171 3804 ql12160 - ok
18:32:34.0171 3804 ql1240 - ok
18:32:34.0187 3804 ql1280 - ok
18:32:34.0218 3804 [ 0087f01d35a65b32393cc8bba46ee4a6 ] QV2KUX C:\WINDOWS\system32\DRIVERS\qv2kux.sys
18:32:34.0375 3804 QV2KUX - ok
18:32:34.0390 3804 [ 1f459f1c726790f6ca34a0fb3d50292d ] R592 C:\WINDOWS\system32\DRIVERS\R592.sys
18:32:34.0421 3804 R592 - ok
18:32:34.0437 3804 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:32:34.0593 3804 RasAcd - ok
18:32:34.0625 3804 [ f5ba6caccdb66c8f048e867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:32:34.0765 3804 RasAuto - ok
18:32:34.0796 3804 [ 0207d26ddf796a193ccd9f83047bb5fc ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:32:34.0890 3804 Rasirda - ok
18:32:34.0906 3804 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:32:35.0062 3804 Rasl2tp - ok
18:32:35.0093 3804 [ f9a7b66ea345726edb5862a46b1eccd5 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:32:35.0234 3804 RasMan - ok
18:32:35.0250 3804 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:32:35.0375 3804 RasPppoe - ok
18:32:35.0390 3804 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:32:35.0531 3804 Raspti - ok
18:32:35.0546 3804 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:32:35.0687 3804 Rdbss - ok
18:32:35.0718 3804 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:32:35.0859 3804 RDPCDD - ok
18:32:35.0906 3804 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:32:35.0937 3804 RDPWD - ok
18:32:35.0968 3804 [ 263af18af0f3db99f574c95f284ccec9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:32:36.0140 3804 RDSessMgr - ok
18:32:36.0171 3804 [ ed761d453856f795a7fe056e42c36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:32:36.0312 3804 redbook - ok
18:32:36.0359 3804 [ c04db32de1080dfd11f1f4322d6897a3 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
18:32:36.0375 3804 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:32:36.0375 3804 RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:32:36.0437 3804 [ 0e97ec96d6942ceec2d188cc2eb69a01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:32:36.0578 3804 RemoteAccess - ok
18:32:36.0593 3804 [ 66ab0104acd972c415662941176932f5 ] risdpntk C:\WINDOWS\system32\DRIVERS\risdpntk.sys
18:32:36.0609 3804 risdpntk - ok
18:32:36.0640 3804 [ 2a02e21867497df20b8fc95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:32:36.0781 3804 RpcLocator - ok
18:32:36.0828 3804 [ 3127afbf2c1ed0ab14a1bbb7aaecb85b ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:32:36.0859 3804 RpcSs - ok
18:32:36.0906 3804 [ 4bdd71b4b521521499dfd14735c4f398 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:32:37.0062 3804 RSVP - ok
18:32:37.0093 3804 [ 7b39e60c587654960f4e9c5cf44a31af ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
18:32:37.0140 3804 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
18:32:37.0140 3804 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
18:32:37.0171 3804 [ 208491a652c79871737edfe629de2c45 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:32:37.0187 3804 s24trans ( UnsignedFile.Multi.Generic ) - warning
18:32:37.0187 3804 s24trans - detected UnsignedFile.Multi.Generic (1)
18:32:37.0203 3804 [ afb8261b56cba0d86aeb6df682af9785 ] SamSs C:\WINDOWS\system32\lsass.exe
18:32:37.0328 3804 SamSs - ok
18:32:37.0375 3804 [ dcec079fad95d36c8dd5cb6d779dfe32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:32:37.0515 3804 SCardSvr - ok
18:32:37.0562 3804 [ a050194a44d7fa8d7186ed2f4e8367ae ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:32:37.0718 3804 Schedule - ok
18:32:37.0796 3804 [ 2881d5c135d076bcf52b0f5ad3d8dc0b ] sdAuxService C:\Programme\Spyware Doctor\pctsAuxs.exe
18:32:37.0828 3804 sdAuxService - ok
18:32:37.0890 3804 [ 9caca3fad05c4b0d7967592e65b338f1 ] sdCoreService C:\Programme\Spyware Doctor\pctsSvc.exe
18:32:38.0000 3804 sdCoreService - ok
18:32:38.0046 3804 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:32:38.0203 3804 Secdrv - ok
18:32:38.0234 3804 [ bee4cfd1d48c23b44cf4b974b0b79b2b ] seclogon C:\WINDOWS\System32\seclogon.dll
18:32:38.0375 3804 seclogon - ok
18:32:38.0421 3804 [ 2aac9b6ed9eddffb721d6452e34d67e3 ] SENS C:\WINDOWS\system32\sens.dll
18:32:38.0578 3804 SENS - ok
18:32:38.0625 3804 [ cf24eb4f0412c82bcd1f4f35a025e31d ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:32:38.0765 3804 Serial - ok
18:32:38.0781 3804 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:32:38.0937 3804 Sfloppy - ok
18:32:38.0984 3804 [ cad058d5f8b889a87ca3eb3cf624dcef ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:32:39.0156 3804 SharedAccess - ok
18:32:39.0187 3804 [ 2db7d303c36ddd055215052f118e8e75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:32:39.0218 3804 ShellHWDetection - ok
18:32:39.0218 3804 Simbad - ok
18:32:39.0265 3804 [ 886dbe1e6de104591e8b7334b6d42ed8 ] slabbus C:\WINDOWS\system32\DRIVERS\slabbus.sys
18:32:39.0281 3804 slabbus - ok
18:32:39.0328 3804 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:32:39.0453 3804 SLIP - ok
18:32:39.0453 3804 Sparrow - ok
18:32:39.0484 3804 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:32:39.0640 3804 splitter - ok
18:32:39.0703 3804 [ 5979e1fafd2bd49a4ce0ee7b447d6cd1 ] spmgr C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
18:32:39.0718 3804 spmgr ( UnsignedFile.Multi.Generic ) - warning
18:32:39.0718 3804 spmgr - detected UnsignedFile.Multi.Generic (1)
18:32:39.0750 3804 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:32:39.0765 3804 Spooler - ok
18:32:39.0781 3804 [ 50fa898f8c032796d3b1b9951bb5a90f ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:32:39.0937 3804 sr - ok
18:32:39.0968 3804 [ fe77a85495065f3ad59c5c65b6c54182 ] srservice C:\WINDOWS\system32\srsvc.dll
18:32:40.0125 3804 srservice - ok
18:32:40.0171 3804 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:32:40.0250 3804 Srv - ok
18:32:40.0281 3804 [ 4df5b05dfaec29e13e1ed6f6ee12c500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:32:40.0421 3804 SSDPSRV - ok
18:32:40.0453 3804 [ 306521935042fc0a6988d528643619b3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
18:32:40.0453 3804 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:32:40.0453 3804 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:32:40.0500 3804 [ bc2c5985611c5356b24aeb370953ded9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:32:40.0640 3804 stisvc - ok
18:32:40.0718 3804 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:32:40.0859 3804 streamip - ok
18:32:40.0890 3804 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:32:41.0031 3804 swenum - ok
18:32:41.0062 3804 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:32:41.0203 3804 swmidi - ok
18:32:41.0218 3804 SwPrv - ok
18:32:41.0234 3804 symc810 - ok
18:32:41.0234 3804 symc8xx - ok
18:32:41.0250 3804 sym_hi - ok
18:32:41.0250 3804 sym_u3 - ok
18:32:41.0312 3804 [ acbfa46f1981f654745df6bdc1b2189e ] SynMini C:\WINDOWS\system32\Drivers\SynMini.sys
18:32:41.0375 3804 SynMini - ok
18:32:41.0406 3804 [ 4c1ff55dbb0fd1888f16b1d8a39bf073 ] SynScan C:\WINDOWS\system32\Drivers\SynScan.sys
18:32:41.0437 3804 SynScan - ok
18:32:41.0468 3804 [ 55a7c2667ff752fabcae7e6b6df52a10 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:32:41.0515 3804 SynTP - ok
18:32:41.0531 3804 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:32:41.0703 3804 sysaudio - ok
18:32:41.0734 3804 [ 2903fffa2523926d6219428040dce6b9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:32:41.0890 3804 SysmonLog - ok
18:32:41.0937 3804 [ 05903cac4b98908d55ea5774775b382e ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:32:42.0109 3804 TapiSrv - ok
18:32:42.0140 3804 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:32:42.0234 3804 Tcpip - ok
18:32:42.0281 3804 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:32:42.0421 3804 TDPIPE - ok
18:32:42.0437 3804 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:32:42.0578 3804 TDTCP - ok
18:32:42.0625 3804 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:32:42.0750 3804 TermDD - ok
18:32:42.0796 3804 [ b7de02c863d8f5a005a7bf375375a6a4 ] TermService C:\WINDOWS\System32\termsrv.dll
18:32:42.0937 3804 TermService - ok
18:32:42.0953 3804 [ 2db7d303c36ddd055215052f118e8e75 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:32:42.0968 3804 Themes - ok
18:32:42.0984 3804 TosIde - ok
18:32:43.0015 3804 [ 626504572b175867f30f3215c04b3e2f ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:32:43.0156 3804 TrkWks - ok
18:32:43.0187 3804 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:32:43.0328 3804 Udfs - ok
18:32:43.0343 3804 ultra - ok
18:32:43.0390 3804 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:32:43.0562 3804 Update - ok
18:32:43.0625 3804 [ 1dfd8975d8c89214b98d9387c1125b49 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:32:43.0796 3804 upnphost - ok
18:32:43.0828 3804 [ 9b11e6118958e63e1fef129466e2bda7 ] UPS C:\WINDOWS\System32\ups.exe
18:32:43.0968 3804 UPS - ok
18:32:44.0015 3804 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:32:44.0140 3804 usbaudio - ok
18:32:44.0156 3804 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:32:44.0296 3804 usbccgp - ok
18:32:44.0312 3804 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:32:44.0437 3804 usbehci - ok
18:32:44.0468 3804 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:32:44.0609 3804 usbhub - ok
18:32:44.0625 3804 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:32:44.0781 3804 usbprint - ok
18:32:44.0812 3804 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:32:44.0984 3804 usbscan - ok
18:32:45.0015 3804 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:32:45.0171 3804 USBSTOR - ok
18:32:45.0187 3804 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:32:45.0343 3804 usbuhci - ok
18:32:45.0375 3804 [ ae4df3b7d1db9373b08db4ed224e26b6 ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:32:45.0406 3804 usb_rndisx ( UnsignedFile.Multi.Generic ) - warning
18:32:45.0406 3804 usb_rndisx - detected UnsignedFile.Multi.Generic (1)
18:32:45.0421 3804 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:32:45.0562 3804 VgaSave - ok
18:32:45.0562 3804 ViaIde - ok
18:32:45.0578 3804 Video3D - ok
18:32:45.0593 3804 [ a5a712f4e880874a477af790b5186e1d ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:32:45.0750 3804 VolSnap - ok
18:32:45.0796 3804 [ 68f106273be29e7b7ef8266977268e78 ] VSS C:\WINDOWS\System32\vssvc.exe
18:32:45.0937 3804 VSS - ok
18:32:46.0078 3804 [ 67caa926ef06e07f2d31056b39f51c54 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
18:32:46.0359 3804 w29n51 - ok
18:32:46.0390 3804 [ 7b353059e665f8b7ad2bbeaef597cf45 ] W32Time C:\WINDOWS\system32\w32time.dll
18:32:46.0562 3804 W32Time - ok
18:32:46.0578 3804 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:32:46.0750 3804 Wanarp - ok
18:32:46.0781 3804 [ 4a954a20a4c73d6db13c0fe25f3f1b0c ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:32:46.0843 3804 wceusbsh - ok
18:32:46.0890 3804 [ d918617b46457b9ac28027722e30f647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:32:46.0937 3804 Wdf01000 - ok
18:32:46.0937 3804 WDICA - ok
18:32:46.0968 3804 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:32:47.0109 3804 wdmaud - ok
18:32:47.0156 3804 [ 81727c9873e3905a2ffc1ebd07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:32:47.0281 3804 WebClient - ok
18:32:47.0328 3804 [ 448f0de9b06386a4dd605d28c0cc5feb ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:32:47.0421 3804 winachsf - ok
18:32:47.0500 3804 [ 6f3f3973d97714cc5f906a19fe883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:32:47.0640 3804 winmgmt - ok
18:32:47.0703 3804 [ fd600b032e741eb6aab509fc630f7c42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:32:47.0718 3804 WinUSB - ok
18:32:47.0765 3804 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:32:47.0796 3804 WmdmPmSN - ok
18:32:47.0828 3804 [ 93908111ba57a6e60ec2fa2de202105c ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:32:47.0984 3804 WmiApSrv - ok
18:32:48.0062 3804 [ bf05650bb7df5e9ebdd25974e22403bb ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
18:32:48.0171 3804 WMPNetworkSvc - ok
18:32:48.0234 3804 [ 017695393afffed8de58abd1b085be6d ] WMZuneComm c:\Programme\Zune\WMZuneComm.exe
18:32:48.0265 3804 WMZuneComm - ok
18:32:48.0296 3804 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:32:48.0328 3804 WpdUsb - ok
18:32:48.0359 3804 [ 300b3e84faf1a5c1f791c159ba28035d ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:32:48.0500 3804 wscsvc - ok
18:32:48.0515 3804 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:32:48.0656 3804 WSTCODEC - ok
18:32:48.0703 3804 [ 7b4fe05202aa6bf9f4dfd0e6a0d8a085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:32:48.0843 3804 wuauserv - ok
18:32:48.0890 3804 [ eaa6324f51214d2f6718977ec9ce0def ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:32:48.0921 3804 WudfPf - ok
18:32:48.0953 3804 [ f91ff1e51fca30b3c3981db7d5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:32:49.0000 3804 WudfRd - ok
18:32:49.0015 3804 [ ddee3682fe97037c45f4d7ab467cb8b6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:32:49.0078 3804 WudfSvc - ok
18:32:49.0125 3804 [ c4f109c005f6725162d2d12ca751e4a7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:32:49.0281 3804 WZCSVC - ok
18:32:49.0343 3804 [ 0ada34871a2e1cd2caafed1237a47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:32:49.0484 3804 xmlprov - ok
18:32:49.0515 3804 [ a81a1f8c2a50f72fda9c686aa85bf151 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
18:32:49.0546 3804 yukonwxp - ok
18:32:49.0578 3804 [ ae279cd76b38fc079eec3ca6d65a5926 ] zumbus C:\WINDOWS\system32\DRIVERS\zumbus.sys
18:32:49.0625 3804 zumbus - ok
18:32:49.0671 3804 [ 37f339b64f19e2775284ed7161b96683 ] ZuneBusEnum c:\Programme\Zune\ZuneBusEnum.exe
18:32:49.0703 3804 ZuneBusEnum - ok
18:32:49.0937 3804 [ 1076df9ade4e13ea3bf39d2165aeb903 ] ZuneNetworkSvc c:\Programme\Zune\ZuneNss.exe
18:32:50.0406 3804 ZuneNetworkSvc - ok
18:32:50.0437 3804 [ de1cdb333a402b279f04d627122fa08e ] ZuneWlanCfgSvc c:\Programme\Zune\ZuneWlanCfgSvc.exe
18:32:50.0484 3804 ZuneWlanCfgSvc - ok
18:32:50.0500 3804 ================ Scan global ===============================
18:32:50.0562 3804 (2c60091ca5f67c3032eab3b30390c27f) C:\WINDOWS\system32\basesrv.dll
18:32:50.0609 3804 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
18:32:50.0656 3804 (a28ce25b59c90e12743001a1f2ae3613) C:\WINDOWS\system32\winsrv.dll
18:32:50.0687 3804 (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:32:50.0703 3804 [Global] - ok
18:32:50.0703 3804 ================ Scan MBR ==================================
18:32:50.0718 3804 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:32:51.0031 3804 \Device\Harddisk0\DR0 - ok
18:32:51.0031 3804 ================ Scan VBR ==================================
18:32:51.0046 3804 Boot (0x1200) (b6a03a87e9aa9849388d0f66f8a314fc) \Device\Harddisk0\DR0\Partition1
18:32:51.0046 3804 \Device\Harddisk0\DR0\Partition1 - ok
18:32:51.0062 3804 Boot (0x1200) (16f8c4cb0a8aaed06030d86bd7bdc97b) \Device\Harddisk0\DR0\Partition2
18:32:51.0062 3804 \Device\Harddisk0\DR0\Partition2 - ok
18:32:51.0078 3804 ============================================================
18:32:51.0078 3804 Scan finished
18:32:51.0078 3804 ============================================================
18:32:51.0203 2196 Detected object count: 19
18:32:51.0203 2196 Actual detected object count: 19
18:33:36.0828 2196 ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 asuskbnt ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 asuskbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 ElgTaDrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 ElgTaDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 ghaio ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 ghaio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0828 2196 OwnershipProtocol ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0828 2196 OwnershipProtocol ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0843 2196 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0843 2196 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0843 2196 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0843 2196 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0843 2196 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0843 2196 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0843 2196 spmgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0843 2196 spmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0843 2196 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0843 2196 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:36.0843 2196 usb_rndisx ( UnsignedFile.Multi.Generic ) - skipped by user
18:33:36.0843 2196 usb_rndisx ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.08.2012, 19:09
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2012, 21:43
| #27 |
| | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt So, hat etwas gedauert  Combofix Logfile: Code:
ATTFilter ComboFix 12-08-20.02 - ***** 20.08.2012 22:14:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.195 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\*****\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\DFC5A2B2.TMP
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\*****\WINDOWS
c:\programme\bi11033ge.exe
c:\programme\suresupply_2_2_0_0000_dede.exe
c:\windows\dasetup.log
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\roboot.exe
c:\windows\system32\uninstall.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-20 bis 2012-08-20 ))))))))))))))))))))))))))))))
.
.
2012-08-12 08:16 . 2012-08-15 17:49 -------- d-----w- C:\_OTL
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
2012-08-06 22:14 . 2012-08-06 22:14 -------- d-----w- c:\programme\Direct Registry Browser
2012-08-03 22:19 . 2012-08-03 22:19 -------- d-----w- c:\programme\ESET
2012-07-28 08:47 . 2012-07-28 08:47 -------- d-sh--w- c:\dokumente und einstellungen\found.000
2012-07-27 21:56 . 2012-07-27 21:56 -------- d-----w- c:\dokumente und einstellungen\*****\Anwendungsdaten\Malwarebytes
2012-07-27 21:54 . 2012-07-27 21:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-07-27 21:54 . 2012-07-27 21:54 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-07-27 21:54 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 20:01 . 2012-04-26 12:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-20 20:01 . 2011-05-25 08:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2008-08-29 11:10 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-01-02 11:11 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-09-07 14:33 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-08-29 11:10 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-06-21 07:01 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-21 07:01 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-04-14 01:21 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-04-14 01:21 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2006-04-14 01:21 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-06-21 07:01 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-04-14 01:21 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-04-14 01:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-09-07 14:33 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-21 07:01 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-04-14 01:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2006-04-14 01:21 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-09-07 14:33 604160 ----a-w- c:\windows\system32\crypt32.dll
2011-05-25 09:22 . 2011-05-25 09:22 3295968 ----a-w- c:\programme\Adobe Bildbearbeitung.exe
1999-06-10 08:34 . 2006-04-24 10:08 570128 ----a-w- c:\programme\Gemeinsame Dateien\DAO350.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-23 7286784]
"nwiz"="nwiz.exe" [2005-09-23 1519616]
"Wireless Console"="c:\programme\ASUS\Wireless Console\wcourier.exe" [2005-07-22 57344]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-02 385024]
"EOUApp"="c:\programme\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Google Updater"="c:\programme\Google\Google Updater\GoogleUpdater.exe" [2011-10-06 161336]
"Zune Launcher"="c:\programme\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 20:46 110592 ----a-w- c:\programme\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS ChkMail.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ASUS ChkMail.lnk
backup=c:\windows\pss\ASUS ChkMail.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware Info Service.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk
backup=c:\windows\pss\Lexware Info Service.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VR-NetWorld Auftragsprüfung.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk
backup=c:\windows\pss\VR-NetWorld Auftragsprüfung.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45 63712 ----a-w- c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2003-09-19 10:54 172032 ----a-w- c:\programme\ASUS\ASUS Live Update\ALU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-09-12 09:06 1836544 ----a-w- c:\programme\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
2005-07-27 15:07 765952 ----a-w- c:\programme\ASUS\NB Probe\NBProbe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
2005-06-16 13:48 86016 ----a-w- c:\programme\ASUS\Power4 Gear\BatteryLife.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\programme\ASUSTeK\ASUSDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-14 16:01 16010752 ----a-r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-06-03 01:52 36975 ----a-w- c:\programme\Java\jre1.5.0_04\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-31 08:34 68856 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"spmgr"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [03.07.2009 15:20 130936]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [15.10.2004 19:26 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [15.10.2004 19:26 27264]
R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [21.04.2006 13:51 99840]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [04.07.2009 10:33 110304]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [12.02.2007 12:59 198336]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.01.2010 11:59 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26.04.2012 14:58 250056]
S3 ElgTaDrv;elmeg USB Device Driver;c:\windows\system32\drivers\ElgTaDrv.sys [22.04.2006 09:53 73660]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [17.10.2011 08:22 1527900]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [06.01.2010 11:59 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [07.09.2004 16:34 14336]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [14.04.2006 03:31 720438]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [14.04.2006 03:31 8246]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\programme\Zune\WMZuneComm.exe [05.08.2011 13:30 268512]
S4 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [03.11.2008 16:50 348752]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 20:01]
.
2012-08-12 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-26 06:21]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-06 09:59]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-06 09:59]
.
2012-05-11 c:\windows\Tasks\Norton Security Scan for *****.job
- c:\programme\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-06-25 14:45]
.
2012-08-20 c:\windows\Tasks\User_Feed_Synchronization-{7EB811A9-8AB6-4C9E-BC32-DAAB0C61137A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = fritz.box;localhost
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
DPF: {579FC5F5-F9FE-451C-A0DC-2F7FF46F9597} - hxxp://xvectormap.ptv.de/xvectormap/PTVxVectorMap20.cab
FF - ProfilePath - c:\dokumente und einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\vzly9lwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-GameFace Messenger - c:\programme\GameFace Messenger\GameFace.exe
MSConfigStartUp-MsnMsgr - c:\programme\MSN Messenger\MsnMsgr.Exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966 - c:\programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966
AddRemove-elmeg TK-Anlagen Tapi Treiber - c:\windows\IsUn0407.exe
AddRemove-KHB_BH_M - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Sigel PaperDesigner deluxe - c:\progra~1\Sigel\PAPERD~1\UNWISE.EXE
AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-TB_MJ - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-20 22:33
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\programme\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2840)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\ATKKBService.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Intel\Wireless\Bin\OProtSvc.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Zune\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\programme\Brother\ControlCenter3\brccMCtl.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\programme\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-20 22:40:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-20 20:40
.
Vor Suchlauf: 7.393.203.712 Bytes frei
Nach Suchlauf: 7.696.958.464 Bytes frei
.
- - End Of File - - E173355B4F1FF5EEEFCC3B4F5B09AE5A
|
|
21.08.2012, 12:58
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt |
| .dll, abgesicherte, abgesicherten, adobe, aktionen, bekannte, bho, desktop, downloader, einstellungen, erhalte, error, erstell, erstellt, erstellte, explorer, firefox, flash player, format, freitag, gemeinde, gescannt, helper, hoffe, jegliche, konnte, lahm, leute, leuten, logfile, modus, monitor, nvidia, photoshop, poste, probleme, realtek, registry, security, software, spyware, symantec, system, systems, systemstart, weiterhelfen, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
