| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes-FundeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.09.2012, 19:04
| #1 |
 |  Malwarebytes-Funde Hallo liebes Forum, im Juli hatte Malwarebytes ein paar Funde: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.28.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 TanteKaete :: TANTE_KAETE [Administrator] 28.07.2012 14:19:05 mbam-log-2012-07-28 (14-19-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 283207 Laufzeit: 51 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|StartMenuLogOff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.05.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 TanteKaete :: TANTE_KAETE [Administrator] 05.09.2012 17:56:00 mbam-log-2012-09-05 (17-56-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 279778 Laufzeit: 28 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:33 on 05/09/2012 (TanteKaete)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 05.09.2012 18:35:56 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Dokumente und Einstellungen\TanteKaete\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 75,80% Memory free 11,63 Gb Paging File | 11,14 Gb Available in Paging File | 95,74% Paging File free Paging file location(s): D:\pagefile.sys 9000 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 15,55 Gb Free Space | 53,08% Space Free | Partition Type: NTFS Drive D: | 200,46 Gb Total Space | 178,46 Gb Free Space | 89,02% Space Free | Partition Type: NTFS Drive I: | 436,39 Gb Total Space | 39,53 Gb Free Space | 9,06% Space Free | Partition Type: NTFS Computer Name: TANTE_KAETE | User Name: TanteKaete | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.05 18:34:28 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\OTL.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %SystemRoot%\system32\wbem\WMIsvc.dll -- (winmgmt) SRV - File not found [Disabled | Unknown] -- -- (Nlliwn2ruk) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2012.09.05 14:41:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.06.27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\siusbmod.sys -- (siusbmod) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32) DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.02.03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.21 18:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007.03.18 12:33:20 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2007.03.18 12:33:20 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2006.10.25 10:25:48 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2006.09.21 03:37:00 | 001,422,656 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau32) DRV - [2005.09.12 16:40:08 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial) DRV - [2005.09.12 16:40:08 | 000,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser) DRV - [2005.09.12 16:40:08 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus) DRV - [2005.06.15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.03.15 17:04:00 | 000,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2002.11.07 15:20:16 | 000,116,110 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR97310v.sys -- (MR97310_VGA_DUAL_CAMERA) DRV - [2001.11.01 09:30:30 | 000,041,759 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [1997.09.28 13:53:06 | 000,040,288 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mgnt.sys -- (MicroGuard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com/preferences?hl={SUB_RFC1766} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie?hl={SUB_RFC1766} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie?hl={SUB_RFC1766} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {A1AA3292-673C-46C4-A7FE-830A38FBFA05} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{A1AA3292-673C-46C4-A7FE-830A38FBFA05}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.05 14:41:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.05 14:29:31 | 000,000,000 | ---D | M] [2010.08.23 19:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Extensions [2010.08.23 19:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.05 17:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions [2012.09.05 17:11:56 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.05 17:09:41 | 000,527,931 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.05 14:30:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.05 13:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.05 14:41:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.09.05 14:29:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 14:41:27 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.05 14:29:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.05 14:29:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.05 14:29:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.05 14:29:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.12 21:08:07 | 000,438,439 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15079 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346857358843 (MUWebControl Class) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} Reg Error: Value error. (McFreeScan Class) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell - "" = AutoRun O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell\AutoRun\command - "" = G:\DTE_Privacy_launcher.exe O33 - MountPoints2\{cc64d7c2-cbdf-11de-8515-00123fb77450}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.05 18:34:23 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\OTL.exe [2012.09.05 17:51:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\TanteKaete\Recent [2012.09.05 17:19:49 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\esetsmartinstaller_enu.exe [2012.09.05 16:21:50 | 000,000,000 | ---D | C] -- C:\Programme\Windows Defender [2012.09.05 15:18:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2012.09.05 15:01:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.09.05 15:01:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2012.09.05 14:32:13 | 000,000,000 | ---D | C] -- C:\Programme\xp-AntiSpy [2012.09.05 14:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TanteKaete\Startmenü\Programme\xp-AntiSpy [2012.09.05 14:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.09.05 14:29:36 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.09.05 14:14:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2012.09.05 14:12:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.09.05 14:08:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SpywareBlaster [2012.09.05 13:43:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TanteKaete\Eigene Dateien [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.05 18:34:28 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\OTL.exe [2012.09.05 18:33:07 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\defogger_reenable [2012.09.05 18:32:21 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\Defogger.exe [2012.09.05 18:01:56 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.09.05 18:00:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Wartung.job [2012.09.05 17:52:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.05 17:51:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.05 17:51:44 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.09.05 17:19:52 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\esetsmartinstaller_enu.exe [2012.09.05 15:47:57 | 000,460,810 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.05 15:47:57 | 000,442,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.05 15:47:57 | 000,085,674 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.05 15:47:57 | 000,072,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.05 15:47:39 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2012.09.05 15:22:53 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012.09.05 15:12:15 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\config.nt [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.05 18:33:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\defogger_reenable [2012.09.05 18:32:18 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\Defogger.exe [2012.09.05 17:51:44 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.09.05 16:21:55 | 000,001,091 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Defender.lnk [2012.09.05 16:13:09 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.09.05 15:22:53 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012.09.05 15:18:41 | 000,001,684 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk [2010.01.09 02:08:28 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\PnkBstrK.sys [2006.11.16 17:10:08 | 000,090,790 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\C [2006.01.15 11:23:40 | 000,004,470 | RHS- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\ntuser.pol [2006.01.14 21:34:11 | 000,000,816 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2006.01.13 12:56:31 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\default.pls [2006.01.03 01:00:38 | 000,224,768 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.01.02 15:40:09 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2010.08.24 18:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2009.11.20 16:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.07.16 17:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iolo [2008.03.26 18:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2006.02.24 18:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012.09.05 14:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.01.07 16:32:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.12.30 18:03:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2009.12.06 01:55:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009.11.20 16:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Buhl Data Service [2009.11.20 16:03:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Buhl Data Service GmbH [2010.07.09 23:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\DVDVideoSoftIEHelpers [2009.04.14 22:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\GARMIN [2006.07.14 11:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\ICAClient [2008.07.16 17:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\iolo [2006.01.03 14:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Leadertech [2009.03.24 13:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Miranda [2008.11.16 21:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\OpenOffice.org [2006.01.04 16:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Opera [2006.01.02 20:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Template [2010.08.23 19:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Thunderbird [2010.12.30 18:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\TuneUp Software [2009.08.20 21:20:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\UBitMenu [2012.09.05 18:00:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Wartung.job [2006.01.03 17:30:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job [2012.09.05 18:01:56 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.09.2012 18:35:56 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Dokumente und Einstellungen\TanteKaete\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 75,80% Memory free
11,63 Gb Paging File | 11,14 Gb Available in Paging File | 95,74% Paging File free
Paging file location(s): D:\pagefile.sys 9000 9000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 15,55 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Drive D: | 200,46 Gb Total Space | 178,46 Gb Free Space | 89,02% Space Free | Partition Type: NTFS
Drive I: | 436,39 Gb Total Space | 39,53 Gb Free Space | 9,06% Space Free | Partition Type: NTFS
Computer Name: TANTE_KAETE | User Name: TanteKaete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VLCPlayer\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VLCPlayer\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{24E7B19B-EA09-483F-8735-97DD371E861B}" = SA32xx Media Converter
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AFA7FAAA-D267-4243-9B09-165A68501031}" = Nero 7 Essentials
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"FS-720 Utilities" = Kyocera FS-720 Version 1.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSet" = Intel(R) PRO Network Connections Drivers
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.6
"VLC media player" = VLC media player 0.9.4
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"xp-AntiSpy" = xp-AntiSpy 3.98-2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.09.2012 08:24:09 | Computer Name = TANTE_KAETE | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 05.09.2012 08:39:50 | Computer Name = TANTE_KAETE | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
Error - 05.09.2012 09:13:28 | Computer Name = TANTE_KAETE | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 05.09.2012 09:17:07 | Computer Name = TANTE_KAETE | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 05.09.2012 09:34:17 | Computer Name = TANTE_KAETE | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 05.09.2012 10:19:27 | Computer Name = TANTE_KAETE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 05.09.2012 10:54:19 | Computer Name = TANTE_KAETE | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 05.09.2012 11:00:41 | Computer Name = TANTE_KAETE | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
Error - 05.09.2012 11:23:25 | Computer Name = TANTE_KAETE | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 05.09.2012 11:52:00 | Computer Name = TANTE_KAETE | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
[ System Events ]
Error - 05.09.2012 09:45:22 | Computer Name = TANTE_KAETE | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: The server
name or address could not be resolved
Error - 05.09.2012 09:45:22 | Computer Name = TANTE_KAETE | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: The server
name or address could not be resolved
Error - 05.09.2012 09:45:22 | Computer Name = TANTE_KAETE | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: The server
name or address could not be resolved
Error - 05.09.2012 09:45:22 | Computer Name = TANTE_KAETE | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: The server
name or address could not be resolved
Error - 05.09.2012 10:10:24 | Computer Name = TANTE_KAETE | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 0.0.0.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 05.09.2012 10:12:58 | Computer Name = TANTE_KAETE | Source = DCOM | ID = 10010
Description = Der Server "{C49E32C6-BC8B-11D2-85D4-00105A1F8304}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 05.09.2012 10:21:38 | Computer Name = TANTE_KAETE | Source = DCOM | ID = 10010
Description = Der Server "{C49E32C6-BC8B-11D2-85D4-00105A1F8304}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 05.09.2012 10:23:50 | Computer Name = TANTE_KAETE | Source = DCOM | ID = 10010
Description = Der Server "{C49E32C6-BC8B-11D2-85D4-00105A1F8304}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 05.09.2012 10:50:03 | Computer Name = TANTE_KAETE | Source = DCOM | ID = 10010
Description = Der Server "{C49E32C6-BC8B-11D2-85D4-00105A1F8304}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 05.09.2012 11:36:24 | Computer Name = TANTE_KAETE | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
00123FB77450 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
[ TuneUp Events ]
Error - 31.12.2010 05:40:31 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 31.12.2010 08:48:55 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 31.12.2010 12:41:56 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 01.01.2011 07:33:49 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 02.01.2011 14:22:42 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 03.01.2011 14:35:03 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 04.01.2011 02:31:46 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 05.01.2011 13:42:26 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 05.01.2011 16:15:16 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.01.2011 13:11:34 | Computer Name = TANTE_KAETE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-05 19:36:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f Maxtor_7L250S0 rev.BACE1G10
Running: tqfbrqhp.exe; Driver: C:\DOKUME~1\TANTEK~1\LOKALE~1\Temp\uwldypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99A4000, 0x1C5D38, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAEB54300, 0x22020, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3D8300, 0x1B7E, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AE6EDD20
Device AE705631
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI03.00.00.01PRO D75DDEBEF0371A271F5ECFB3D5F5F0D0D4E0A3DCCFE91BB77F1388F8D88D717B36BFF3352AEB2784523E3B7D52667F526583EADB1605D6EB0D3DFCE626DA7CCE0B78DA3CA6765C76305C2596816472F89D7960E3094519A2CE9E5AFA6EEA1EB9F5C67154870F2DB9A61324DD629384AD5853EDD5A5D5031AAAA1FCB7CB91FC6E8A902E4025D2658D965EDF792878C66462C613D51C458A13FCD6D8E28C07139C525C180708C225B455DF964F3B7B9B90FDAD604D52067653136E7686B064ADFB48D5CA73EE41DC77ABDC188C366BBB2B6106FDE960FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B5556345ED617E41E537A7F780A440DC5E14CBC718209940E4E3C7D439FA656D4B375D6EBB0066B0CA761F025A541A47228480ED5D890DCA49AEF991CF784475297B38B9C6EE3EAEEEB4E1D9B8A5F76B6951E892DE16086676ABEE0A3391CC1603FEB194702FA10317C395AFAC07ADE9F84D34C900403CA554C67C56B5EC27F5816CE9BA1A36D20ECC2B4487CCDAB772D8FC72FC25F67B2F0C22DDE5AF279ED18EA2E3C02D6DB53ED927D9B8AEF6314DD6979BE7B81EBC3F0C92B37AFACE24F95AB48A8D1532D31AD0A728EDF1A45E54848A8A1CA88A9925852301A97
---- EOF - GMER 1.0.15 ----
Ein Problem ist, dass ich nicht in der Lage bin die Windows-Firewall und den Security-Center-Dienst dauerhaft einzuschalten, beide Dienste sind nach einem Neustart wieder beendet. Der Security-Center erkennt außerdem keine Virensoftware und das obwohl ich Microsoft Security Essentials verwende. Bei der Windows Firewall erhalte ich unter dem Reiter "Erweitert" die Fehlermeldung: "Die Netzwerkverbindungseinstellungen wurden beschädigt. Klicken sie auf "Wiederherstellen", um das Problem zu beheben. Dadurch werden alle Windows-Firewalleinstellungen gelöscht und einige Programme funktioneren evtl. nicht mehr richtig." Leider hilft das Klicken auf den Wiederherstellungsbutton garnix. Ich erwähne das nur, da im ersten Malwarebytes-Log Meldungen vorkommen, die mit dem Security-Center-Dienst, Firewall und Virenschutz zu tun haben. So, das wars erstmal von mir. Danke schonmal fürs Lesen.  PS: Bevor jemand denkt ich würde doppelt posten: Mein Thema vom 27.07.12 betrifft einen anderen Rechner von mir, ich hatte es nur ein wenig verschoben, mich auch mit diesem Problem zu beschäftigen. |
|
12.09.2012, 10:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malwarebytes-Funde Wo ist das Log vom ESET OnlinceScanner? Das Tool tacht bei dir auf hast du aber noch nicht damit gescannt oder nur das Log vergessen?
__________________
__________________ |
|
12.09.2012, 12:48
| #3 |
| | Malwarebytes-Funde Ich habe den ESET Online-Scanner noch nicht ausgeführt, da ich erstmal mit http://www.trojaner-board.de/69886-a...-beachten.html begonnen habe.
__________________Ich werde das Log Morgen Abend posten. Ich werde dann auch gleich den adwCleaner (Search) ausführen und das Log hier posten. Viele Grüße und bis Morgen. |
|
13.09.2012, 18:35
| #4 |
| | Malwarebytes-Funde Guten Abend cosinus, hier die LOGs: ESET Online-Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb528270e568a04dbef5339ebe935a45
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-13 05:24:52
# local_time=2012-09-13 07:24:52 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=77737
# found=1
# cleaned=0
# scan_time=8079
I:\Sicherungen\Downloads\NEU\SoftonicDownloader_fuer_freecol.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
Ich würde den Ordner einfach löschen, wenn da von Deiner Seite nichts dagegen spricht. AdwCleaner: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/13/2012 um 19:27:07 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : TanteKaete - TANTE_KAETE
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\TanteKaete\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\AskBarDis
Wert Gefunden : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1377 octets] - [13/09/2012 19:27:07]
########## EOF - C:\AdwCleaner[R1].txt - [1437 octets] ##########
|
|
14.09.2012, 12:09
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes-FundeCode:
ATTFilter I:\Sicherungen\Downloads\NEU\SoftonicDownloader_fuer_freecol.exe
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.09.2012, 15:23
| #6 |
| | Malwarebytes-Funde Hier der AdwCleaner-LOG: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/14/2012 um 16:14:41 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : TanteKaete - TANTE_KAETE
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\TanteKaete\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\AskBarDis
Wert Gelöscht : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
*************************
AdwCleaner[R1].txt - [1506 octets] - [13/09/2012 19:27:07]
AdwCleaner[S1].txt - [1789 octets] - [14/09/2012 16:14:41]
########## EOF - C:\AdwCleaner[S1].txt - [1849 octets] ##########
|
|
14.09.2012, 19:56
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes-Funde Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2012, 20:29
| #8 |
| | Malwarebytes-Funde Guten Abend,  hier der neueste OTL-Log: Code:
ATTFilter OTL logfile created on: 14.09.2012 21:16:15 - Run 2 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Dokumente und Einstellungen\TanteKaete\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,88% Memory free 11,63 Gb Paging File | 11,39 Gb Available in Paging File | 97,91% Paging File free Paging file location(s): D:\pagefile.sys 9000 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 13,77 Gb Free Space | 47,01% Space Free | Partition Type: NTFS Drive D: | 200,46 Gb Total Space | 98,18 Gb Free Space | 48,97% Space Free | Partition Type: NTFS Drive I: | 436,39 Gb Total Space | 142,26 Gb Free Space | 32,60% Space Free | Partition Type: NTFS Computer Name: TANTE_KAETE | User Name: TanteKaete | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.14 21:13:53 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\OTL.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %SystemRoot%\system32\wbem\WMIsvc.dll -- (winmgmt) SRV - File not found [Disabled | Unknown] -- -- (Nlliwn2ruk) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2012.09.14 18:23:57 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.14 18:21:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.06.27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\siusbmod.sys -- (siusbmod) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32) DRV - [2012.09.14 20:32:16 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{009E499E-C50D-4D06-972B-6F15E617D5A6}\MpKsl07272756.sys -- (MpKsl07272756) DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010.02.03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.21 18:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007.03.18 12:33:20 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2007.03.18 12:33:20 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2006.10.25 10:25:48 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2006.09.21 03:37:00 | 001,422,656 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau32) DRV - [2005.09.12 16:40:08 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial) DRV - [2005.09.12 16:40:08 | 000,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser) DRV - [2005.09.12 16:40:08 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus) DRV - [2005.06.15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.03.15 17:04:00 | 000,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2002.11.07 15:20:16 | 000,116,110 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR97310v.sys -- (MR97310_VGA_DUAL_CAMERA) DRV - [2001.11.01 09:30:30 | 000,041,759 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [1997.09.28 13:53:06 | 000,040,288 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mgnt.sys -- (MicroGuard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com/preferences?hl={SUB_RFC1766} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie?hl={SUB_RFC1766} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie?hl={SUB_RFC1766} IE - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\..\SearchScopes,DefaultScope = {A1AA3292-673C-46C4-A7FE-830A38FBFA05} IE - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\..\SearchScopes\{A1AA3292-673C-46C4-A7FE-830A38FBFA05}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.14 18:21:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.14 18:20:19 | 000,000,000 | ---D | M] [2010.08.23 19:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Extensions [2010.08.23 19:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.14 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions [2012.09.05 17:11:56 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.14 18:15:49 | 000,527,915 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.05 14:30:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.14 18:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.14 18:21:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.09.05 14:29:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 14:41:27 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.05 14:29:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.05 14:29:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.05 14:29:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.05 14:29:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.12 21:08:07 | 000,438,439 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15079 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = Reg Error: Value error. File not found O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1 O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O15 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\..Trusted Domains: microsoft.com ([*.update] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\..Trusted Domains: microsoft.com ([*.update] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\..Trusted Domains: microsoft.com ([update] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346857358843 (MUWebControl Class) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} Reg Error: Value error. (McFreeScan Class) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell - "" = AutoRun O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell\AutoRun\command - "" = G:\DTE_Privacy_launcher.exe O33 - MountPoints2\{cc64d7c2-cbdf-11de-8515-00123fb77450}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: winmgmt - %SystemRoot%\system32\wbem\WMIsvc.dll File not found MsConfig - Services: "UxTuneUp" MsConfig - Services: "TapiSrv" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootMin: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll File not found SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootNet: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll File not found SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6524D45C-1FD8-4A12-FDE3-CD638A3C6E15} - Vektorgrafik-Rendering (VML) ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.09.14 21:13:44 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\OTL.exe [2012.09.14 21:12:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\TanteKaete\Recent [2012.09.14 21:12:12 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Trojaner Board [2012.09.14 19:18:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012.09.14 19:17:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2012.09.14 18:42:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp [2012.09.14 18:37:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nero [2012.09.14 18:37:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nero [2012.09.14 18:30:49 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2012.09.14 18:28:55 | 000,000,000 | ---D | C] -- C:\AMD [2012.09.14 18:22:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.09.14 18:20:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.09.14 18:18:02 | 000,000,000 | ---D | C] -- C:\Programme\FileHippo.com [2012.09.13 17:08:18 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.05 17:19:49 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\esetsmartinstaller_enu.exe [2012.09.05 16:21:50 | 000,000,000 | ---D | C] -- C:\Programme\Windows Defender [2012.09.05 15:18:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2012.09.05 15:01:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.09.05 15:01:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2012.09.05 14:32:13 | 000,000,000 | ---D | C] -- C:\Programme\xp-AntiSpy [2012.09.05 14:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TanteKaete\Startmenü\Programme\xp-AntiSpy [2012.09.05 14:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.09.05 14:29:36 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.09.05 14:14:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2012.09.05 14:12:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.09.05 14:08:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SpywareBlaster [2012.09.05 13:43:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TanteKaete\Eigene Dateien [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.14 21:13:53 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\OTL.exe [2012.09.14 21:07:44 | 000,226,304 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.14 21:00:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Wartung.job [2012.09.14 20:52:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.09.14 20:41:44 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.09.14 20:31:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.14 20:31:55 | 000,004,470 | RHS- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\ntuser.pol [2012.09.14 20:31:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.14 20:29:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.14 20:03:22 | 000,001,189 | ---- | M] () -- C:\WINDOWS\wininit.ini [2012.09.14 19:45:46 | 000,483,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.14 19:45:46 | 000,080,456 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.09.14 19:45:45 | 000,504,316 | ---- | M] () -- C:\WINDOWS\System32\prfh0407.dat [2012.09.14 19:45:45 | 000,504,316 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.14 19:45:45 | 000,096,130 | ---- | M] () -- C:\WINDOWS\System32\prfc0407.dat [2012.09.14 19:39:49 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012.09.14 19:32:55 | 000,096,130 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.14 18:28:12 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 19:21:35 | 000,512,399 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\adwcleaner.exe [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.05 18:43:30 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\tqfbrqhp.exe [2012.09.05 18:33:07 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\defogger_reenable [2012.09.05 18:32:21 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\Defogger.exe [2012.09.05 17:19:52 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\esetsmartinstaller_enu.exe [2012.09.05 15:47:39 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2012.09.05 15:22:53 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012.09.05 15:12:15 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\config.nt [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.14 19:45:45 | 000,504,316 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat [2012.09.14 19:45:45 | 000,096,130 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat [2012.09.14 19:32:53 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib [2012.09.14 19:32:53 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib [2012.09.14 19:32:53 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib [2012.09.14 19:32:53 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib [2012.09.14 19:32:53 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib [2012.09.14 19:32:53 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib [2012.09.14 19:32:53 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib [2012.09.14 19:32:53 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib [2012.09.14 19:32:53 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib [2012.09.14 19:32:53 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib [2012.09.14 19:32:53 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib [2012.09.14 19:32:53 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib [2012.09.14 19:32:53 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib [2012.09.14 19:32:53 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib [2012.09.14 19:32:53 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib [2012.09.14 19:32:53 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib [2012.09.14 19:32:53 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib [2012.09.14 19:32:53 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib [2012.09.14 19:32:53 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib [2012.09.14 19:32:52 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib [2012.09.14 18:23:43 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.14 17:04:19 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb [2012.09.14 16:30:27 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012.09.13 19:21:14 | 000,512,399 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\adwcleaner.exe [2012.09.05 18:43:26 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\tqfbrqhp.exe [2012.09.05 18:33:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\defogger_reenable [2012.09.05 18:32:18 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Desktop\Defogger.exe [2012.09.05 16:13:09 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.09.05 15:22:53 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2010.01.09 02:08:28 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\PnkBstrK.sys [2006.11.16 17:10:08 | 000,090,790 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\C [2006.01.15 11:23:40 | 000,004,470 | RHS- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\ntuser.pol [2006.01.14 21:34:11 | 000,000,816 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2006.01.13 12:56:31 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\default.pls [2006.01.03 01:00:38 | 000,226,304 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.01.02 15:40:09 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\TanteKaete\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2010.08.24 18:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2009.11.20 16:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.07.16 17:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iolo [2008.03.26 18:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2006.02.24 18:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012.09.05 14:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.01.07 16:32:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.12.30 18:03:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2009.12.06 01:55:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2011.01.06 19:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software [2011.01.07 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\TuneUp Software [2009.11.20 16:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Buhl Data Service [2009.11.20 16:03:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Buhl Data Service GmbH [2010.07.09 23:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\DVDVideoSoftIEHelpers [2009.04.14 22:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\GARMIN [2006.07.14 11:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\ICAClient [2008.07.16 17:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\iolo [2006.01.03 14:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Leadertech [2009.03.24 13:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Miranda [2008.11.16 21:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\OpenOffice.org [2006.01.04 16:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Opera [2006.01.02 20:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Template [2010.08.23 19:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Thunderbird [2010.12.30 18:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\TuneUp Software [2009.08.20 21:20:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\UBitMenu [2012.09.14 21:00:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Wartung.job [2006.01.03 17:30:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job [2012.09.14 19:39:49 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012.09.14 20:41:44 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.16 17:13:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Adobe [2006.09.27 11:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Ahead [2006.10.25 23:19:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\ArcSoft [2009.10.20 00:08:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\ATI [2009.11.20 16:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Buhl Data Service [2009.11.20 16:03:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Buhl Data Service GmbH [2006.01.10 22:37:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\CyberLink [2011.02.11 21:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\dvdcss [2010.07.09 23:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\DVDVideoSoftIEHelpers [2009.04.14 22:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\GARMIN [2009.06.20 11:45:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Google [2011.01.06 22:21:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Hamachi [2006.01.12 03:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Help [2006.07.14 11:53:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\ICAClient [2006.01.03 03:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Identities [2008.07.16 17:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\iolo [2006.01.15 18:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Jasc Software Inc [2006.01.03 14:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Leadertech [2006.02.24 18:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Macromedia [2012.07.28 14:14:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Malwarebytes [2012.09.05 13:25:15 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Microsoft [2009.03.24 13:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Miranda [2010.01.03 23:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Move Networks [2008.10.08 16:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Mozilla [2008.11.16 21:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\OpenOffice.org [2008.11.16 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\OpenOffice.org2 [2006.01.04 16:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Opera [2012.09.05 13:46:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Real [2011.05.20 17:27:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Skype [2011.03.18 21:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\skypePM [2005.12.20 19:50:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Sun [2007.06.22 15:42:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\teamspeak2 [2006.01.02 20:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Template [2010.08.23 19:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\Thunderbird [2010.12.30 18:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\TuneUp Software [2009.08.20 21:20:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\UBitMenu [2009.01.28 20:42:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > [2009.08.20 21:20:21 | 000,696,341 | ---- | M] () -- C:\Dokumente und Einstellungen\TanteKaete\Anwendungsdaten\UBitMenu\unins000.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.01.03 02:49:37 | 018,782,319 | ---- | M] () .cab file -- C:\dell\MEDIAEXE\Media\I386\sp2.cab:AGP440.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.09.26 16:34:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.09.26 16:34:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2006.01.03 02:49:37 | 018,782,319 | ---- | M] () .cab file -- C:\dell\MEDIAEXE\Media\I386\sp2.cab:atapi.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.09.26 16:34:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.09.26 16:34:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\i386\eventlog.dll < MD5 for: IASTOR.SYS > [2005.04.25 15:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\dell\MEDIAEXE\Media\I386\iaStor.sys [2005.04.25 15:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\dell\MEDIAEXE\RepFiles\iastor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\i386\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 16:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\i386\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 16:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\i386\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 16:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\i386\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 16:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\i386\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\i386\ws2ifsl.sys [2004.08.04 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2004.08.13 14:46:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004.08.13 14:46:20 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004.08.13 14:46:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 < End of report > |
|
15.09.2012, 12:11
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes-Funde Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
SRV - File not found [Disabled | Unknown] -- -- (Nlliwn2ruk)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = Reg Error: Value error. File not found
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell - "" = AutoRun
O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\Shell\AutoRun\command - "" = G:\DTE_Privacy_launcher.exe
O33 - MountPoints2\{cc64d7c2-cbdf-11de-8515-00123fb77450}\Shell\AutoRun\command - "" = H:\Setup.exe
@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
I:\Sicherungen\Downloads\NEU\SoftonicDownloader_fuer_freecol.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.09.2012, 12:23
| #10 |
| | Malwarebytes-Funde Guten Morgen:  Das OTL-Fix-Log: Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named Nlliwn2ruk was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nlliwn2ruk deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoInternetOpenWith deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\GreyMSIAds deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutorunSetting deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayItemsDisplay deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogOff deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Intellimenus deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSimpleStartMenu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1838793929-2746509759-4267296665-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9492787e-6ccf-11db-a5bc-00123fb77450}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9492787e-6ccf-11db-a5bc-00123fb77450}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9492787e-6ccf-11db-a5bc-00123fb77450}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9492787e-6ccf-11db-a5bc-00123fb77450}\ not found.
File C:\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb1899f2-bbc7-11de-84f2-00123fb77450}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb1899f2-bbc7-11de-84f2-00123fb77450}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb1899f2-bbc7-11de-84f2-00123fb77450}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb1899f2-bbc7-11de-84f2-00123fb77450}\ not found.
File G:\DTE_Privacy_launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc64d7c2-cbdf-11de-8515-00123fb77450}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc64d7c2-cbdf-11de-8515-00123fb77450}\ not found.
File H:\Setup.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} folder moved successfully.
I:\Sicherungen\Downloads\NEU\SoftonicDownloader_fuer_freecol.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\TanteKaete\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\TanteKaete\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 116263 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
User: Lars
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 124013 bytes
->Flash cache emptied: 41 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 67442 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: TanteKaete
->Temp folder emptied: 1063424 bytes
->Temporary Internet Files folder emptied: 295046 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69677104 bytes
->Flash cache emptied: 500 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2673152 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34021 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 71,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.4 log created on 09152012_131559
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
16.09.2012, 14:00
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes-Funde Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.09.2012, 16:49
| #12 |
| | Malwarebytes-Funde Hier das tdsskiller-Log: Code:
ATTFilter 17:40:45.0890 3112 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:40:45.0906 3112 ============================================================
17:40:45.0906 3112 Current date / time: 2012/09/16 17:40:45.0906
17:40:45.0906 3112 SystemInfo:
17:40:45.0906 3112
17:40:45.0906 3112 OS Version: 5.1.2600 ServicePack: 3.0
17:40:45.0906 3112 Product type: Workstation
17:40:45.0906 3112 ComputerName: TANTE_KAETE
17:40:45.0906 3112 UserName: TanteKaete
17:40:45.0906 3112 Windows directory: C:\WINDOWS
17:40:45.0906 3112 System windows directory: C:\WINDOWS
17:40:45.0906 3112 Processor architecture: Intel x86
17:40:45.0906 3112 Number of processors: 2
17:40:45.0906 3112 Page size: 0x1000
17:40:45.0906 3112 Boot type: Normal boot
17:40:45.0906 3112 ============================================================
17:40:47.0265 3112 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:40:47.0265 3112 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:40:47.0328 3112 ============================================================
17:40:47.0328 3112 \Device\Harddisk0\DR0:
17:40:47.0328 3112 MBR partitions:
17:40:47.0328 3112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F647, BlocksNum 0x3A962B1
17:40:47.0343 3112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3AB5937, BlocksNum 0x190EDEBA
17:40:47.0343 3112 \Device\Harddisk1\DR1:
17:40:47.0343 3112 MBR partitions:
17:40:47.0343 3112 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F647, BlocksNum 0x368C7588
17:40:47.0343 3112 ============================================================
17:40:47.0421 3112 C: <-> \Device\Harddisk0\DR0\Partition1
17:40:47.0437 3112 I: <-> \Device\Harddisk1\DR1\Partition1
17:40:47.0468 3112 D: <-> \Device\Harddisk0\DR0\Partition2
17:40:47.0468 3112 ============================================================
17:40:47.0468 3112 Initialize success
17:40:47.0468 3112 ============================================================
17:41:28.0031 1872 ============================================================
17:41:28.0031 1872 Scan started
17:41:28.0031 1872 Mode: Manual; SigCheck; TDLFS;
17:41:28.0031 1872 ============================================================
17:41:28.0187 1872 ================ Scan system memory ========================
17:41:28.0203 1872 System memory - ok
17:41:28.0203 1872 ================ Scan services =============================
17:41:28.0296 1872 [ D5A6658CBFBBF9A0F8827E83C9FDE806 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
17:41:29.0156 1872 6to4 - ok
17:41:29.0171 1872 Abiosdsk - ok
17:41:29.0203 1872 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:41:29.0812 1872 abp480n5 - ok
17:41:29.0843 1872 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:41:30.0000 1872 ACPI - ok
17:41:30.0015 1872 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:41:30.0156 1872 ACPIEC - ok
17:41:30.0187 1872 [ 6463D1DB354B13E6CED4D67F6E4910F4 ] actser C:\WINDOWS\system32\drivers\actser.sys
17:41:30.0187 1872 actser ( UnsignedFile.Multi.Generic ) - warning
17:41:30.0187 1872 actser - detected UnsignedFile.Multi.Generic (1)
17:41:30.0234 1872 Adobe LM Service - ok
17:41:30.0296 1872 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:41:30.0328 1872 AdobeFlashPlayerUpdateSvc - ok
17:41:30.0359 1872 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:41:30.0484 1872 adpu160m - ok
17:41:30.0515 1872 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:41:30.0671 1872 aec - ok
17:41:30.0703 1872 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
17:41:30.0718 1872 Afc ( UnsignedFile.Multi.Generic ) - warning
17:41:30.0718 1872 Afc - detected UnsignedFile.Multi.Generic (1)
17:41:30.0750 1872 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:41:30.0796 1872 AFD - ok
17:41:30.0828 1872 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:41:30.0968 1872 agp440 - ok
17:41:31.0000 1872 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:41:31.0140 1872 agpCPQ - ok
17:41:31.0156 1872 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:41:31.0234 1872 Aha154x - ok
17:41:31.0265 1872 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:41:31.0390 1872 aic78u2 - ok
17:41:31.0406 1872 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:41:31.0531 1872 aic78xx - ok
17:41:31.0562 1872 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:41:31.0718 1872 Alerter - ok
17:41:31.0734 1872 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:41:31.0875 1872 ALG - ok
17:41:31.0890 1872 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:41:32.0015 1872 AliIde - ok
17:41:32.0031 1872 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:41:32.0171 1872 alim1541 - ok
17:41:32.0171 1872 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:41:32.0328 1872 amdagp - ok
17:41:32.0343 1872 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:41:32.0421 1872 amsint - ok
17:41:32.0453 1872 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:41:32.0609 1872 AppMgmt - ok
17:41:32.0625 1872 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:41:32.0765 1872 asc - ok
17:41:32.0781 1872 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:41:32.0843 1872 asc3350p - ok
17:41:32.0859 1872 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:41:32.0984 1872 asc3550 - ok
17:41:33.0000 1872 Aspi32 - ok
17:41:33.0109 1872 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:41:33.0125 1872 aspnet_state - ok
17:41:33.0156 1872 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:41:33.0296 1872 AsyncMac - ok
17:41:33.0312 1872 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:41:33.0437 1872 atapi - ok
17:41:33.0453 1872 Atdisk - ok
17:41:33.0500 1872 [ 2911A46A482F1BBE39F47BAC4CF6F609 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:41:33.0625 1872 Ati HotKey Poller - ok
17:41:33.0687 1872 [ 2B2CC2C47F5DE490F27D4292F0EDC034 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:41:33.0718 1872 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
17:41:33.0718 1872 ATI Smart - detected UnsignedFile.Multi.Generic (1)
17:41:33.0796 1872 [ E9375396F55B58C2042C7C9844D297E3 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:41:33.0921 1872 ati2mtag - ok
17:41:33.0953 1872 [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:41:33.0968 1872 atksgt ( UnsignedFile.Multi.Generic ) - warning
17:41:33.0968 1872 atksgt - detected UnsignedFile.Multi.Generic (1)
17:41:33.0984 1872 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:41:34.0125 1872 Atmarpc - ok
17:41:34.0156 1872 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:41:34.0312 1872 AudioSrv - ok
17:41:34.0390 1872 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:41:34.0515 1872 audstub - ok
17:41:34.0546 1872 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:41:34.0671 1872 Beep - ok
17:41:34.0718 1872 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:41:34.0937 1872 BITS - ok
17:41:34.0968 1872 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:41:35.0015 1872 Browser - ok
17:41:35.0062 1872 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:41:35.0203 1872 cbidf - ok
17:41:35.0203 1872 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:41:35.0343 1872 cbidf2k - ok
17:41:35.0375 1872 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:41:35.0500 1872 CCDECODE - ok
17:41:35.0531 1872 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:41:35.0593 1872 cd20xrnt - ok
17:41:35.0609 1872 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:41:35.0734 1872 Cdaudio - ok
17:41:35.0765 1872 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:41:35.0890 1872 Cdfs - ok
17:41:35.0906 1872 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:41:36.0031 1872 Cdrom - ok
17:41:36.0046 1872 Changer - ok
17:41:36.0078 1872 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:41:36.0203 1872 CiSvc - ok
17:41:36.0234 1872 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:41:36.0375 1872 ClipSrv - ok
17:41:36.0406 1872 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:41:36.0437 1872 clr_optimization_v2.0.50727_32 - ok
17:41:36.0484 1872 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:41:36.0515 1872 clr_optimization_v4.0.30319_32 - ok
17:41:36.0531 1872 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:41:36.0656 1872 CmdIde - ok
17:41:36.0703 1872 [ E88181D85616EA843A6E56D1D5758E0B ] cmudau32 C:\WINDOWS\system32\drivers\cmudaxu.sys
17:41:36.0796 1872 cmudau32 ( UnsignedFile.Multi.Generic ) - warning
17:41:36.0796 1872 cmudau32 - detected UnsignedFile.Multi.Generic (1)
17:41:36.0796 1872 COMSysApp - ok
17:41:36.0828 1872 [ 6BE1D6403727BDD8A2B2568DBE6BFB8B ] CO_Mon C:\WINDOWS\system32\Drivers\CO_Mon.sys
17:41:36.0843 1872 CO_Mon ( UnsignedFile.Multi.Generic ) - warning
17:41:36.0843 1872 CO_Mon - detected UnsignedFile.Multi.Generic (1)
17:41:36.0859 1872 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:41:36.0984 1872 Cpqarray - ok
17:41:37.0015 1872 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:41:37.0140 1872 CryptSvc - ok
17:41:37.0187 1872 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:41:37.0343 1872 dac2w2k - ok
17:41:37.0375 1872 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:41:37.0500 1872 dac960nt - ok
17:41:37.0546 1872 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:41:37.0609 1872 DcomLaunch - ok
17:41:37.0656 1872 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:41:37.0796 1872 Dhcp - ok
17:41:37.0812 1872 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:41:37.0937 1872 Disk - ok
17:41:37.0953 1872 dmadmin - ok
17:41:37.0984 1872 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:41:38.0140 1872 dmboot - ok
17:41:38.0171 1872 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:41:38.0312 1872 dmio - ok
17:41:38.0375 1872 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:41:38.0515 1872 dmload - ok
17:41:38.0531 1872 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:41:38.0656 1872 dmserver - ok
17:41:38.0703 1872 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:41:38.0828 1872 DMusic - ok
17:41:38.0843 1872 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:41:38.0906 1872 Dnscache - ok
17:41:38.0937 1872 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:41:39.0078 1872 Dot3svc - ok
17:41:39.0093 1872 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:41:39.0234 1872 dpti2o - ok
17:41:39.0250 1872 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:41:39.0390 1872 drmkaud - ok
17:41:39.0421 1872 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:41:39.0468 1872 E100B - ok
17:41:39.0500 1872 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:41:39.0625 1872 EapHost - ok
17:41:39.0656 1872 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:41:39.0781 1872 ERSvc - ok
17:41:39.0812 1872 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:41:39.0843 1872 Eventlog - ok
17:41:39.0875 1872 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:41:39.0937 1872 EventSystem - ok
17:41:39.0968 1872 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:41:40.0109 1872 Fastfat - ok
17:41:40.0140 1872 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:41:40.0187 1872 FastUserSwitchingCompatibility - ok
17:41:40.0203 1872 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:41:40.0343 1872 Fdc - ok
17:41:40.0359 1872 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:41:40.0500 1872 Fips - ok
17:41:40.0531 1872 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:41:40.0656 1872 Flpydisk - ok
17:41:40.0687 1872 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:41:40.0828 1872 FltMgr - ok
17:41:40.0875 1872 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:41:40.0875 1872 FontCache3.0.0.0 - ok
17:41:40.0890 1872 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:41:41.0031 1872 Fs_Rec - ok
17:41:41.0062 1872 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:41:41.0203 1872 Ftdisk - ok
17:41:41.0218 1872 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:41:41.0359 1872 Gpc - ok
17:41:41.0375 1872 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
17:41:41.0390 1872 grmnusb ( UnsignedFile.Multi.Generic ) - warning
17:41:41.0390 1872 grmnusb - detected UnsignedFile.Multi.Generic (1)
17:41:41.0421 1872 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:41:41.0437 1872 hamachi - ok
17:41:41.0484 1872 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:41:41.0609 1872 HDAudBus - ok
17:41:41.0656 1872 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:41:41.0781 1872 helpsvc - ok
17:41:41.0812 1872 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:41:41.0953 1872 HidServ - ok
17:41:41.0984 1872 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:41:42.0125 1872 HidUsb - ok
17:41:42.0156 1872 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:41:42.0281 1872 hkmsvc - ok
17:41:42.0296 1872 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:41:42.0421 1872 hpn - ok
17:41:42.0453 1872 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:41:42.0500 1872 HTTP - ok
17:41:42.0500 1872 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:41:42.0640 1872 HTTPFilter - ok
17:41:42.0640 1872 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:41:42.0765 1872 i2omgmt - ok
17:41:42.0796 1872 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:41:42.0937 1872 i2omp - ok
17:41:42.0953 1872 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:41:43.0093 1872 i8042prt - ok
17:41:43.0156 1872 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:41:43.0156 1872 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:41:43.0156 1872 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:41:43.0234 1872 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:41:43.0281 1872 idsvc - ok
17:41:43.0312 1872 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:41:43.0437 1872 Imapi - ok
17:41:43.0468 1872 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:41:43.0593 1872 ImapiService - ok
17:41:43.0609 1872 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:41:43.0765 1872 ini910u - ok
17:41:43.0781 1872 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:41:43.0906 1872 IntelIde - ok
17:41:43.0937 1872 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:41:44.0062 1872 intelppm - ok
17:41:44.0093 1872 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:41:44.0218 1872 Ip6Fw - ok
17:41:44.0250 1872 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:41:44.0390 1872 IpFilterDriver - ok
17:41:44.0421 1872 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:41:44.0546 1872 IpInIp - ok
17:41:44.0578 1872 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:41:44.0734 1872 IpNat - ok
17:41:44.0750 1872 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:41:44.0875 1872 IPSec - ok
17:41:44.0890 1872 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:41:45.0031 1872 IRENUM - ok
17:41:45.0078 1872 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:41:45.0203 1872 isapnp - ok
17:41:45.0218 1872 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:41:45.0343 1872 Kbdclass - ok
17:41:45.0375 1872 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:41:45.0500 1872 kbdhid - ok
17:41:45.0531 1872 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:41:45.0656 1872 kmixer - ok
17:41:45.0687 1872 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:41:45.0750 1872 KSecDD - ok
17:41:45.0781 1872 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:41:45.0843 1872 lanmanserver - ok
17:41:45.0859 1872 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:41:45.0906 1872 lanmanworkstation - ok
17:41:45.0906 1872 lbrtfdc - ok
17:41:45.0953 1872 [ 7107430352B2DF1DC00F556FA5F3EBA8 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
17:41:45.0984 1872 LexBceS ( UnsignedFile.Multi.Generic ) - warning
17:41:45.0984 1872 LexBceS - detected UnsignedFile.Multi.Generic (1)
17:41:46.0031 1872 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:41:46.0046 1872 lirsgt ( UnsignedFile.Multi.Generic ) - warning
17:41:46.0046 1872 lirsgt - detected UnsignedFile.Multi.Generic (1)
17:41:46.0078 1872 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:41:46.0218 1872 LmHosts - ok
17:41:46.0250 1872 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:41:46.0375 1872 Messenger - ok
17:41:46.0406 1872 [ 01B447C215E5D563245D30E3788789B7 ] MicroGuard C:\WINDOWS\system32\drivers\mgnt.sys
17:41:46.0406 1872 MicroGuard ( UnsignedFile.Multi.Generic ) - warning
17:41:46.0406 1872 MicroGuard - detected UnsignedFile.Multi.Generic (1)
17:41:46.0421 1872 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:41:46.0546 1872 mnmdd - ok
17:41:46.0578 1872 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:41:46.0703 1872 mnmsrvc - ok
17:41:46.0734 1872 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:41:46.0875 1872 Modem - ok
17:41:46.0875 1872 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:41:47.0015 1872 Mouclass - ok
17:41:47.0062 1872 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:41:47.0187 1872 mouhid - ok
17:41:47.0203 1872 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:41:47.0328 1872 MountMgr - ok
17:41:47.0375 1872 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:41:47.0406 1872 MpFilter - ok
17:41:47.0515 1872 MpKsla153a0e7 - ok
17:41:47.0531 1872 [ 50238C1C9E35E623E698B2CE7E9BA01C ] MR97310_VGA_DUAL_CAMERA C:\WINDOWS\system32\DRIVERS\mr97310v.sys
17:41:47.0546 1872 MR97310_VGA_DUAL_CAMERA ( UnsignedFile.Multi.Generic ) - warning
17:41:47.0562 1872 MR97310_VGA_DUAL_CAMERA - detected UnsignedFile.Multi.Generic (1)
17:41:47.0593 1872 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:41:47.0734 1872 mraid35x - ok
17:41:47.0750 1872 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:41:47.0906 1872 MRxDAV - ok
17:41:47.0953 1872 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:41:48.0078 1872 MRxSmb - ok
17:41:48.0109 1872 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:41:48.0250 1872 MSDTC - ok
17:41:48.0265 1872 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:41:48.0406 1872 Msfs - ok
17:41:48.0406 1872 MSIServer - ok
17:41:48.0437 1872 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:41:48.0562 1872 MSKSSRV - ok
17:41:48.0593 1872 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Programme\Microsoft Security Client\MsMpEng.exe
17:41:48.0609 1872 MsMpSvc - ok
17:41:48.0625 1872 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:41:48.0750 1872 MSPCLOCK - ok
17:41:48.0765 1872 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:41:48.0906 1872 MSPQM - ok
17:41:48.0921 1872 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:41:49.0046 1872 mssmbios - ok
17:41:49.0062 1872 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:41:49.0187 1872 MSTEE - ok
17:41:49.0218 1872 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:41:49.0265 1872 Mup - ok
17:41:49.0312 1872 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:41:49.0468 1872 NABTSFEC - ok
17:41:49.0515 1872 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:41:49.0656 1872 napagent - ok
17:41:49.0687 1872 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:41:49.0828 1872 NDIS - ok
17:41:49.0843 1872 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:41:49.0968 1872 NdisIP - ok
17:41:50.0000 1872 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:41:50.0046 1872 NdisTapi - ok
17:41:50.0078 1872 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:41:50.0203 1872 Ndisuio - ok
17:41:50.0203 1872 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:41:50.0328 1872 NdisWan - ok
17:41:50.0406 1872 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:41:50.0437 1872 NDProxy - ok
17:41:50.0468 1872 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:41:50.0593 1872 NetBIOS - ok
17:41:50.0609 1872 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:41:50.0734 1872 NetBT - ok
17:41:50.0765 1872 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:41:50.0906 1872 NetDDE - ok
17:41:50.0906 1872 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:41:51.0031 1872 NetDDEdsdm - ok
17:41:51.0078 1872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:41:51.0218 1872 Netlogon - ok
17:41:51.0234 1872 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:41:51.0375 1872 Netman - ok
17:41:51.0484 1872 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
17:41:51.0515 1872 NetSvc ( UnsignedFile.Multi.Generic ) - warning
17:41:51.0515 1872 NetSvc - detected UnsignedFile.Multi.Generic (1)
17:41:51.0531 1872 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:41:51.0562 1872 NetTcpPortSharing - ok
17:41:51.0593 1872 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:41:51.0640 1872 Nla - ok
17:41:51.0734 1872 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
17:41:51.0796 1872 NMIndexingService - ok
17:41:51.0828 1872 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:41:51.0953 1872 Npfs - ok
17:41:52.0000 1872 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:41:52.0140 1872 Ntfs - ok
17:41:52.0156 1872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:41:52.0281 1872 NtLmSsp - ok
17:41:52.0375 1872 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:41:52.0578 1872 NtmsSvc - ok
17:41:52.0593 1872 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:41:52.0718 1872 Null - ok
17:41:52.0781 1872 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:41:52.0953 1872 nv - ok
17:41:52.0968 1872 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:41:53.0093 1872 NwlnkFlt - ok
17:41:53.0109 1872 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:41:53.0234 1872 NwlnkFwd - ok
17:41:53.0296 1872 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:41:53.0343 1872 odserv - ok
17:41:53.0390 1872 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:41:53.0406 1872 ose - ok
17:41:53.0437 1872 [ 71CFFB1E06AA8978A7B4A346C191F8BA ] ovt530 C:\WINDOWS\system32\Drivers\ov530vid.sys
17:41:53.0453 1872 ovt530 ( UnsignedFile.Multi.Generic ) - warning
17:41:53.0453 1872 ovt530 - detected UnsignedFile.Multi.Generic (1)
17:41:53.0484 1872 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:41:53.0625 1872 Parport - ok
17:41:53.0640 1872 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:41:53.0781 1872 PartMgr - ok
17:41:53.0796 1872 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:41:53.0921 1872 ParVdm - ok
17:41:53.0937 1872 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:41:54.0062 1872 PCI - ok
17:41:54.0062 1872 PCIDump - ok
17:41:54.0093 1872 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:41:54.0218 1872 PCIIde - ok
17:41:54.0265 1872 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:41:54.0390 1872 Pcmcia - ok
17:41:54.0406 1872 PDCOMP - ok
17:41:54.0406 1872 PDFRAME - ok
17:41:54.0406 1872 PDRELI - ok
17:41:54.0421 1872 PDRFRAME - ok
17:41:54.0437 1872 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:41:54.0578 1872 perc2 - ok
17:41:54.0593 1872 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:41:54.0718 1872 perc2hib - ok
17:41:54.0750 1872 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:41:54.0765 1872 PlugPlay - ok
17:41:54.0781 1872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:41:54.0906 1872 PolicyAgent - ok
17:41:54.0937 1872 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:41:55.0078 1872 PptpMiniport - ok
17:41:55.0078 1872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:41:55.0203 1872 ProtectedStorage - ok
17:41:55.0218 1872 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:41:55.0343 1872 PSched - ok
17:41:55.0359 1872 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:41:55.0515 1872 Ptilink - ok
17:41:55.0546 1872 [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:41:55.0546 1872 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:41:55.0546 1872 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:41:55.0578 1872 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:41:55.0703 1872 ql1080 - ok
17:41:55.0718 1872 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:41:55.0843 1872 Ql10wnt - ok
17:41:55.0859 1872 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:41:55.0984 1872 ql12160 - ok
17:41:56.0000 1872 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:41:56.0140 1872 ql1240 - ok
17:41:56.0156 1872 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:41:56.0281 1872 ql1280 - ok
17:41:56.0296 1872 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:41:56.0421 1872 RasAcd - ok
17:41:56.0468 1872 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:41:56.0593 1872 RasAuto - ok
17:41:56.0593 1872 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:41:56.0734 1872 Rasl2tp - ok
17:41:56.0765 1872 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:41:56.0906 1872 RasMan - ok
17:41:56.0921 1872 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:41:57.0031 1872 RasPppoe - ok
17:41:57.0046 1872 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:41:57.0171 1872 Raspti - ok
17:41:57.0187 1872 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:41:57.0328 1872 Rdbss - ok
17:41:57.0359 1872 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:41:57.0500 1872 RDPCDD - ok
17:41:57.0531 1872 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:41:57.0687 1872 rdpdr - ok
17:41:57.0703 1872 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:41:57.0765 1872 RDPWD - ok
17:41:57.0796 1872 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:41:57.0921 1872 RDSessMgr - ok
17:41:57.0953 1872 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:41:58.0078 1872 redbook - ok
17:41:58.0109 1872 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:41:58.0234 1872 RemoteAccess - ok
17:41:58.0265 1872 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:41:58.0406 1872 RemoteRegistry - ok
17:41:58.0453 1872 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:41:58.0593 1872 RpcLocator - ok
17:41:58.0625 1872 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:41:58.0671 1872 RpcSs - ok
17:41:58.0703 1872 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:41:58.0843 1872 RSVP - ok
17:41:58.0875 1872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:41:59.0000 1872 SamSs - ok
17:41:59.0031 1872 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:41:59.0156 1872 SCardSvr - ok
17:41:59.0203 1872 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:41:59.0343 1872 Schedule - ok
17:41:59.0375 1872 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:41:59.0515 1872 Secdrv - ok
17:41:59.0546 1872 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:41:59.0671 1872 seclogon - ok
17:41:59.0703 1872 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:41:59.0828 1872 SENS - ok
17:41:59.0859 1872 [ 657C1205C6B6B475449E6454CF32B712 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
17:41:59.0859 1872 Ser2pl ( UnsignedFile.Multi.Generic ) - warning
17:41:59.0859 1872 Ser2pl - detected UnsignedFile.Multi.Generic (1)
17:41:59.0890 1872 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:42:00.0015 1872 serenum - ok
17:42:00.0031 1872 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:42:00.0156 1872 Serial - ok
17:42:00.0218 1872 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:42:00.0343 1872 Sfloppy - ok
17:42:00.0390 1872 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:42:00.0546 1872 SharedAccess - ok
17:42:00.0562 1872 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:42:00.0593 1872 ShellHWDetection - ok
17:42:00.0593 1872 Simbad - ok
17:42:00.0609 1872 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:42:00.0734 1872 sisagp - ok
17:42:00.0750 1872 siusbmod - ok
17:42:00.0765 1872 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:42:00.0890 1872 SLIP - ok
17:42:00.0921 1872 [ 708A1B41E7E850B2B1309073551CBD53 ] SNMP C:\WINDOWS\System32\snmp.exe
17:42:01.0062 1872 SNMP - ok
17:42:01.0078 1872 [ 0702E1D16B7003049918595057F3904F ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
17:42:01.0203 1872 SNMPTRAP - ok
17:42:01.0234 1872 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:42:01.0296 1872 Sparrow - ok
17:42:01.0312 1872 SPLITCAM - ok
17:42:01.0375 1872 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:42:01.0500 1872 splitter - ok
17:42:01.0546 1872 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:42:01.0593 1872 Spooler - ok
17:42:01.0625 1872 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:42:01.0750 1872 sr - ok
17:42:01.0781 1872 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:42:01.0906 1872 srservice - ok
17:42:01.0953 1872 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:42:02.0000 1872 Srv - ok
17:42:02.0031 1872 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:42:02.0171 1872 SSDPSRV - ok
17:42:02.0203 1872 [ 352B663A81402BE7CD7BD4EA27C9998C ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:42:02.0250 1872 STHDA - ok
17:42:02.0281 1872 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:42:02.0421 1872 stisvc - ok
17:42:02.0453 1872 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:42:02.0578 1872 streamip - ok
17:42:02.0609 1872 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:42:02.0734 1872 swenum - ok
17:42:02.0750 1872 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:42:02.0875 1872 swmidi - ok
17:42:02.0890 1872 SwPrv - ok
17:42:02.0906 1872 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:42:03.0015 1872 symc810 - ok
17:42:03.0046 1872 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:42:03.0171 1872 symc8xx - ok
17:42:03.0187 1872 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:42:03.0328 1872 sym_hi - ok
17:42:03.0343 1872 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:42:03.0468 1872 sym_u3 - ok
17:42:03.0484 1872 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:42:03.0625 1872 sysaudio - ok
17:42:03.0656 1872 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:42:03.0781 1872 SysmonLog - ok
17:42:03.0828 1872 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:42:03.0984 1872 TapiSrv - ok
17:42:04.0031 1872 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:42:04.0062 1872 Tcpip - ok
17:42:04.0093 1872 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
17:42:04.0125 1872 Tcpip6 - ok
17:42:04.0156 1872 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:42:04.0281 1872 TDPIPE - ok
17:42:04.0296 1872 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:42:04.0421 1872 TDTCP - ok
17:42:04.0437 1872 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:42:04.0578 1872 TermDD - ok
17:42:04.0609 1872 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:42:04.0765 1872 TermService - ok
17:42:04.0781 1872 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:42:04.0796 1872 Themes - ok
17:42:04.0828 1872 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:42:04.0953 1872 TlntSvr - ok
17:42:04.0968 1872 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:42:05.0093 1872 TosIde - ok
17:42:05.0125 1872 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:42:05.0265 1872 TrkWks - ok
17:42:05.0296 1872 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:42:05.0421 1872 tunmp - ok
17:42:05.0437 1872 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:42:05.0562 1872 Udfs - ok
17:42:05.0593 1872 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:42:05.0656 1872 ultra - ok
17:42:05.0687 1872 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:42:05.0859 1872 Update - ok
17:42:05.0906 1872 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:42:06.0031 1872 upnphost - ok
17:42:06.0062 1872 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:42:06.0187 1872 UPS - ok
17:42:06.0218 1872 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:42:06.0343 1872 usbaudio - ok
17:42:06.0359 1872 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:42:06.0515 1872 usbccgp - ok
17:42:06.0546 1872 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:42:06.0671 1872 usbehci - ok
17:42:06.0703 1872 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:42:06.0828 1872 usbhub - ok
17:42:06.0859 1872 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:42:06.0984 1872 usbprint - ok
17:42:07.0015 1872 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:42:07.0140 1872 usbscan - ok
17:42:07.0140 1872 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:42:07.0265 1872 USBSTOR - ok
17:42:07.0281 1872 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:42:07.0406 1872 usbuhci - ok
17:42:07.0421 1872 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:42:07.0546 1872 VgaSave - ok
17:42:07.0562 1872 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:42:07.0687 1872 viaagp - ok
17:42:07.0718 1872 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:42:07.0843 1872 ViaIde - ok
17:42:07.0875 1872 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:42:08.0015 1872 VolSnap - ok
17:42:08.0046 1872 [ 1C8A783E90C34D205596F1AB4A97E261 ] vsbus C:\WINDOWS\system32\DRIVERS\vsb.sys
17:42:08.0046 1872 vsbus ( UnsignedFile.Multi.Generic ) - warning
17:42:08.0046 1872 vsbus - detected UnsignedFile.Multi.Generic (1)
17:42:08.0078 1872 [ 3377DAA1CB8CAC46A538C236F5F3D58F ] vserial C:\WINDOWS\system32\DRIVERS\vserial.sys
17:42:08.0078 1872 vserial ( UnsignedFile.Multi.Generic ) - warning
17:42:08.0078 1872 vserial - detected UnsignedFile.Multi.Generic (1)
17:42:08.0109 1872 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:42:08.0265 1872 VSS - ok
17:42:08.0281 1872 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
17:42:08.0421 1872 w32time - ok
17:42:08.0453 1872 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:42:08.0578 1872 Wanarp - ok
17:42:08.0578 1872 WDICA - ok
17:42:08.0593 1872 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:42:08.0718 1872 wdmaud - ok
17:42:08.0750 1872 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:42:08.0875 1872 WebClient - ok
17:42:08.0937 1872 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:42:09.0046 1872 winmgmt - ok
17:42:09.0078 1872 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:42:09.0125 1872 WmdmPmSN - ok
17:42:09.0171 1872 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:42:09.0250 1872 Wmi - ok
17:42:09.0281 1872 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:42:09.0375 1872 WmiApSrv - ok
17:42:09.0437 1872 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:42:09.0515 1872 WMPNetworkSvc - ok
17:42:09.0531 1872 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:42:09.0546 1872 WpdUsb - ok
17:42:09.0640 1872 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:42:09.0687 1872 WPFFontCache_v0400 - ok
17:42:09.0718 1872 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:42:09.0843 1872 wscsvc - ok
17:42:09.0859 1872 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:42:09.0984 1872 WSTCODEC - ok
17:42:10.0015 1872 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:42:10.0156 1872 wuauserv - ok
17:42:10.0171 1872 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:42:10.0218 1872 WudfPf - ok
17:42:10.0234 1872 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:42:10.0265 1872 WudfRd - ok
17:42:10.0281 1872 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:42:10.0312 1872 WudfSvc - ok
17:42:10.0406 1872 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:42:10.0609 1872 WZCSVC - ok
17:42:10.0625 1872 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:42:10.0781 1872 xmlprov - ok
17:42:10.0796 1872 ================ Scan global ===============================
17:42:10.0812 1872 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:42:10.0859 1872 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:42:10.0890 1872 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:42:10.0906 1872 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:42:10.0906 1872 [Global] - ok
17:42:10.0906 1872 ================ Scan MBR ==================================
17:42:10.0921 1872 [ 7D467BC296DA93E3B8DBE9878A0961C3 ] \Device\Harddisk0\DR0
17:42:11.0062 1872 \Device\Harddisk0\DR0 - ok
17:42:11.0078 1872 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
17:42:11.0156 1872 \Device\Harddisk1\DR1 - ok
17:42:11.0156 1872 ================ Scan VBR ==================================
17:42:11.0156 1872 [ 5B2E060D5D686E2182ED1F066753BE6E ] \Device\Harddisk0\DR0\Partition1
17:42:11.0156 1872 \Device\Harddisk0\DR0\Partition1 - ok
17:42:11.0171 1872 [ 26FC1D085834C32F97B9A13366781FCF ] \Device\Harddisk0\DR0\Partition2
17:42:11.0171 1872 \Device\Harddisk0\DR0\Partition2 - ok
17:42:11.0171 1872 [ 0062BF7B2C0C4D184B52643933740DD3 ] \Device\Harddisk1\DR1\Partition1
17:42:11.0171 1872 \Device\Harddisk1\DR1\Partition1 - ok
17:42:11.0171 1872 ============================================================
17:42:11.0171 1872 Scan finished
17:42:11.0171 1872 ============================================================
17:42:11.0281 1848 Detected object count: 18
17:42:11.0281 1848 Actual detected object count: 18
17:45:30.0859 1848 actser ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 actser ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 cmudau32 ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 cmudau32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 CO_Mon ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 CO_Mon ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 LexBceS ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0859 1848 LexBceS ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0859 1848 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 MicroGuard ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 MicroGuard ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 MR97310_VGA_DUAL_CAMERA ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 MR97310_VGA_DUAL_CAMERA ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 ovt530 ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 ovt530 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 vsbus ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:30.0875 1848 vserial ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:30.0875 1848 vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.09.2012, 08:47
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes-Funde Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 18:45
| #14 |
| | Malwarebytes-Funde Guten Abend, hier das Combofix-Log: Code:
ATTFilter ComboFix 12-09-16.01 - TanteKaete 17.09.2012 19:36:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2465 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\TanteKaete\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\win32
c:\windows\win32\Autostart.bat
c:\windows\win32\WAIT.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-17 bis 2012-09-17 ))))))))))))))))))))))))))))))
.
.
2012-09-17 17:28 . 2012-09-17 17:28 29904 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{AC291DFE-441F-49EB-B87A-3630C1ADB1B3}\MpKsl5efebffc.sys
2012-09-16 15:47 . 2012-08-22 22:15 7022536 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{AC291DFE-441F-49EB-B87A-3630C1ADB1B3}\mpengine.dll
2012-09-15 12:56 . 2012-09-15 12:56 -------- d-----w- c:\programme\Defraggler
2012-09-15 11:55 . 2009-03-06 14:19 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2012-09-15 11:55 . 2009-02-09 11:21 111104 ------w- c:\windows\system32\dllcache\services.exe
2012-09-15 11:55 . 2009-02-09 10:51 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2012-09-15 11:55 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2012-09-15 11:55 . 2009-02-09 10:51 678400 ------w- c:\windows\system32\dllcache\advapi32.dll
2012-09-15 11:46 . 2012-09-15 11:46 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2012-09-15 11:46 . 2012-09-15 11:46 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-15 11:46 . 2012-09-15 11:46 -------- d-----w- c:\windows\system32\wbem\mof
2012-09-15 11:46 . 2012-09-15 11:56 -------- d-----w- c:\windows\system32\wbem\Performance
2012-09-15 11:46 . 2012-09-17 17:32 -------- d-----w- c:\windows\system32\wbem\Logs
2012-09-15 11:19 . 2012-08-22 22:15 7022536 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 11:15 . 2012-09-15 11:15 -------- d-----w- C:\_OTL
2012-09-14 17:25 . 2004-08-04 14:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-09-14 17:25 . 2004-08-04 14:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-09-14 17:25 . 2004-08-04 14:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-09-14 17:25 . 2004-08-04 14:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-09-14 17:25 . 2004-08-04 14:00 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-09-14 17:25 . 2004-08-04 14:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-09-14 17:25 . 2004-08-04 14:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-09-14 17:25 . 2004-08-04 14:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-09-14 17:17 . 2012-09-14 17:47 -------- d-----w- c:\programme\Microsoft Silverlight
2012-09-14 16:37 . 2012-09-14 16:37 -------- d-----w- c:\programme\Gemeinsame Dateien\Nero
2012-09-14 16:30 . 2012-09-14 16:30 -------- d-----w- c:\programme\ATI
2012-09-14 16:28 . 2012-09-14 16:28 -------- d-----w- C:\AMD
2012-09-14 16:23 . 2012-09-14 16:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 16:18 . 2012-09-14 16:18 -------- d-----w- c:\programme\FileHippo.com
2012-09-14 15:58 . 2012-09-14 16:01 -------- d-----w- c:\dokumente und einstellungen\Lars
2012-09-14 15:04 . 2011-03-11 14:10 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-09-14 14:42 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-09-13 15:08 . 2012-09-13 15:08 -------- d-----w- c:\programme\ESET
2012-09-05 14:12 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-05 13:18 . 2012-09-05 13:18 -------- d-----w- c:\programme\Microsoft Security Client
2012-09-05 13:01 . 2012-09-05 13:01 -------- d-----w- c:\programme\Microsoft
2012-09-05 12:59 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-09-05 12:14 . 2012-09-05 12:14 -------- d-----w- c:\windows\Internet Logs
2012-09-05 11:43 . 2012-09-05 11:43 -------- d-----w- c:\dokumente und einstellungen\TanteKaete\Eigene Dateien
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 16:23 . 2011-11-25 10:14 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-07-28 12:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 13:59 . 2004-08-13 12:40 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-13 12:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-13 12:40 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-13 12:40 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-13 12:40 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-13 12:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-13 12:40 385024 ------w- c:\windows\system32\html.iec
2012-09-14 16:21 . 2012-09-14 16:20 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoLogoff"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UxTuneUp"=2 (0x2)
"TapiSrv"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 MpKsl5efebffc;MpKsl5efebffc;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{AC291DFE-441F-49EB-B87A-3630C1ADB1B3}\MpKsl5efebffc.sys [17.09.2012 19:28 29904]
R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [05.10.2006 22:09 40288]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14.09.2012 18:23 250568]
S3 cmudau32;Headset Master 5.1 USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [28.03.2008 11:54 1422656]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;c:\windows\system32\drivers\MR97310v.sys [19.08.2006 21:37 116110]
S3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [25.10.2006 22:43 161792]
S3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys --> c:\windows\system32\DRIVERS\siusbmod.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL5EFEBFFC
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 16:23]
.
2006-01-03 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-13 02:22]
.
2012-09-17 c:\windows\Tasks\MpIdleTask.job
- c:\programme\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.die-staemme.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
FF - ProfilePath - c:\dokumente und einstellungen\TanteKaete\Anwendungsdaten\Mozilla\Firefox\Profiles\rr1dpeva.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Age of Empires 2.0 - e:\spiele\Age Of Empire\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - e:\spiele\Age Of Empire\UNINSTALX.EXE
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-17 19:40
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI03.00.00.01PRO"="D75DDEBEF0371A271F5ECFB3D5F5F0D0D4E0A3DCCFE91BB77F1388F8D88D717B36BFF3352AEB2784523E3B7D52667F526583EADB1605D6EB0D3DFCE626DA7CCE0B78DA3CA6765C76305C2596816472F89D7960E3094519A2CE9E5AFA6EEA1EB9F5C67154870F2DB9A61324DD629384AD5853EDD5A5D5031AAAA1FCB7CB91FC6E8A902E4025D2658D965EDF792878C66462C613D51C458A13FCD6D8E28C07139C525C180708C225B455DF964F3B7B9B90FDAD604D52067653136E7686B064ADFB48D5CA73EE41DC77ABDC188C366BBB2B6106FDE960FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B5556345ED617E41E537A7F780A440DC5E14CBC718209940E4E3C7D439FA656D4B375D6EBB0066B0CA761F025A541A47228480ED5D890DCA49AEF991CF784475297B38B9C6EE3EAEEEB4E1D9B8A5F76B6951E892DE16086676ABEE0A3391CC1603FEB194702FA10317C395AFAC07ADE9F84D34C900403CA554C67C56B5EC27F5816CE9BA1A36D20ECC2B4487CCDAB772D8FC72FC25F67B2F0C22DDE5AF279ED18EA2E3C02D6DB53ED927D9B8AEF6314DD6979BE7B81EBC3F0C92B37AFACE24F95AB48A8D1532D31AD0A728EDF1A45E54848A8A1CA88A9925852301A975E9C95357E8285BC05359BA03CFE528B523A3F4B6757BFEE50B5344EF90AC5C036F4954BCB86E38241817CD0C76AA3B1EA30C33862E9348655ACB9305CC82D109CCFD0B07D3F088B7380393C5A8754FD44CC423D13CD604A2AE891EC27CB19AF3DF6717F21C2802F56236E1CFA4265F86B69F70395CB11599ADB703EB79CD1D30FDA82D06A7F12F5EB4EBA3105E83BAE2F11259217F71AE4DF2257605514F13326F8B9585C28CEF75C706D22E7D3606207FB72F33C8475AC20C463F5A460F89EF6E7B2CFD6A1D7543A18983165C4C39F4D54DD9DC934C7403FD2FB879CCCD6464AD87E03DD22CC852419ED9F70D369F9F5EB452CFE9F92E9C3F1CD1338E30D60E4FE438D75F27423396148EC7D0C859E07775277F0DAD8C21B96D0F9E6ABBEB6EEB694BA3AD5C12F88658EFBD203F59FBF136FA2771AAE6A5CE238516705D818E8F92C53D8B823BBB6B82DED626B769B916470442C017EBC4CEE6623866624976B97FE703F9B0149511C9515243B0A2E89C998B13D4FC1B1B81016366C68048B65FF5851831E246A8B80CCFB30911765733C4F19EC1CBC94B23E2DDC5BD4ED9E068DA07E39A7A5217984AF644C02227DAFC00A72DC8D51F79E21EB643ADC52A8CAFBBE99056BB0A88D7A7F990E6114F4D0F2B33CB64CF1B5161E86B8A2CC8BB5407C9BD8E354E15A9146F1CE7A8F0588AF347AFCCC0558B7F3820890E8299E4D5"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-09-17 19:43:07
ComboFix-quarantined-files.txt 2012-09-17 17:43
.
Vor Suchlauf: 11 Verzeichnis(se), 15.018.995.712 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 15.156.355.072 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AB9653304C0692A9ED9B7B4E5D3CDB2C
|
|
18.09.2012, 13:53
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes-Funde Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malwarebytes-Funde |
| administrator, adobe, adobe flash player, bho, defender, download, error, excel, explorer, fehler, fehlermeldung, firefox, flash player, format, logfile, mozilla, neustart, office 2007, problem, problembehandlung, pum.hijack.homepagecontrol, registry, richtlinie, rogue.antivirus2008, rundll, safer networking, schutz, security, software, udp, windows internet, windows-firewall |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
