|
Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.10.2012, 15:24 | #31 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Schade...das war's leider auch nicht... Bin nun bei 20 min. Bootzeit. Gibt es eigentlich einen Bootscanner, der aufzeichnet, was da geschieht? Wäre es sinnvoll, mal die Festplatte zu prüfen? Das letzte mal, als alles richtig flott lief, war direkt nach dem Combofix. Viele Grüße Tim |
05.10.2012, 17:11 | #32 |
/// the machine /// TB-Ausbilder | EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Lösch mal bitte Combofix falls noch vorhanden und lad ne neue Version lass laufen und poste das Logfile
__________________
__________________ |
05.10.2012, 19:12 | #33 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Hallo schrauber,
__________________hier das aktuelle Combofix-Logfile: [Code] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - USERNAME 05.10.2012 19:48:11.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2038.939 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\USERNAME\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-05 bis 2012-10-05 )))))))))))))))))))))))))))))) . . 2012-10-04 20:16 . 2008-04-14 01:22 116736 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2012-10-04 20:16 . 2001-08-18 02:54 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2012-10-04 20:16 . 2008-04-14 01:22 19456 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2012-10-04 20:16 . 2001-08-18 02:55 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2012-10-04 20:16 . 2001-08-18 02:55 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2012-10-04 20:16 . 2001-08-18 02:55 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2012-10-04 20:16 . 2001-08-17 10:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2012-10-04 20:16 . 2004-08-03 20:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys 2012-10-04 20:16 . 2004-08-03 20:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys 2012-10-04 20:14 . 2004-08-03 20:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys 2012-10-04 20:14 . 2001-08-18 02:24 35402 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys 2012-10-04 20:14 . 2001-08-17 11:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys 2012-10-04 20:14 . 2001-08-18 02:54 54272 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll 2012-10-04 20:14 . 2001-08-18 02:54 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2012-10-04 20:14 . 2001-08-17 11:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys 2012-10-04 20:14 . 2004-08-03 20:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys 2012-10-04 20:14 . 2008-04-14 00:52 32000 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys 2012-10-04 20:14 . 2001-08-17 10:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys 2012-10-04 20:12 . 2001-08-17 11:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys 2012-10-04 20:12 . 2001-08-17 11:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys 2012-10-04 20:12 . 2001-08-17 11:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys 2012-10-04 20:12 . 2001-08-17 11:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys 2012-10-04 20:12 . 2001-08-17 11:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys 2012-10-04 20:12 . 2001-08-17 11:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys 2012-10-04 20:12 . 2001-08-17 11:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys 2012-10-04 20:12 . 2001-08-17 11:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys 2012-10-04 20:12 . 2008-04-13 17:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys 2012-10-04 20:12 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys 2012-10-04 20:12 . 2004-08-03 22:43 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys 2012-10-04 20:12 . 2001-08-18 02:54 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll 2012-10-04 20:12 . 2001-08-18 02:54 28672 ----a-w- c:\windows\system32\dllcache\umaxu40.dll 2012-10-04 20:10 . 2001-08-18 02:52 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll 2012-10-04 20:10 . 2001-08-17 10:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys 2012-10-04 20:10 . 2001-08-18 02:52 43520 ----a-w- c:\windows\system32\dllcache\tp4res.dll 2012-10-04 20:10 . 2008-04-14 01:23 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe 2012-10-04 20:10 . 2001-08-18 02:54 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll 2012-10-04 20:10 . 2001-08-17 12:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys 2012-10-04 20:10 . 2001-08-17 12:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys 2012-10-04 20:10 . 2001-08-17 10:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys 2012-10-04 20:10 . 2001-08-17 10:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys 2012-10-04 20:10 . 2001-08-17 10:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys 2012-10-04 20:10 . 2001-08-18 02:52 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll 2012-10-04 20:10 . 2008-04-13 17:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys 2012-10-04 20:09 . 2001-08-17 10:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys 2012-10-04 20:09 . 2001-08-17 10:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys 2012-10-04 20:09 . 2001-08-17 11:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys 2012-10-04 20:09 . 2001-08-17 11:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys 2012-10-04 20:09 . 2001-08-17 10:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys 2012-10-04 20:09 . 2001-08-18 02:52 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll 2012-10-04 20:09 . 2001-08-18 02:54 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll 2012-10-04 20:09 . 2001-08-17 11:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys 2012-10-04 20:09 . 2001-08-17 12:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys 2012-10-04 20:09 . 2001-08-18 02:54 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll 2012-10-04 20:09 . 2001-08-18 02:54 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll 2012-10-04 20:09 . 2001-08-18 02:54 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll 2012-10-04 20:08 . 2001-08-18 02:54 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll 2012-10-04 20:08 . 2001-08-18 02:54 159744 ----a-w- c:\windows\system32\dllcache\stlnprop.dll 2012-10-04 20:08 . 2001-08-18 02:54 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll 2012-10-04 20:08 . 2001-08-18 02:18 287232 ----a-w- c:\windows\system32\dllcache\stlnata.sys 2012-10-04 20:08 . 2001-08-18 02:18 17152 ----a-w- c:\windows\system32\dllcache\stcusb.sys 2012-10-04 20:08 . 2001-08-17 10:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys 2012-10-04 20:08 . 2001-08-18 02:54 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll 2012-10-04 20:08 . 2001-08-18 02:54 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll 2012-10-04 20:08 . 2001-08-17 11:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys 2012-10-04 20:08 . 2001-08-18 02:54 110680 ----a-w- c:\windows\system32\dllcache\spdports.dll 2012-10-04 20:07 . 2001-08-17 10:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys 2012-10-04 20:07 . 2001-08-18 02:54 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll 2012-10-04 20:07 . 2001-08-17 10:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys 2012-10-04 20:07 . 2001-08-17 11:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys 2012-10-04 20:07 . 2008-04-13 17:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys 2012-10-04 20:07 . 2001-08-17 11:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys 2012-10-04 20:07 . 2001-08-17 10:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys 2012-10-04 20:07 . 2001-08-18 02:52 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll 2012-10-04 20:07 . 2001-08-17 10:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys 2012-10-04 20:07 . 2001-08-18 02:35 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys 2012-10-04 20:05 . 2001-08-17 10:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys 2012-10-04 20:05 . 2001-08-18 02:52 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll 2012-10-04 20:05 . 2001-08-17 10:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys 2012-10-04 20:05 . 2001-08-18 02:35 161888 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys 2012-10-04 20:05 . 2001-07-21 12:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys 2012-10-04 20:05 . 2001-08-17 10:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2012-10-04 20:05 . 2001-08-18 02:52 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll 2012-10-04 20:05 . 2001-08-17 10:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys 2012-10-04 20:03 . 2001-08-18 02:52 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll 2012-10-04 20:02 . 2001-08-17 10:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys 2012-10-04 20:02 . 2008-04-14 00:53 79360 ----a-w- c:\windows\system32\dllcache\rocket.sys 2012-10-04 20:02 . 2001-08-17 10:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys 2012-10-04 20:02 . 2001-08-18 02:54 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll 2012-10-04 20:02 . 2001-08-18 02:33 715242 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2012-10-04 20:02 . 2001-08-18 02:33 899658 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys 2012-10-04 20:02 . 2001-08-18 02:54 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll 2012-10-04 20:02 . 2001-08-17 11:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys 2012-10-04 20:00 . 2001-08-18 02:54 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll 2012-10-04 19:59 . 2004-08-03 20:31 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys 2012-10-04 19:58 . 2001-08-17 10:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys 2012-10-04 19:58 . 2001-08-18 02:52 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll 2012-10-04 19:58 . 2001-08-17 10:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys 2012-10-04 19:58 . 2001-08-18 02:27 9472 ----a-w- c:\windows\system32\dllcache\ntapm.sys 2012-10-04 19:58 . 2001-08-17 11:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys 2012-10-04 19:58 . 2001-08-17 10:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys 2012-10-04 19:58 . 2001-08-17 10:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys 2012-10-04 19:57 . 2001-08-17 10:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys 2012-10-04 19:57 . 2004-08-03 22:49 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys 2012-10-04 19:57 . 2001-08-18 02:26 65406 ----a-w- c:\windows\system32\dllcache\netflx3.sys 2012-10-04 19:57 . 2001-08-17 10:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys 2012-10-04 19:57 . 2001-08-18 02:52 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll 2012-10-04 19:57 . 2001-08-17 11:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys 2012-10-04 19:57 . 2001-08-18 02:52 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll 2012-10-04 19:57 . 2001-08-17 10:50 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys 2012-10-04 19:57 . 2001-08-17 10:50 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys 2012-10-04 19:57 . 2001-08-18 02:52 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll 2012-10-04 19:57 . 2001-08-17 10:50 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys 2012-10-04 19:57 . 2001-08-18 02:52 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll 2012-10-04 19:56 . 2001-08-18 02:25 130048 ----a-w- c:\windows\system32\dllcache\n100325.sys 2012-10-04 19:56 . 2001-08-18 02:25 53279 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys 2012-10-04 19:56 . 2001-08-18 02:25 76288 ----a-w- c:\windows\system32\dllcache\mxport.sys 2012-10-04 19:56 . 2001-08-18 02:54 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll 2012-10-04 19:56 . 2001-08-17 11:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys 2012-10-04 19:56 . 2001-08-18 02:54 20480 ----a-w- c:\windows\system32\dllcache\mxicfg.dll 2012-10-04 19:56 . 2001-08-18 02:25 22144 ----a-w- c:\windows\system32\dllcache\mxcard.sys 2012-10-04 19:56 . 2001-08-17 10:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys 2012-10-04 19:56 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys 2012-10-04 19:56 . 2001-08-17 11:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys 2012-10-04 19:55 . 2001-08-17 12:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys 2012-10-04 19:55 . 2001-08-17 12:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-31 14:54 . 2012-08-31 14:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-31 14:54 . 2012-06-16 04:47 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-31 14:54 . 2012-06-16 04:47 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-31 14:54 . 2010-05-13 08:58 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:05 . 2007-12-07 01:06 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:05 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:05 . 2004-08-04 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-22 19:53 . 2012-03-29 12:35 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 19:53 . 2011-05-30 13:42 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-08 07:11 . 2011-10-07 12:37 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-11-21 17:34 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-11-21 17:34 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe [7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136] "SynTPStart"="c:\programme\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848] "StarteLock"="c:\acer\Empowering Technology\eLock\Service\startelock.exe" [2008-04-30 24576] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-17 614400] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608] "preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-06-17 128608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104] "IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2008-01-07 343552] "CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584] "AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-11-21 24064] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ WinColor.exe.lnk - c:\programme\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe [2005-10-31 371456] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Scrabblev2_0\\Scrabble v2.0.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\FRITZ!\\FriFax32.exe"= "c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"= "c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"= "c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"= "c:\\Dokumente und Einstellungen\\USERNAME\\Lokale Einstellungen\\Apps\\2.0\\GLXC4G2V.YVY\\67Q04YGR.6LT\\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\\fritzbox-usb-fernanschluss.exe"= "c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Programme\\Synology\\Assistant\\DSAssistant.exe"= "c:\\Programme\\Synology Data Replicator 3\\Backup.exe"= "c:\\Programme\\devolo\\dlan\\devolonetsvc.exe"= "c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= . R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [11.03.2010 10:36 13184] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [16.01.2010 18:01 40560] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03.10.2012 21:31 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.10.2012 21:31 355632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03.10.2012 21:31 21256] R2 DevoloNetworkService;devolo Network Service;c:\programme\devolo\dlan\devolonetsvc.exe [19.07.2010 20:57 3304768] R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [28.07.2009 17:07 73528] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [10.06.2010 14:32 35840] R2 UsbClientService;UsbClientService;c:\programme\Synology\Assistant\UsbClientService.exe [18.02.2011 08:18 245760] R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [18.02.2011 08:20 46304] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [29.01.2012 22:52 72832] R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01.09.2010 15:33 80000] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [23.01.2010 14:51 135664] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\programme\Cobian Backup 10\cbVSCService.exe [16.01.2012 16:17 67584] S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [23.01.2010 14:51 135664] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.07.2009 09:23 7680] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [25.04.2012 08:00 114144] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?] S3 SDTHelper;Helper driver for SDT-Tool;\??\f:\radix_installer1009\sdthlpr.sys --> f:\radix_installer1009\sdthlpr.sys [?] S3 SynoDrService;SynoDrService;c:\programme\Synology Data Replicator 3\SynoDrService.exe [17.10.2011 21:50 245760] S3 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [19.04.2011 17:12 9216] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [15.07.2009 09:24 114688] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [15.07.2009 09:24 105856] . Inhalt des "geplante Tasks" Ordners . 2012-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-10-05 c:\windows\Tasks\avast! Emergency Update.job - c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-03 09:12] . 2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-01-23 12:51] . 2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-01-23 12:51] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html LSP: c:\programme\FRITZ!DSL\\sarah.dll FF - ProfilePath - c:\dokumente und einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-10-05 20:01 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "7040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "7040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(1032) c:\programme\FRITZ!DSL\sarah.dll c:\programme\FRITZ!DSL\block.dll . - - - - - - - > 'explorer.exe'(2960) c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\MFC71U.DLL c:\windows\system32\msi.dll c:\acer\Empowering Technology\ePower\SysHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Zeit der Fertigstellung: 2012-10-05 20:07:47 ComboFix-quarantined-files.txt 2012-10-05 18:07 . Vor Suchlauf: 21 Verzeichnis(se), 11.087.486.976 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 11.072.557.056 Bytes frei . - - End Of File - - 1F9CE7C994AAD1E7EF20BD67F3EF1614 |
06.10.2012, 09:16 | #34 |
/// the machine /// TB-Ausbilder | EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Läuft er jetzt wieder besser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.10.2012, 10:51 | #35 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Leider nicht... Der Bootvorgang dauert noch immer ewig - habe soeben nebenher zwei riesige Fenster putzen können... Wenn der Bootprozess beendet ist, läuft er schon anständig, aber bis es soweit ist... Hast Du noch eine Idee? |
07.10.2012, 09:33 | #36 |
/// the machine /// TB-Ausbilder | EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Irgendwas am/im Rechner? CD, USB Stick? Poste mal bitte ein frisches OTL logfile.
__________________ --> EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 |
07.10.2012, 18:24 | #37 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 USB Stick/CD-ROM glaub ich eher nicht. Frisches OTL Log (Extras.log viele Fehler) Code:
ATTFilter OTL logfile created on: 07.10.2012 18:22:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\USERNAME\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 65,00% Memory free 3,84 Gb Paging File | 3,18 Gb Available in Paging File | 82,79% Paging File free Paging file location(s): C:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 69,65 Gb Total Space | 9,84 Gb Free Space | 14,14% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 9,40 Gb Free Space | 13,51% Space Free | Partition Type: NTFS Computer Name: USERNAME_PC | User Name: USERNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.07 18:20:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USERNAME\Desktop\OTL.exe PRC - [2012.10.06 11:26:52 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\USERNAME\Lokale Einstellungen\temp\RtkBtMnt.exe PRC - [2012.09.08 09:11:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.08.31 16:54:37 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe PRC - [2010.12.23 12:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Programme\devolo\dlan\devolonetsvc.exe PRC - [2009.09.17 12:52:35 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.07 17:39:06 | 000,343,552 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007.10.17 19:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2007.07.04 12:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007.06.17 13:27:58 | 000,128,608 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE PRC - [2007.06.14 20:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.03.02 12:25:08 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe PRC - [2007.03.01 19:21:52 | 000,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.01.17 12:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe ========== Modules (No Company Name) ========== MOD - [2012.10.07 14:27:20 | 001,815,040 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12100701\algo.dll MOD - [2012.10.06 20:18:30 | 001,815,040 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12100601\algo.dll MOD - [2012.09.08 09:11:24 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.15 00:32:46 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_adef2e1e\system.drawing.dll MOD - [2012.06.15 00:32:36 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_392d579f\system.windows.forms.dll MOD - [2012.06.15 00:32:13 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012.01.08 12:27:42 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8a1d6637\mscorlib.dll MOD - [2012.01.08 12:27:17 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e0117812\system.dll MOD - [2012.01.08 12:27:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.01.08 12:27:04 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe MOD - [2009.09.17 12:52:35 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2008.06.05 08:58:57 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp3ml3.dll MOD - [2008.03.22 21:38:00 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2008.03.22 21:38:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll MOD - [2007.07.04 12:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe MOD - [2006.01.12 21:20:48 | 001,265,664 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\adistres.DEU MOD - [2006.01.12 21:20:26 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.DEU MOD - [2006.01.12 21:13:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.FRA MOD - [2005.10.20 18:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll MOD - [2005.10.11 14:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.09.08 09:11:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.31 16:54:37 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.10.17 21:50:58 | 000,245,760 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Synology Data Replicator 3\SynoDrService.exe -- (SynoDrService) SRV - [2011.04.19 17:12:22 | 000,009,216 | ---- | M] (Vodafone) [On_Demand | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService) SRV - [2010.12.23 12:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.09.23 10:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [On_Demand | Stopped] -- C:\Programme\Cobian Backup 10\cbVSCService.exe -- (cbVSCService) SRV - [2009.12.04 15:53:42 | 000,065,248 | ---- | M] (Greatis Software (c)) [Auto | Stopped] -- C:\Programme\BootLog XP\BootLogService.exe -- (BootlogService) SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.09.28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.06.14 20:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.03.01 19:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.01.17 12:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\radix_installer1009\sdthlpr.sys -- (SDTHelper) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCMPR5.SYS -- (PLCMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.01.29 23:55:13 | 000,013,816 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\WINDOWS\system32\unikey.sys -- (phunter) DRV - [2012.01.15 23:08:08 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011.10.07 17:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2011.04.18 16:43:36 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2011.04.18 16:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2011.04.18 16:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.04.18 16:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.04.18 16:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.04.18 16:43:26 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011.02.18 08:20:08 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\busenum.sys -- (busenum) DRV - [2010.09.01 15:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.06.10 13:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2010.03.11 10:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 10:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009.11.10 10:15:52 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2009.11.10 10:15:52 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2009.11.10 10:15:50 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.04.09 13:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.03.25 17:24:22 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008.03.25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2008.03.19 12:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008.01.22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2007.12.10 18:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.12.10 18:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport) DRV - [2007.12.10 18:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15) DRV - [2007.11.29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.10.18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.10.02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.09.21 06:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007.05.30 21:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.05.02 04:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007.02.16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.12.22 20:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 20:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006.12.22 20:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006.02.20 03:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2005.01.07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2002.04.02 16:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2) DRV - [2000.07.24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {6F2894D0-8492-4C4F-BC43-709280CB71E9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{247AA57F-6A40-4B87-86FF-41F14B1DE46E}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6F2894D0-8492-4C4F-BC43-709280CB71E9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: spam@trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2012.01.29 22:49:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.10.03 21:29:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.08 09:11:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.16 06:47:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.05.19 21:50:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.01.09 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Extensions [2010.01.09 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.03 21:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\extensions [2012.08.05 09:30:19 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\extensions\spam@trashmail.net.xpi [2012.09.24 17:40:31 | 000,506,361 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012.09.28 18:12:25 | 000,529,316 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.10.03 21:35:32 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.15 22:34:05 | 000,823,486 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi [2011.05.03 14:43:50 | 000,091,556 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Mozilla\Firefox\Profiles\ecjcefr4.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2012.06.16 06:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.16 06:47:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.03 21:29:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.09.08 09:11:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.01.23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.09.08 09:11:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 09:11:18 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.08 09:11:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.08 09:11:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.08 09:11:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.08 09:11:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.02 20:02:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StarteLock] C:\Acer\Empowering Technology\eLock\Service\startelock.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinColor.exe.lnk = C:\Programme\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColor.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344194921015 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll (EzTools Software) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\ACERTX.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\ACERTX.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.07 18:20:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USERNAME\Desktop\OTL.exe [2012.10.07 18:11:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USERNAME\Startmenü\Programme\CyberLink PowerDVD [2012.10.07 09:36:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BootLog XP [2012.10.07 09:36:53 | 000,000,000 | ---D | C] -- C:\Programme\BootLog XP [2012.10.07 09:36:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.10.05 19:44:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.10.05 19:44:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.10.05 19:44:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.10.05 19:44:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.10.05 19:44:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.05 19:42:29 | 004,762,471 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\USERNAME\Desktop\ComboFix.exe [2012.10.04 22:16:44 | 000,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll [2012.10.04 22:16:40 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll [2012.10.04 22:16:22 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe [2012.10.04 22:16:17 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys [2012.10.04 22:14:48 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys [2012.10.04 22:14:44 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys [2012.10.04 22:14:28 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys [2012.10.04 22:14:01 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys [2012.10.04 22:13:42 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys [2012.10.04 22:13:38 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys [2012.10.04 22:13:34 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys [2012.10.04 22:13:26 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys [2012.10.04 22:13:20 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys [2012.10.04 22:13:15 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys [2012.10.04 22:13:11 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys [2012.10.04 22:12:52 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys [2012.10.04 22:12:34 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys [2012.10.04 22:12:30 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys [2012.10.04 22:12:26 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys [2012.10.04 22:12:16 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys [2012.10.04 22:11:51 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll [2012.10.04 22:11:36 | 000,212,480 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll [2012.10.04 22:11:32 | 000,216,576 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll [2012.10.04 22:11:17 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys [2012.10.04 22:11:13 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll [2012.10.04 22:11:09 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys [2012.10.04 22:11:06 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll [2012.10.04 22:11:02 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys [2012.10.04 22:10:58 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll [2012.10.04 22:10:17 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys [2012.10.04 22:10:10 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys [2012.10.04 22:10:04 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll [2012.10.04 22:10:03 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys [2012.10.04 22:09:57 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys [2012.10.04 22:09:52 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys [2012.10.04 22:09:33 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys [2012.10.04 22:09:29 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll [2012.10.04 22:08:52 | 000,159,744 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll [2012.10.04 22:08:48 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll [2012.10.04 22:08:45 | 000,287,232 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys [2012.10.04 22:08:39 | 000,017,152 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys [2012.10.04 22:08:30 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys [2012.10.04 22:07:19 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys [2012.10.04 22:07:12 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll [2012.10.04 22:07:07 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys [2012.10.04 22:07:02 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys [2012.10.04 22:06:58 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys [2012.10.04 22:06:27 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys [2012.10.04 22:06:23 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys [2012.10.04 22:06:20 | 000,095,178 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys [2012.10.04 22:06:12 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys [2012.10.04 22:05:17 | 000,161,888 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys [2012.10.04 22:05:14 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys [2012.10.04 22:05:10 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys [2012.10.04 22:05:07 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll [2012.10.04 22:04:35 | 000,017,792 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys [2012.10.04 22:04:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys [2012.10.04 22:04:23 | 000,024,192 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys [2012.10.04 22:04:03 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys [2012.10.04 22:03:59 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll [2012.10.04 22:03:56 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys [2012.10.04 22:03:53 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll [2012.10.04 22:03:50 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll [2012.10.04 22:03:47 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll [2012.10.04 22:03:43 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys [2012.10.04 22:03:40 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll [2012.10.04 22:03:37 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys [2012.10.04 22:03:29 | 000,083,968 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll [2012.10.04 22:03:25 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll [2012.10.04 22:03:23 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll [2012.10.04 22:03:22 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll [2012.10.04 22:03:04 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll [2012.10.04 22:02:51 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys [2012.10.04 22:02:46 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys [2012.10.04 22:02:21 | 000,715,242 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys [2012.10.04 22:02:18 | 000,899,658 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys [2012.10.04 22:01:42 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys [2012.10.04 22:01:38 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys [2012.10.04 22:01:35 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys [2012.10.04 22:01:20 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys [2012.10.04 22:00:17 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe [2012.10.04 22:00:04 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys [2012.10.04 21:59:58 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys [2012.10.04 21:59:55 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys [2012.10.04 21:59:13 | 000,054,730 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys [2012.10.04 21:59:06 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys [2012.10.04 21:59:02 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys [2012.10.04 21:58:21 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys [2012.10.04 21:58:04 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys [2012.10.04 21:58:00 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys [2012.10.04 21:57:46 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys [2012.10.04 21:57:30 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys [2012.10.04 21:57:27 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll [2012.10.04 21:57:17 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll [2012.10.04 21:57:14 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys [2012.10.04 21:57:10 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys [2012.10.04 21:57:07 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll [2012.10.04 21:57:04 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys [2012.10.04 21:57:01 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll [2012.10.04 21:56:51 | 000,076,288 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys [2012.10.04 21:56:48 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll [2012.10.04 21:56:45 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys [2012.10.04 21:56:42 | 000,020,480 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll [2012.10.04 21:56:39 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys [2012.10.04 21:54:00 | 000,164,970 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys [2012.10.04 21:53:33 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys [2012.10.04 21:53:30 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys [2012.10.04 21:53:29 | 000,422,016 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys [2012.10.04 21:53:26 | 000,577,226 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys [2012.10.04 21:53:25 | 000,607,196 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys [2012.10.04 21:53:22 | 000,728,298 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys [2012.10.04 21:53:11 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys [2012.10.04 21:53:08 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys [2012.10.04 21:53:05 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys [2012.10.04 21:53:02 | 000,016,256 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys [2012.10.04 21:52:57 | 000,026,506 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys [2012.10.04 21:52:54 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys [2012.10.04 21:52:22 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys [2012.10.04 21:51:26 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll [2012.10.04 21:48:58 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll [2012.10.04 21:48:48 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll [2012.10.04 21:48:16 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys [2012.10.04 21:48:14 | 000,082,560 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys [2012.10.04 21:48:11 | 000,017,792 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys [2012.10.04 21:47:47 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys [2012.10.04 21:47:36 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys [2012.10.04 21:47:34 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys [2012.10.04 21:47:27 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys [2012.10.04 21:47:25 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys [2012.10.04 21:47:22 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys [2012.10.04 21:47:20 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys [2012.10.04 21:47:03 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys [2012.10.04 21:46:59 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys [2012.10.04 21:46:57 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys [2012.10.04 21:45:01 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys [2012.10.04 21:44:53 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys [2012.10.04 21:44:38 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys [2012.10.04 21:44:36 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys [2012.10.04 21:44:34 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys [2012.10.04 21:44:29 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe [2012.10.04 21:44:27 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll [2012.10.04 21:44:25 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll [2012.10.04 21:44:20 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys [2012.10.04 21:43:53 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys [2012.10.04 21:43:51 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys [2012.10.04 21:43:46 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys [2012.10.04 21:43:12 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys [2012.10.04 21:43:11 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys [2012.10.04 21:43:09 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys [2012.10.04 21:43:08 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys [2012.10.04 21:43:07 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys [2012.10.04 21:43:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys [2012.10.04 21:43:04 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys [2012.10.04 21:43:02 | 000,252,928 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll [2012.10.04 21:42:50 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll [2012.10.04 21:42:26 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys [2012.10.04 21:42:13 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys [2012.10.04 21:42:00 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys [2012.10.04 21:41:59 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys [2012.10.04 21:41:58 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys [2012.10.04 21:41:57 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys [2012.10.04 21:41:56 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys [2012.10.04 21:41:51 | 000,715,210 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys [2012.10.04 21:41:50 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys [2012.10.04 21:41:49 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys [2012.10.04 21:41:48 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys [2012.10.04 21:41:45 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll [2012.10.04 21:41:44 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys [2012.10.04 21:40:54 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys [2012.10.04 21:40:53 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys [2012.10.04 21:40:52 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys [2012.10.04 21:40:51 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys [2012.10.04 21:40:50 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll [2012.10.04 21:40:50 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll [2012.10.04 21:40:49 | 000,039,808 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys [2012.10.04 21:40:48 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys [2012.10.04 21:40:45 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll [2012.10.04 21:40:44 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe [2012.10.04 21:40:43 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll [2012.10.04 21:40:42 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll [2012.10.04 21:40:41 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys [2012.10.04 21:40:40 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys [2012.10.04 21:40:39 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll [2012.10.04 21:40:39 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys [2012.10.04 21:40:38 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll [2012.10.04 21:40:37 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll [2012.10.04 21:40:31 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys [2012.10.04 21:40:24 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys [2012.10.04 21:40:23 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll [2012.10.04 21:40:22 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys [2012.10.04 21:40:21 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys [2012.10.04 21:40:20 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys [2012.10.04 21:40:19 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll [2012.10.04 21:40:18 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll [2012.10.04 21:39:37 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys [2012.10.04 21:39:28 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys [2012.10.04 21:39:14 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys [2012.10.04 21:39:10 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys [2012.10.04 21:39:06 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys [2012.10.04 21:39:05 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys [2012.10.04 21:39:04 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys [2012.10.04 21:39:00 | 000,061,952 | ---- | C] (Farb-Flachbett-Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll [2012.10.04 21:38:57 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll [2012.10.04 21:38:56 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll [2012.10.04 21:38:54 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys [2012.10.04 21:38:53 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll [2012.10.04 21:38:52 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys [2012.10.03 21:34:45 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USERNAME\Desktop\TFC.exe [2012.10.03 21:31:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.10.03 21:31:12 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.10.03 21:31:12 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.10.03 21:31:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.10.03 21:31:06 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.10.03 21:31:05 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.10.03 21:31:04 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.10.03 21:31:04 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.10.03 21:31:03 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.10.03 21:29:37 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.10.03 21:29:34 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.10.03 21:27:42 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.10.03 21:27:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.10.02 22:35:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.10.02 19:44:46 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.10.02 19:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.09.29 16:40:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USERNAME\Desktop\Defogger [2012.09.29 15:29:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Malwarebytes [2012.09.29 15:28:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.29 15:28:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.29 15:28:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.29 15:28:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.09 17:04:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USERNAME\Lokale Einstellungen\Anwendungsdaten\Sun ========== Files - Modified Within 30 Days ========== [2012.10.07 18:20:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USERNAME\Desktop\OTL.exe [2012.10.07 18:09:09 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.10.07 18:08:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.07 18:08:13 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 18:06:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.07 18:06:10 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys [2012.10.07 09:57:04 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 09:50:53 | 262,406,144 | ---- | M] () -- C:\LogFile.Etl [2012.10.05 19:43:03 | 004,762,471 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\USERNAME\Desktop\ComboFix.exe [2012.10.04 20:59:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.10.03 21:34:54 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USERNAME\Desktop\TFC.exe [2012.10.03 21:31:13 | 000,001,657 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.10.03 21:31:05 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.10.03 20:36:49 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.02 20:02:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.09.30 15:29:20 | 000,007,254 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.09.30 12:13:57 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\USERNAME\Desktop\Microsoft Word 2003.lnk [2012.09.13 23:07:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2012.10.07 09:41:04 | 262,406,144 | ---- | C] () -- C:\LogFile.Etl [2012.10.05 19:44:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.10.05 19:44:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.10.05 19:44:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.10.05 19:44:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.10.05 19:44:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.10.04 22:16:39 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll [2012.10.04 22:16:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe [2012.10.04 22:02:42 | 000,086,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\reslog32.dll [2012.10.04 22:01:29 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax [2012.10.04 22:01:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll [2012.10.04 21:59:10 | 000,044,105 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys [2012.10.04 21:55:05 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax [2012.10.04 21:48:56 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll [2012.10.04 21:48:51 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll [2012.10.04 21:48:46 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll [2012.10.04 21:48:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll [2012.10.04 21:48:36 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll [2012.10.04 21:44:33 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll [2012.10.04 21:44:31 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll [2012.10.04 21:44:30 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll [2012.10.04 21:44:26 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll [2012.10.04 21:40:05 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys [2012.10.04 21:40:05 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys [2012.10.04 21:40:04 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys [2012.10.04 21:40:03 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys [2012.10.04 21:40:02 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys [2012.10.04 21:40:01 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys [2012.10.04 21:40:01 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys [2012.10.04 21:40:00 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys [2012.10.04 21:39:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys [2012.10.04 21:39:49 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys [2012.10.04 20:59:24 | 000,001,177 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinColor.exe.lnk [2012.10.03 21:31:13 | 000,001,657 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.10.03 21:31:05 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.10.02 19:45:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.10.02 19:45:05 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.09.29 19:40:49 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys [2012.05.20 01:22:20 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini [2012.05.07 20:04:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2012.05.07 20:00:31 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2012.05.07 17:13:49 | 008,913,920 | ---- | C] () -- C:\WINDOWS\System32\mp22.dll [2012.04.21 13:06:04 | 000,007,254 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.04.19 22:20:02 | 000,000,182 | ---- | C] () -- C:\WINDOWS\venple.ini [2012.03.10 13:39:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.02.16 08:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.12 23:40:10 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2012.02.12 23:38:06 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp3ml3.dll [2012.02.06 21:54:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5150D.INI [2012.02.06 21:53:12 | 000,000,142 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2012.02.06 21:53:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2012.02.06 21:53:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2012.02.06 21:53:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5150d.ini [2012.02.06 21:53:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2012.02.06 21:53:11 | 000,000,052 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini [2012.02.06 21:52:59 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2012.02.06 21:52:59 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2012.02.06 21:52:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2012.02.06 21:52:56 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5150D.INI [2012.02.06 21:52:47 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini [2012.02.06 21:47:54 | 000,000,060 | R--- | C] () -- C:\Programme\BRINST.INI [2012.01.29 23:51:38 | 000,013,816 | ---- | C] () -- C:\WINDOWS\System32\unikey.sys [2011.11.25 23:00:41 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2011.11.25 23:00:41 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2011.10.31 22:52:41 | 000,000,127 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\qtdsyncmonitor.xml [2011.10.31 22:10:59 | 000,000,394 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\qtdsync.xml [2011.08.13 19:05:28 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.08.13 19:05:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT [2011.08.08 00:00:17 | 000,000,043 | ---- | C] () -- C:\WINDOWS\GSWIN32.INI [2011.07.21 22:58:53 | 000,000,001 | R--- | C] () -- C:\Dokumente und Einstellungen\USERNAME\serverport [2011.04.18 16:39:56 | 000,226,364 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2009.03.20 23:42:14 | 000,003,899 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.html-tasks [2009.03.20 23:42:14 | 000,003,800 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.html-resources [2009.03.20 23:42:14 | 000,003,713 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.html [2009.03.20 23:42:14 | 000,003,163 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.html-chart [2009.03.20 23:42:14 | 000,002,438 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.html.png [2009.03.20 23:42:14 | 000,002,414 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.html.res.png [2009.03.20 23:41:14 | 000,003,404 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.ganttproject [2009.03.20 22:27:03 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\.recently-used [2008.12.28 14:37:53 | 000,078,336 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.20 00:14:01 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\USERNAME\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.03.22 21:34:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.03 21:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.03.16 16:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2009.04.02 22:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.02.08 11:59:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.01.16 17:58:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher [2010.01.08 22:13:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.12.22 19:58:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2008.12.04 22:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2010.01.08 22:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2012.03.07 12:46:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ntrip0 [2010.06.22 19:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2010.01.16 20:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Paragon [2010.01.08 22:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008.11.20 23:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\photools.com [2009.02.08 12:19:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.01.29 22:59:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.07.20 16:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.05.26 20:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.10.07 18:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011.07.01 23:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Amazon [2012.01.19 23:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Assimil_d_ru [2009.04.02 22:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Buhl Data Service [2010.01.29 22:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Canon [2011.11.25 23:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\DonationCoder [2012.05.07 19:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\DVDVideoSoft [2008.12.22 17:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\ePaperPress [2009.10.21 20:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\FileZilla [2012.02.25 11:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Foxit Software [2010.03.07 18:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\FRITZ! [2009.12.22 19:58:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\FRITZ!fax für FRITZ!Box [2012.01.15 23:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\KeePass [2010.01.08 22:14:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Nokia [2008.11.21 00:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\OfficeUpdate12 [2009.01.21 22:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Opera [2010.01.09 19:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\PC Suite [2010.10.19 21:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Philipp Winterberg [2008.11.20 23:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\photools.com [2010.02.07 21:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Process Hacker [2009.02.08 12:19:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\ScanSoft [2011.08.20 17:31:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\TeamViewer [2010.01.09 12:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Thunderbird [2012.01.16 00:00:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\TrueCrypt [2012.04.19 22:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Vensim [2012.01.29 22:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Vodafone [2012.02.06 00:41:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\USERNAME\Anwendungsdaten\Vodafone Mobile Broadband ========== Purity Check ========== < End of report > --- --- --- Hier die Extras.log OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.10.2012 18:22:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\USERNAME\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 65,00% Memory free 3,84 Gb Paging File | 3,18 Gb Available in Paging File | 82,79% Paging File free Paging file location(s): C:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 69,65 Gb Total Space | 9,84 Gb Free Space | 14,14% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 9,40 Gb Free Space | 13,51% Space Free | Partition Type: NTFS Computer Name: USERNAME_PC | User Name: USERNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPP\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Scrabblev2_0\Scrabble v2.0.exe" = C:\Programme\Scrabblev2_0\Scrabble v2.0.exe:*:Disabled:Scrabble v2.0 -- () "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax -- (AVM Berlin) "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation) "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) "C:\Dokumente und Einstellungen\USERNAME\Lokale Einstellungen\Apps\2.0\GLXC4G2V.YVY\67Q04YGR.6LT\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\USERNAME\Lokale Einstellungen\Apps\2.0\GLXC4G2V.YVY\67Q04YGR.6LT\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin) "C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Programme\Synology\Assistant\DSAssistant.exe" = C:\Programme\Synology\Assistant\DSAssistant.exe:*:Enabled:DSAssistant -- () "C:\Programme\Synology Data Replicator 3\Backup.exe" = C:\Programme\Synology Data Replicator 3\Backup.exe:*:Enabled:Data Replicator -- (Synology Inc.) "C:\Programme\devolo\dlan\devolonetsvc.exe" = C:\Programme\devolo\dlan\devolonetsvc.exe:*:Enabled:devolo dLAN Cockpit -- (devolo AG) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{0443A856-B498-4FF9-8C15-4B7057242783}" = HD Writer 2.6E for HDC "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management "{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup & Recovery™ 10 Kompakt "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AAD21AD-EE06-46C9-8B57-28D53DF9FB06}_is1" = NTRIP "{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management "{4BA6C917-E51C-4C49-9CD6-381A0A441CFD}" = PTLens "{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater "{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1 "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = EOS Capture 1.2 "{750CF8D7-4B04-404F-AFA2-14C129C42373}" = EOS Viewer Utility 1.2.1 "{75171746-D5CA-4831-948C-B7EAC696E63D}" = IMatch 3.6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A99A1AE2-5EAB-4742-91DB-72A8B2F9529C}" = HardlinkBackup "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "{FE3D551C-0B6F-4BAA-B4C1-2F0646E52886}}_is1" = Assimil Russisch ohne Mühe heute "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 4.62 "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4) "Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.3 Standard - English, Français, Deutsch "Adobe Acrobat 7.0 Standard - EFG - V_713" = Adobe Acrobat 7.1.3 - CPSID_49168 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AktienProfi_is1" = AktienProfi 3.20.2 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "avast" = avast! Free Antivirus "BootLog XP_is1" = BootLog XP "Bridge Construction Set_is1" = Bridge Construction Set 1.37 "Brother HL-5150D" = Brother HL-5150D "CamStudio" = CamStudio "Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "CobBackup10" = Cobian Backup 10 "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "DPP" = Canon Utilities Digital Photo Professional 3.9 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ESET Online Scanner" = ESET Online Scanner v3 "Exifer_is1" = Exifer "ExposurePlot_is1" = ExposurePlot 1.14 "GML Undistorter_is1" = GML Undistorter 1.05 "GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0 "GridVista" = Acer GridVista "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.2.5097 "InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = Canon Utilities EOS Capture 1.2 "InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}" = Canon Utilities EOS Viewer Utility 1.2 "InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA-Treiber "IrfanView" = IrfanView (remove only) "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Neat Image_is1" = Neat Image v5.0 Home "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "OpenAL" = OpenAL "Opera 12.02.1578" = Opera 12.02 "Pontifex" = Pontifex "Process_Hacker_is1" = Process Hacker 1.8 "RarZilla Free Unrar" = RarZilla Free Unrar "Recuva" = Recuva "Samsung ML-2855 Series" = Samsung ML-2855 Series "Scrabble v2.0" = Scrabble v2.0 "SpeedFan" = SpeedFan (remove only) "Spyder2express" = Spyder2express "Synology Assistant" = Synology Assistant (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 6" = TeamViewer 6 "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 2.0.2 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "YDKJG2" = YOU DON'T KNOW JACK® 2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss "STANLY Track" = STANLY Track "STANLY Track EDDM" = STANLY Track EDDM ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.10.2012 15:18:21 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Fehler beim Entschlüsseln. Error - 04.10.2012 15:18:22 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 1. Error - 05.10.2012 10:10:55 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Fehler beim Entschlüsseln. Error - 05.10.2012 10:10:57 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 1. Error - 06.10.2012 05:23:31 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Fehler beim Entschlüsseln. Error - 06.10.2012 05:23:34 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 1. Error - 07.10.2012 03:43:37 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Fehler beim Entschlüsseln. Error - 07.10.2012 03:43:47 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 1. Error - 07.10.2012 12:08:05 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Fehler beim Entschlüsseln. Error - 07.10.2012 12:08:08 | Computer Name = USERNAME_PC | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 1. [ System Events ] Error - 07.10.2012 03:44:24 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.10.2012 03:47:58 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst eLock Service. Error - 07.10.2012 12:08:48 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 07.10.2012 12:08:48 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7002 Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig. Kein Mitglied dieser Gruppe wurde jedoch gestartet. Error - 07.10.2012 12:08:48 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 07.10.2012 12:08:48 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Cyberlink RichVideo Service(CRVS). Error - 07.10.2012 12:08:48 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.10.2012 12:08:48 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 07.10.2012 12:08:48 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst eLock Service. Error - 07.10.2012 12:12:13 | Computer Name = USERNAME_PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst eLock Service. < End of report > Habe mit BootLog XP mal eine Aufzeichnung gemacht. Der Bootvorgang ab Desktop beträgt demnach knapp 11 min. Richtig lange braucht dabei folgender Prozess, aber es gibt noch mehrere, die über 5 min. brauchen: Code:
ATTFilter Path: C:\WINDOWS\system32\svchost.exe Start: 115,457 sec Duration: 401,524 sec ID: 1468 07.10.2012 09:41:34.175 DLL's: C:\WINDOWS\system32\svchost.exe Start: 115,457 sec C:\WINDOWS\system32\ntdll.dll Start: 115,457 sec C:\WINDOWS\system32\kernel32.dll Start: 115,458 sec C:\WINDOWS\system32\advapi32.dll Start: 115,463 sec C:\WINDOWS\system32\rpcrt4.dll Start: 115,463 sec C:\WINDOWS\system32\secur32.dll Start: 115,463 sec C:\WINDOWS\system32\shimeng.dll Start: 115,463 sec C:\WINDOWS\AppPatch\acgenral.dll Start: 115,464 sec C:\WINDOWS\system32\user32.dll Start: 115,464 sec C:\WINDOWS\system32\gdi32.dll Start: 115,464 sec C:\WINDOWS\system32\winmm.dll Start: 115,464 sec C:\WINDOWS\system32\ole32.dll Start: 115,464 sec C:\WINDOWS\system32\msvcrt.dll Start: 115,466 sec C:\WINDOWS\system32\oleaut32.dll Start: 115,466 sec C:\WINDOWS\system32\msacm32.dll Start: 115,466 sec C:\WINDOWS\system32\version.dll Start: 115,466 sec C:\WINDOWS\system32\shell32.dll Start: 115,466 sec C:\WINDOWS\system32\shlwapi.dll Start: 115,467 sec C:\WINDOWS\system32\userenv.dll Start: 115,467 sec C:\WINDOWS\system32\uxtheme.dll Start: 115,467 sec C:\WINDOWS\system32\imm32.dll Start: 115,474 sec C:\WINDOWS\system32\lpk.dll Start: 115,474 sec C:\WINDOWS\system32\usp10.dll Start: 115,475 sec C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Start: 115,492 sec C:\WINDOWS\system32\comctl32.dll Start: 115,504 sec C:\WINDOWS\system32\ntmarta.dll Start: 115,508 sec C:\WINDOWS\system32\samlib.dll Start: 115,508 sec C:\WINDOWS\system32\wldap32.dll Start: 115,508 sec C:\WINDOWS\system32\xpsp2res.dll Start: 115,512 sec C:\WINDOWS\system32\shsvcs.dll Start: 115,515 sec C:\WINDOWS\system32\winsta.dll Start: 115,521 sec C:\WINDOWS\system32\netapi32.dll Start: 115,522 sec C:\WINDOWS\system32\rsaenh.dll Start: 116,252 sec C:\WINDOWS\system32\dhcpcsvc.dll Start: 117,468 sec C:\WINDOWS\system32\dnsapi.dll Start: 117,47 sec C:\WINDOWS\system32\ws2_32.dll Start: 117,47 sec C:\WINDOWS\system32\ws2help.dll Start: 117,471 sec C:\WINDOWS\system32\iphlpapi.dll Start: 117,471 sec C:\WINDOWS\system32\msapsspc.dll Start: 117,843 sec C:\WINDOWS\system32\msvcrt40.dll Start: 117,844 sec C:\WINDOWS\system32\schannel.dll Start: 117,848 sec C:\WINDOWS\system32\crypt32.dll Start: 117,851 sec C:\WINDOWS\system32\msasn1.dll Start: 117,851 sec C:\WINDOWS\system32\digest.dll Start: 117,883 sec C:\WINDOWS\system32\msnsspc.dll Start: 117,884 sec C:\WINDOWS\system32\msvcrt40.dll Start: 117,885 sec C:\Programme\FRITZ!DSL\SARAH.DLL Start: 117,887 sec C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll Start: 117,898 sec C:\Programme\FRITZ!DSL\BLOCK.DLL Start: 117,901 sec C:\WINDOWS\system32\mswsock.dll Start: 117,925 sec C:\WINDOWS\system32\hnetcfg.dll Start: 117,925 sec C:\WINDOWS\system32\wshtcpip.dll Start: 117,929 sec C:\WINDOWS\system32\wzcsvc.dll Start: 119,151 sec C:\WINDOWS\system32\rtutils.dll Start: 119,152 sec C:\WINDOWS\system32\wmi.dll Start: 119,152 sec C:\WINDOWS\system32\crypt32.dll Start: 119,152 sec C:\WINDOWS\system32\msasn1.dll Start: 119,153 sec C:\WINDOWS\system32\eapolqec.dll Start: 119,153 sec C:\WINDOWS\system32\atl.dll Start: 119,153 sec C:\WINDOWS\system32\qutil.dll Start: 119,154 sec C:\WINDOWS\system32\msvcp60.dll Start: 119,154 sec C:\WINDOWS\system32\dot3api.dll Start: 119,155 sec C:\WINDOWS\system32\wtsapi32.dll Start: 119,156 sec C:\WINDOWS\system32\esent.dll Start: 119,156 sec C:\WINDOWS\system32\irmon.dll Start: 119,277 sec C:\WINDOWS\system32\msv1_0.dll Start: 119,278 sec C:\WINDOWS\system32\cryptdll.dll Start: 119,279 sec C:\WINDOWS\system32\clbcatq.dll Start: 119,316 sec C:\WINDOWS\system32\comres.dll Start: 119,317 sec C:\WINDOWS\system32\rastls.dll Start: 119,328 sec C:\WINDOWS\system32\cryptui.dll Start: 119,329 sec C:\WINDOWS\system32\wininet.dll Start: 119,343 sec C:\WINDOWS\system32\normaliz.dll Start: 119,344 sec C:\WINDOWS\system32\urlmon.dll Start: 119,344 sec C:\WINDOWS\system32\iertutil.dll Start: 119,346 sec C:\WINDOWS\system32\wintrust.dll Start: 119,355 sec C:\WINDOWS\system32\imagehlp.dll Start: 119,355 sec C:\WINDOWS\system32\mprapi.dll Start: 119,364 sec C:\WINDOWS\system32\activeds.dll Start: 119,364 sec C:\WINDOWS\system32\adsldpc.dll Start: 119,364 sec C:\WINDOWS\system32\setupapi.dll Start: 119,365 sec C:\WINDOWS\system32\rasapi32.dll Start: 119,365 sec C:\WINDOWS\system32\rasman.dll Start: 119,365 sec C:\WINDOWS\system32\tapi32.dll Start: 119,366 sec C:\WINDOWS\system32\schannel.dll Start: 119,366 sec C:\WINDOWS\system32\winscard.dll Start: 119,366 sec C:\WINDOWS\system32\psapi.dll Start: 119,368 sec C:\WINDOWS\system32\riched20.dll Start: 119,399 sec C:\WINDOWS\system32\raschap.dll Start: 119,42 sec C:\WINDOWS\system32\wshirda.dll Start: 119,42 sec C:\WINDOWS\system32\netman.dll Start: 119,539 sec C:\WINDOWS\system32\netshell.dll Start: 119,541 sec C:\WINDOWS\system32\credui.dll Start: 119,541 sec C:\WINDOWS\system32\dot3dlg.dll Start: 119,541 sec C:\WINDOWS\system32\onex.dll Start: 119,541 sec C:\WINDOWS\system32\eappcfg.dll Start: 119,541 sec C:\WINDOWS\system32\eappprxy.dll Start: 119,541 sec C:\WINDOWS\system32\wzcsapi.dll Start: 119,542 sec C:\WINDOWS\system32\mlang.dll Start: 122,774 sec C:\WINDOWS\system32\xmlprovi.dll Start: 122,796 sec C:\WINDOWS\system32\wzcsapi.dll Start: 122,796 sec C:\WINDOWS\system32\schedsvc.dll Start: 123,073 sec C:\WINDOWS\system32\ntdsapi.dll Start: 123,073 sec C:\WINDOWS\system32\kbdgr.dll Start: 123,132 sec C:\WINDOWS\system32\msidle.dll Start: 123,136 sec C:\WINDOWS\system32\audiosrv.dll Start: 123,517 sec C:\WINDOWS\system32\wkssvc.dll Start: 123,625 sec C:\WINDOWS\system32\cryptsvc.dll Start: 130,64 sec C:\WINDOWS\system32\certcli.dll Start: 130,64 sec C:\WINDOWS\system32\dmserver.dll Start: 130,762 sec C:\WINDOWS\system32\ersvc.dll Start: 130,767 sec C:\WINDOWS\system32\es.dll Start: 130,782 sec C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll Start: 131,042 sec C:\WINDOWS\system32\srvsvc.dll Start: 132,67 sec C:\WINDOWS\system32\netmsg.dll Start: 133,197 sec C:\WINDOWS\system32\netman.dll Start: 150,765 sec C:\WINDOWS\system32\netshell.dll Start: 150,768 sec C:\WINDOWS\system32\credui.dll Start: 150,768 sec C:\WINDOWS\system32\dot3dlg.dll Start: 150,769 sec C:\WINDOWS\system32\onex.dll Start: 150,77 sec C:\WINDOWS\system32\eappcfg.dll Start: 150,77 sec C:\WINDOWS\system32\eappprxy.dll Start: 150,771 sec C:\WINDOWS\system32\seclogon.dll Start: 155,438 sec C:\WINDOWS\system32\srsvc.dll Start: 157,925 sec C:\WINDOWS\system32\powrprof.dll Start: 159,097 sec C:\WINDOWS\system32\sens.dll Start: 159,337 sec C:\WINDOWS\system32\trkwks.dll Start: 161,63 sec C:\WINDOWS\system32\tapisrv.dll Start: 162,482 sec C:\WINDOWS\system32\w32time.dll Start: 163,836 sec C:\WINDOWS\system32\wbem\wmisvc.dll Start: 165,165 sec C:\WINDOWS\system32\vssapi.dll Start: 166,194 sec C:\WINDOWS\system32\wscsvc.dll Start: 170,363 sec C:\WINDOWS\system32\msi.dll Start: 170,965 sec C:\WINDOWS\system32\wbem\wbemcore.dll Start: 171,312 sec C:\WINDOWS\system32\wbem\esscli.dll Start: 172,255 sec C:\WINDOWS\system32\wbem\wbemcomn.dll Start: 173,195 sec C:\WINDOWS\system32\wbem\fastprox.dll Start: 173,35 sec C:\WINDOWS\system32\actxprxy.dll Start: 177,06 sec C:\WINDOWS\system32\wuauserv.dll Start: 177,961 sec C:\WINDOWS\system32\sxs.dll Start: 178,39 sec C:\WINDOWS\system32\wuaueng.dll Start: 178,661 sec C:\WINDOWS\system32\winspool.drv Start: 179,184 sec C:\WINDOWS\system32\winhttp.dll Start: 179,389 sec C:\WINDOWS\system32\cabinet.dll Start: 179,567 sec C:\WINDOWS\system32\mspatcha.dll Start: 180,203 sec C:\WINDOWS\system32\browser.dll Start: 182,879 sec C:\WINDOWS\system32\wbem\wbemprox.dll Start: 183,452 sec C:\WINDOWS\system32\wbem\wbemsvc.dll Start: 183,818 sec C:\WINDOWS\system32\comsvcs.dll Start: 185,311 sec C:\WINDOWS\system32\colbact.dll Start: 186,357 sec C:\WINDOWS\system32\mtxclu.dll Start: 187,173 sec C:\WINDOWS\system32\wsock32.dll Start: 187,939 sec C:\WINDOWS\system32\clusapi.dll Start: 188,777 sec C:\WINDOWS\system32\resutils.dll Start: 189,561 sec C:\WINDOWS\system32\sfc.dll Start: 191,625 sec C:\WINDOWS\system32\sfc_os.dll Start: 191,626 sec C:\WINDOWS\system32\wbem\wmiutils.dll Start: 192,135 sec C:\WINDOWS\system32\wups.dll Start: 193,187 sec C:\WINDOWS\system32\wups2.dll Start: 193,765 sec C:\WINDOWS\system32\wbem\repdrvfs.dll Start: 194,784 sec C:\WINDOWS\system32\wbem\wmiprvsd.dll Start: 199,288 sec C:\WINDOWS\system32\ncobjapi.dll Start: 199,788 sec C:\WINDOWS\system32\wbem\wbemess.dll Start: 203,035 sec C:\WINDOWS\system32\apphelp.dll Start: 205,2 sec C:\WINDOWS\system32\ipnathlp.dll Start: 207,512 sec C:\WINDOWS\system32\authz.dll Start: 208,215 sec C:\WINDOWS\system32\unimdm.tsp Start: 209,434 sec C:\WINDOWS\system32\uniplat.dll Start: 210,284 sec C:\WINDOWS\system32\unimdmat.dll Start: 211,523 sec C:\WINDOWS\system32\modemui.dll Start: 213,516 sec C:\WINDOWS\system32\kmddsp.tsp Start: 214,787 sec C:\WINDOWS\system32\ndptsp.tsp Start: 215,746 sec C:\WINDOWS\system32\ipconf.tsp Start: 216,996 sec C:\WINDOWS\system32\h323.tsp Start: 217,613 sec C:\WINDOWS\system32\hidphone.tsp Start: 219,571 sec C:\WINDOWS\system32\hid.dll Start: 220,777 sec C:\WINDOWS\system32\wuapi.dll Start: 221,417 sec C:\WINDOWS\system32\wups.dll Start: 223,871 sec C:\WINDOWS\system32\upnp.dll Start: 227,303 sec C:\WINDOWS\system32\ssdpapi.dll Start: 228,447 sec C:\WINDOWS\system32\wbem\ncprov.dll Start: 231,05 sec C:\WINDOWS\system32\wbem\wbemcons.dll Start: 234,26 sec C:\WINDOWS\system32\netcfgx.dll Start: 237,035 sec C:\WINDOWS\system32\wups2.dll Start: 238,288 sec C:\WINDOWS\system32\rasmans.dll Start: 240,407 sec C:\WINDOWS\system32\winipsec.dll Start: 241,407 sec C:\WINDOWS\system32\rastapi.dll Start: 253,135 sec C:\WINDOWS\system32\unimdm.tsp Start: 254,216 sec C:\WINDOWS\system32\uniplat.dll Start: 254,574 sec C:\WINDOWS\system32\unimdmat.dll Start: 254,788 sec C:\WINDOWS\system32\modemui.dll Start: 254,799 sec C:\WINDOWS\system32\kmddsp.tsp Start: 254,84 sec C:\WINDOWS\system32\ndptsp.tsp Start: 254,843 sec C:\WINDOWS\system32\ipconf.tsp Start: 254,847 sec C:\WINDOWS\system32\h323.tsp Start: 254,85 sec C:\WINDOWS\system32\hidphone.tsp Start: 254,852 sec C:\WINDOWS\system32\hid.dll Start: 254,852 sec C:\WINDOWS\system32\rasppp.dll Start: 255,087 sec C:\WINDOWS\system32\ntlsapi.dll Start: 257,124 sec C:\WINDOWS\system32\kerberos.dll Start: 257,991 sec C:\WINDOWS\system32\rasqec.dll Start: 259,281 sec C:\WINDOWS\system32\msxml3.dll Start: 286,248 sec C:\WINDOWS\system32\rasadhlp.dll Start: 374,691 sec C:\WINDOWS\system32\wuapi.dll Start: 374,701 sec C:\WINDOWS\system32\mlang.dll Start: 375,873 sec C:\WINDOWS\system32\wbem\wbemprox.dll Start: 378,68 sec C:\WINDOWS\system32\wups.dll Start: 379,782 sec C:\WINDOWS\system32\xmlprovi.dll Start: 381,216 sec C:\WINDOWS\system32\mlang.dll Start: 516,933 sec C:\WINDOWS\system32\xmlprovi.dll Start: 516,98 sec Geändert von TimdZ (07.10.2012 um 19:10 Uhr) Grund: update |
07.10.2012, 20:15 | #38 |
/// the machine /// TB-Ausbilder | EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Wie gehtst Du online? Zieh mal bitte LAN oder WLAN, ausschalten und alles was so netzwerktechnisch eingestellt wurde. Dann rebooten. Schneller?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.10.2012, 20:48 | #39 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Trennung vom LAN und Reboot beschleunigt den Bootvorgang leider auch nicht. Seltsam: nach fast jedem Reboot und Öffnen des Firefox stellt das System neuerdings fest, dass FF nicht der Standardbrowser sei un dob ich ihn dazu machen wolle. Dies bejahe ich stets. Nach Neustart kann es allerdings sein, dass er wieder fragt... Auch versucht das System beim Booten schon immer ein WLAN-Netz zu suchen. Das war früher nicht so und WLAN wurde wenn, dann ausschließlich durch mich manuell gestartet. |
07.10.2012, 20:50 | #40 |
/// the machine /// TB-Ausbilder | EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Deaktiviere mal den WLAN Treiber. Systemsteuerung > Netzerkumgebung WLAN integriert oder mit Stick?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.10.2012, 21:14 | #41 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Werde das WLAN (integriert) mal deaktivieren. Noch so ein Nebenbefund: habe gerade 626 MB-Datei von Desktop auf Partition D:\ (physisch dieselbe Festplatte) kopiert. Das dauerte 10 min. Kopieren von D:\ via LAN auf Netzlaufwerk ging schneller... Werde morgen erneut berichten (wegen WLAN-Deaktiv.) Du weißt ja: Neustart dauert 15-20 min. |
08.10.2012, 06:18 | #42 |
/// the machine /// TB-Ausbilder | EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.10.2012, 19:19 | #43 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Hallo schrauber, das brachte wohl leider auch nichts. Habe den Rechner aus dem StandyBy gestartet (scheue mittlerweile die 20minütige Prozedur) und alleine das dauerte ca. 8 min. Meinst Du, es hat etwas mit den Fehlermeldungen zu tun, die das OTL Extras.Log zeigt? Meinst Du, es gibt noch Hoffung für das System ohne es neu aufzusetzen? Viele Grüße Tim |
08.10.2012, 19:27 | #44 |
/// the machine /// TB-Ausbilder | EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Sind halt etliche Datenbankfehler. Nutzt Du SQL für irgendwas?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.10.2012, 19:53 | #45 |
| EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 Dass ich SQL nutzen würde, wäre mir nicht bekannt. Habe zwar ein Bildverwaltungsprogramm installiert (iMatch), weiß aber nicht genau, ob das auf SQL basiert. Ansonsten wüßte ich nicht, wozu ich auf SQL zurückgreifen würde... |
Themen zu EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2 |
.dll, acer, avg, bildschirm, dateien, desktop, dllhost.exe, e-banking, einstellungen, erste mal, explorer.exe, lsass.exe, microsoft, modul, namen, programm, programme, prozesse, registry, schwarzer bildschirm, service.exe, services.exe, svchost.exe, system, system volume information, warnung, windows, winlogon.exe, überfragt |