| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.10.2012, 15:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.10.2012, 16:59
| #17 |
 | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Inhalt der OTL.txt
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.10.2012 17:31:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\Schnelle Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 612,29 Mb Available Physical Memory | 59,82% Memory free 2,40 Gb Paging File | 1,89 Gb Available in Paging File | 78,81% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 156,17 Gb Free Space | 33,53% Space Free | Partition Type: NTFS Drive E: | 19,53 Gb Total Space | 19,47 Gb Free Space | 99,67% Space Free | Partition Type: NTFS Drive F: | 186,30 Gb Total Space | 31,00 Gb Free Space | 16,64% Space Free | Partition Type: NTFS Computer Name: FALK-HELP | User Name: Falk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 17:27:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Schnelle Downloads\OTL.exe PRC - [2012.10.08 11:25:33 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.04.01 15:53:18 | 006,574,720 | ---- | M] () -- C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld.exe PRC - [2008.05.30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.18 10:03:32 | 005,685,248 | ---- | M] () -- C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe PRC - [2004.11.15 12:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Modules (No Company Name) ========== MOD - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.04.01 15:53:18 | 006,574,720 | ---- | M] () -- C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld.exe MOD - [2008.04.22 15:53:50 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\hcwChDB.dll MOD - [2008.04.14 14:00:00 | 000,363,520 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll MOD - [2008.04.14 14:00:00 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax MOD - [2008.04.14 14:00:00 | 000,118,272 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax MOD - [2008.04.14 14:00:00 | 000,056,832 | ---- | M] () -- C:\WINDOWS\system32\msdvbnp.ax MOD - [2008.04.14 14:00:00 | 000,033,280 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.05.18 10:03:32 | 005,685,248 | ---- | M] () -- C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.09 19:56:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.08 12:22:35 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.08 11:25:33 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.04.01 15:53:18 | 006,574,720 | ---- | M] () [Auto | Running] -- C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld.exe -- (MySQL) SRV - [2008.12.09 01:52:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.06.28 12:31:00 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.05.30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\EPG Services\System\EPGService.exe -- (EPGService) SRV - [2007.05.18 10:03:32 | 005,685,248 | ---- | M] () [Auto | Running] -- C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe -- (SageDB 5.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\Si3114r5.sys -- (Si3114r5) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{F177E9F4-3F95-4F18-B91F-6648A522A583}\MpKsl97ccd5e3.sys -- (MpKsl97ccd5e3) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.14 00:55:47 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008.05.12 18:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.04.19 01:21:26 | 000,182,400 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA) DRV - [2008.04.19 01:21:08 | 000,012,288 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5) DRV - [2008.04.19 01:21:04 | 000,320,256 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE) DRV - [2008.04.19 01:20:52 | 000,012,928 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD) DRV - [2008.04.14 14:00:00 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.04.14 14:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.11.17 13:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004.11.11 05:56:40 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004.11.11 05:56:38 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004.11.03 22:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2004.08.19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.05.02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv) DRV - [2003.10.24 02:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2000.07.24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-299502267-1220945662-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-299502267-1220945662-839522115-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-299502267-1220945662-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.08 12:22:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.08 11:49:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.08.31 15:02:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2008.12.05 12:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Extensions [2012.10.09 23:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions [2012.09.05 17:18:44 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.09.15 20:17:51 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2012.10.09 23:03:17 | 001,625,368 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.08 11:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.06 23:56:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.08 12:22:38 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.14 17:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.10.08 12:22:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.08 12:22:04 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.08 12:22:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.08 12:22:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.08 12:22:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.08 12:22:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.08.27 00:20:21 | 000,001,863 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.tz-online.local O1 - Hosts: 127.0.0.1 www.merkur-online.local O1 - Hosts: 127.0.0.1 www.hna.local O1 - Hosts: 127.0.0.1 www.da-imnetz.local O1 - Hosts: 127.0.0.1 www.wa-online.local O1 - Hosts: 127.0.0.1 www.op-online.local O1 - Hosts: 127.0.0.1 www.kreiszeitung.local O1 - Hosts: 127.0.0.1 www.soester-anzeiger.local O1 - Hosts: 127.0.0.1 www.come-on.local O1 - Hosts: 127.0.0.1 www.rosenheim24.local O1 - Hosts: 127.0.0.1 www.bgland24.local O1 - Hosts: 127.0.0.1 www.chiemgau24.local O1 - Hosts: 127.0.0.1 www.innsalzach24.local O1 - Hosts: 127.0.0.1 www.waldkraiburger-volksfest.local O1 - Hosts: 127.0.0.1 tz-online.local O1 - Hosts: 127.0.0.1 merkur-online.local O1 - Hosts: 127.0.0.1 hna.local O1 - Hosts: 127.0.0.1 da-imnetz.local O1 - Hosts: 127.0.0.1 wa-online.local O1 - Hosts: 127.0.0.1 op-online.local O1 - Hosts: 127.0.0.1 kreiszeitung.local O1 - Hosts: 127.0.0.1 soester-anzeiger.local O1 - Hosts: 127.0.0.1 come-on.local O1 - Hosts: 127.0.0.1 rosenheim24.local O1 - Hosts: 5 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe () O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-299502267-1220945662-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349557631453 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5791F2BD-7CE6-4B20-B7D0-237CBBA338E6}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE71409C-5452-4E13-817B-70745815C6BE}: NameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.18 12:32:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {54E574A8-7B34-ADCA-5D53-95DE9192A472} - Windows Media Player ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FA082800-DC34-704C-EE09-176CDCB71B58} - Microsoft Windows Media Player 6.4 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 16:06:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\Sun [2012.10.08 13:14:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.08 13:14:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.10.08 13:14:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.10.08 12:06:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2012.10.08 12:06:49 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2012.10.08 12:06:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2012.10.08 12:06:34 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2012.10.08 12:06:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2012.10.08 12:06:00 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2012.10.08 12:06:00 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2012.10.08 12:05:59 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2012.10.08 12:05:59 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2012.10.08 12:05:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2012.10.08 12:05:58 | 000,000,000 | ---D | C] -- C:\e35e308345ea5c24204ed4ea [2012.10.08 11:46:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.10.08 11:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.10.08 11:36:07 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2012.10.08 11:32:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.10.08 11:32:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.10.08 11:28:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange PDF Viewer [2012.10.08 11:28:41 | 000,000,000 | ---D | C] -- C:\Programme\Tracker Software [2012.10.08 11:26:14 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.10.08 11:25:58 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.10.08 11:25:58 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.10.08 11:25:58 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.10.08 11:23:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012.10.08 11:21:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\vlc [2012.10.08 11:20:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2012.10.08 11:04:57 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2012.10.08 11:04:57 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2012.10.07 00:42:23 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2012.10.07 00:38:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2012.10.07 00:33:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Falk\IETldCache [2012.10.06 23:58:57 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012.10.06 23:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2012.10.06 23:57:54 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2012.10.06 23:57:54 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2012.10.06 23:57:54 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2012.10.06 23:57:54 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2012.10.06 23:57:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2012.10.06 23:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2012.10.06 23:57:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2012.10.06 23:56:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2012.10.06 23:56:33 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.10.06 23:56:33 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012.10.06 23:54:47 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.10.06 23:41:09 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2012.10.06 23:32:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory [2012.10.06 23:24:01 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2012.10.06 23:18:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2012.10.06 23:13:29 | 002,195,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2012.10.06 23:13:27 | 002,151,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2012.10.06 23:13:26 | 002,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2012.10.06 23:12:23 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2012.10.06 23:11:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2012.10.06 23:11:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2012.10.06 23:11:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2012.10.06 23:08:10 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2012.10.04 21:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%programfiles% [2012.10.04 21:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%commonprogramfiles% [2012.10.04 14:37:04 | 000,000,000 | ---D | C] -- C:\Program Files [2012.10.04 12:54:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Malwarebytes [2012.10.04 12:53:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.03 01:22:21 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.10.02 18:40:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jxodgbnhmnphmud [2012.09.15 20:28:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.10 17:35:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.10 17:26:28 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.10.10 11:23:53 | 000,162,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.10 11:15:30 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.10.09 22:53:22 | 000,000,033 | ---- | M] () -- C:\ProgDVB.ini [2012.10.09 22:49:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.10.09 19:56:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.09 19:56:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.10.09 10:07:04 | 000,459,574 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.09 10:07:04 | 000,441,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.09 10:07:04 | 000,084,946 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.09 10:07:04 | 000,071,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.09 09:42:48 | 000,000,211 | ---- | M] () -- C:\WINDOWS\uno.ini [2012.10.08 13:14:48 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.08 12:13:51 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.08 11:45:14 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012.10.08 11:36:08 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.10.08 11:28:51 | 000,000,838 | ---- | M] () -- C:\Dokumente und Einstellungen\Falk\Desktop\PDF-Viewer.lnk [2012.10.08 11:25:37 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.10.08 11:25:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.10.08 11:25:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.10.08 11:25:30 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.10.08 11:25:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.10.08 11:25:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.10.08 11:20:37 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.10.06 23:56:01 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012.10.06 23:32:52 | 000,000,137 | ---- | M] () -- C:\Dokumente und Einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2012.10.05 23:52:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpaOld.dbl [2012.10.04 13:21:00 | 000,000,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Falk\defogger_reenable [2012.10.02 18:40:25 | 000,076,338 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cdoivglkayugxxr [2012.09.19 10:44:27 | 000,001,002 | ---- | M] () -- C:\WINDOWS\wiso.ini [2012.09.15 20:26:55 | 008,182,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Falk\Desktop\windplan_entwurf_festlegungskarte.pdf [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.09 19:56:25 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.08 13:14:48 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.08 11:54:56 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012.10.08 11:54:38 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2012.10.08 11:36:08 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.10.08 11:32:46 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.10.08 11:28:51 | 000,000,838 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\Desktop\PDF-Viewer.lnk [2012.10.08 11:20:37 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.10.07 00:39:02 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012.10.07 00:38:56 | 000,001,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk [2012.10.06 23:32:52 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2012.10.06 23:26:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.10.06 23:26:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.10.04 13:20:52 | 000,000,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\defogger_reenable [2012.10.02 18:40:13 | 000,076,338 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cdoivglkayugxxr [2012.09.15 20:26:54 | 008,182,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\Desktop\windplan_entwurf_festlegungskarte.pdf [2008.12.08 18:11:47 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2008.07.10 13:13:44 | 000,000,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\.asadminpass [2008.07.10 13:13:38 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\.asadmintruststore [2008.06.14 00:04:02 | 000,162,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008.06.13 23:46:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.10.07 00:17:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Adobe [2008.08.13 01:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Buhl Data Service [2009.08.24 01:17:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Canneverbe_Limited [2009.11.08 22:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\dvdcss [2010.10.15 19:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\FileZilla [2012.09.05 17:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\FireShot [2008.05.25 23:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Help [2008.05.18 12:36:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Identities [2008.07.10 20:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\IDMComp [2008.06.16 19:19:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\InstallShield [2008.06.15 17:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Macromedia [2012.10.04 12:54:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Malwarebytes [2009.05.19 13:56:26 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Microsoft [2008.12.05 12:09:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla [2009.09.22 18:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\MySQL [2010.03.19 23:18:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Nokia [2008.10.29 16:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Notepad++ [2012.09.05 17:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\OpenOffice.org2 [2010.03.19 23:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\PC Suite [2008.06.15 20:20:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Pixum [2012.10.10 17:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Skype [2012.09.24 10:27:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\skypePM [2008.06.16 19:31:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Sony Corporation [2008.07.10 12:24:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Subversion [2008.05.18 15:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Sun [2008.05.25 22:57:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\T-Online [2008.05.25 22:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Talkback [2012.08.31 15:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Thunderbird [2008.05.25 23:14:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Ulead Systems [2003.01.01 00:26:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\UseNeXT [2012.10.10 11:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > [2009.02.25 00:49:58 | 001,887,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2012.08.17 19:49:00 | 000,060,824 | ---- | M] (getfireshot.com) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe [2012.08.17 19:49:00 | 000,145,816 | ---- | M] (getfireshot.com) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe [2012.08.17 19:48:38 | 000,074,648 | ---- | M] (getfireshot.com) -- C:\Dokumente und Einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe < %SYSTEMDRIVE%\*.exe > [2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: AHCIX86.SYS > [2008.03.08 03:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\Programme\ati\SBDrv\RAID7xx\x86\ahcix86.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.11.03 22:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\drivers\nvatabus.sys [2004.11.03 22:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\nvatabus.sys [2004.11.03 22:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\nvatabus.sys [2004.11.03 22:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvatabus.sys < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2003.01.01 02:25:19 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2003.01.01 01:16:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2003.01.01 02:25:19 | 024,068,096 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2003.01.01 02:25:19 | 004,456,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > [/code] Inhalt der Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.10.2012 17:31:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Schnelle Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 612,29 Mb Available Physical Memory | 59,82% Memory free
2,40 Gb Paging File | 1,89 Gb Available in Paging File | 78,81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 156,17 Gb Free Space | 33,53% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 19,47 Gb Free Space | 99,67% Space Free | Partition Type: NTFS
Drive F: | 186,30 Gb Total Space | 31,00 Gb Free Space | 16,64% Space Free | Partition Type: NTFS
Computer Name: FALK-HELP | User Name: Falk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Programme\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" ()
Directory [Pixum EasyBook] -- "C:\Programme\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [Pixum EasyBook.exe] -- "C:\Programme\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\JetBrains\IntelliJ IDEA 7.0.3\bin\idea.exe" = C:\Programme\JetBrains\IntelliJ IDEA 7.0.3\bin\idea.exe:*:Disabled:IntelliJ IDEA 7.0.3
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Sage\GSBuchhalter\Gsbuchhalter.exe" = C:\Programme\Sage\GSBuchhalter\Gsbuchhalter.exe:*:Disabled:Sage GS-Buchhalter -- (Sage Software GmbH)
"C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe" = C:\Programme\Sage\SageDB 5.0\bin\mysqld-nt.exe:LocalSubNet:Disabled:SageDB 5.0 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1660957C-A6E9-436E-958B-DEB51B2A22E2}" = MySQL Server 5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2C50AD43-5423-4FB2-9BE8-456456A03D1D}" = Sage BankCom
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{32BFD212-A55E-4D1A-9E42-DB3764B761B8}" = Sage HBCI-Kontaktverwaltung
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{384BDD6A-58AB-4556-B393-7084DD35EBF8}" = UltraEdit 14.10
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8283FCCD-AC71-4DC1-A81E-4F244FBBE11D}" = T-Online 5.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BAE9A66D-A9E9-4985-BDF4-B1842F84B3C9}" = Garmin City Navigator Middle East NT v4
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5EFAEAF-CD5F-4D63-9C69-99F941639629}" = Sage HBCI-Kontaktverwaltung
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Brother HL-1430" = Brother HL-1430
"FileZilla Client" = FileZilla Client 3.2.4.1
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HeidiSQL_is1" = HeidiSQL 3.2
"IE4Dev" = Microsoft Script Debugger
"ie8" = Windows Internet Explorer 8
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MapCenter (Family 951)" = MapCenter - Madeira roads and trails
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Photovista Panorama 3.0" = Photovista Panorama 3.0
"Pixum EasyBook" = Pixum EasyBook
"Pixum EasyPrint" = Pixum EasyPrint 1.2
"Sage GS-Buchhalter" = Sage GS-Buchhalter
"SageDB 5.0" = SageDB 5.0
"USB Scanner" = USB Scanner
"UseNeXT_is1" = UseNeXT
"V3.2_is1" = File Scavenger 3.2
"VLC media player" = VLC media player 2.0.3
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Windows Media Format Runtime" = Windows Media Format Runtime
"XMedia Recode" = XMedia Recode 2.0.9.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.10.2012 05:43:21 | Computer Name = FALK-HELP | Source = Microsoft Security Client | ID = 5000
Description =
Error - 08.10.2012 05:45:20 | Computer Name = FALK-HELP | Source = Microsoft Security Client | ID = 5000
Description =
Error - 08.10.2012 06:51:12 | Computer Name = FALK-HELP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 08.10.2012 07:15:07 | Computer Name = FALK-HELP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 08.10.2012 07:15:07 | Computer Name = FALK-HELP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 08.10.2012 14:19:47 | Computer Name = FALK-HELP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 09.10.2012 16:55:04 | Computer Name = FALK-HELP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung progdvb.exe, Version 4.0.0.0, fehlgeschlagenes
Modul comctl32.dll, Version 5.82.2900.6028, Fehleradresse 0x00056673.
Error - 09.10.2012 17:31:10 | Computer Name = FALK-HELP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
Modul psisdecd.dll, Version 6.5.2600.5512, Fehleradresse 0x0001f1e9.
Error - 09.10.2012 17:45:31 | Computer Name = FALK-HELP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wintv.exe, Version 6.0.26080.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00012905.
Error - 10.10.2012 11:31:33 | Computer Name = FALK-HELP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
[ System Events ]
Error - 31.12.2002 18:02:46 | Computer Name = FALK-HELP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
nvatabus sptd
Error - 09.10.2012 16:58:48 | Computer Name = FALK-HELP | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.
Error - 09.10.2012 16:58:48 | Computer Name = FALK-HELP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.10.2012 16:59:34 | Computer Name = FALK-HELP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 09.10.2012 17:13:09 | Computer Name = FALK-HELP | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.
Error - 09.10.2012 17:13:09 | Computer Name = FALK-HELP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.10.2012 17:13:58 | Computer Name = FALK-HELP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 31.12.2002 18:01:58 | Computer Name = FALK-HELP | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.
Error - 31.12.2002 18:01:58 | Computer Name = FALK-HELP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 31.12.2002 18:02:24 | Computer Name = FALK-HELP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
< End of report >
[/code] |
|
10.10.2012, 20:27
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jxodgbnhmnphmud
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore
C:\e35e308345ea5c24204ed4ea
C:\install.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cdoivglkayugxxr
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
10.10.2012, 22:14
| #19 |
| | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner OK. Auch erledigt. Die Hosts Datei hätte nicht zurückgesetzt werden müssen, die Einträge stammen von mir. Ich habe das einfach mal wieder zurückgesetzt weil ich es benötige. Hier das LogFile: Code:
ATTFilter All processes killed
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jxodgbnhmnphmud folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore folder moved successfully.
C:\e35e308345ea5c24204ed4ea\i386 folder moved successfully.
C:\e35e308345ea5c24204ed4ea\amd64 folder moved successfully.
C:\e35e308345ea5c24204ed4ea folder moved successfully.
C:\install.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cdoivglkayugxxr moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
F:\Schnelle Downloads\cmd.bat deleted successfully.
F:\Schnelle Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3436645 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Falk
->Temp folder emptied: 755034347 bytes
->Temporary Internet Files folder emptied: 2342357 bytes
->Java cache emptied: 88826792 bytes
->FireFox cache emptied: 74018145 bytes
->Flash cache emptied: 1932043 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 211738 bytes
User: LocalService.NT-AUTORITÄT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 36962 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService.NT-AUTORITÄT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3471851 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31185803 bytes
RecycleBin emptied: 6679925153 bytes
Total Files Cleaned = 7.287,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10102012_230046
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
11.10.2012, 13:44
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-TrojanerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.10.2012, 18:47
| #21 |
| | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Damit greife ich auf meine Projekte des lokalen Apache Servers zu. Sind wir fertig? Wie ist mein Status? Was denkst du ist der Rechner kompromitiert? |
|
12.10.2012, 09:59
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-TrojanerZitat:
Ist das ein Büro-/Firmen-PC?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 18:44
| #23 |
| | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Ja, so ist es. Der Rechner selbst ist kein Firmen/BüroPC. Ist aber Teil eines Netztwerkes. Deswegen stelle ich Dir auch Fragen die du leider immer nur mit Gegenfragen beantwortest. Also versuche ich es nocheinmal. Ist der Rechner komprimitiert? Wie ist mein Status? Wie kann ich mich infiziert haben? Der Rechner war Teil eines Hardware-Testcases. Kann ich den Rechner weiter benutzen oder muss ich das System neu aufsetzen? |
|
12.10.2012, 20:26
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Vllt wird der Grund der Gegenfragen dadurch verständlicher: Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 10:02
| #25 |
| | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Diesen Teil hatte ich gelesen. Wie gesagt, es handelt sich um keinen Firmen/Büro PC! Der Rechner ist privat hat aber Zugriff auf diverse Projekte. Für heisst das jetzt also den Rechner neu aufsetzen zu müssen? Zusätzlich hat Malewarebytes AntiMaleware das hier heute gefunden: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.15.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Falk :: FALK-HELP [Administrator] 15.10.2012 13:02:23 mbam-log-2012-10-15 (13-02-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 244805 Laufzeit: 9 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Hijack.SHELL32) -> Bösartig: (fastprox.dll) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
15.10.2012, 15:07
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 18:17
| #27 |
| | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Hier das LogFile: Code:
ATTFilter 19:12:07.0421 1128 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:12:07.0671 1128 ============================================================
19:12:07.0671 1128 Current date / time: 2012/10/15 19:12:07.0671
19:12:07.0671 1128 SystemInfo:
19:12:07.0671 1128
19:12:07.0671 1128 OS Version: 5.1.2600 ServicePack: 3.0
19:12:07.0671 1128 Product type: Workstation
19:12:07.0671 1128 ComputerName: FALK-HELP
19:12:07.0671 1128 UserName: Falk
19:12:07.0671 1128 Windows directory: C:\WINDOWS
19:12:07.0671 1128 System windows directory: C:\WINDOWS
19:12:07.0671 1128 Processor architecture: Intel x86
19:12:07.0671 1128 Number of processors: 1
19:12:07.0671 1128 Page size: 0x1000
19:12:07.0671 1128 Boot type: Normal boot
19:12:07.0671 1128 ============================================================
19:12:09.0343 1128 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:12:09.0359 1128 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:12:09.0375 1128 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:12:09.0390 1128 ============================================================
19:12:09.0390 1128 \Device\Harddisk0\DR0:
19:12:09.0390 1128 MBR partitions:
19:12:09.0390 1128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
19:12:09.0390 1128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x27116B5, BlocksNum 0x2C21E88A
19:12:09.0390 1128 \Device\Harddisk1\DR1:
19:12:09.0390 1128 MBR partitions:
19:12:09.0390 1128 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
19:12:09.0390 1128 \Device\Harddisk2\DR2:
19:12:09.0390 1128 MBR partitions:
19:12:09.0390 1128 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:12:09.0390 1128 ============================================================
19:12:09.0437 1128 C: <-> \Device\Harddisk2\DR2\Partition1
19:12:09.0437 1128 E: <-> \Device\Harddisk0\DR0\Partition1
19:12:09.0468 1128 F: <-> \Device\Harddisk1\DR1\Partition1
19:12:09.0468 1128 ============================================================
19:12:09.0468 1128 Initialize success
19:12:09.0468 1128 ============================================================
19:12:55.0203 3584 ============================================================
19:12:55.0203 3584 Scan started
19:12:55.0203 3584 Mode: Manual; SigCheck; TDLFS;
19:12:55.0203 3584 ============================================================
19:12:55.0765 3584 ================ Scan system memory ========================
19:12:55.0765 3584 System memory - ok
19:12:55.0765 3584 ================ Scan services =============================
19:12:55.0843 3584 Abiosdsk - ok
19:12:55.0859 3584 abp480n5 - ok
19:12:55.0906 3584 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:12:56.0500 3584 ACPI - ok
19:12:56.0515 3584 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:12:56.0687 3584 ACPIEC - ok
19:12:56.0765 3584 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
19:12:56.0796 3584 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:12:56.0796 3584 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:12:56.0890 3584 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:12:56.0906 3584 AdobeFlashPlayerUpdateSvc - ok
19:12:56.0906 3584 adpu160m - ok
19:12:56.0953 3584 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:12:57.0093 3584 aec - ok
19:12:57.0140 3584 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:12:57.0203 3584 AFD - ok
19:12:57.0203 3584 Aha154x - ok
19:12:57.0218 3584 aic78u2 - ok
19:12:57.0218 3584 aic78xx - ok
19:12:57.0328 3584 [ 933933288DF5ED26D1928215C97D05C7 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:12:57.0593 3584 ALCXWDM - ok
19:12:57.0640 3584 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:12:57.0765 3584 Alerter - ok
19:12:57.0796 3584 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:12:57.0859 3584 ALG - ok
19:12:57.0859 3584 AliIde - ok
19:12:57.0906 3584 [ B9DBAAE3219661F4D0C5E8DC0C2F987D ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:12:57.0953 3584 AmdK8 - ok
19:12:57.0953 3584 amsint - ok
19:12:58.0046 3584 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:12:58.0125 3584 AppMgmt - ok
19:12:58.0140 3584 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:12:58.0281 3584 Arp1394 - ok
19:12:58.0281 3584 asc - ok
19:12:58.0281 3584 asc3350p - ok
19:12:58.0296 3584 asc3550 - ok
19:12:58.0437 3584 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:12:58.0468 3584 aspnet_state - ok
19:12:58.0468 3584 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:12:58.0593 3584 AsyncMac - ok
19:12:58.0625 3584 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:12:58.0765 3584 atapi - ok
19:12:58.0765 3584 Atdisk - ok
19:12:58.0828 3584 [ 5CEDA44447A28DB469DE28AFC0950650 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:12:58.0906 3584 Ati HotKey Poller - ok
19:12:58.0953 3584 [ 737371583E0173F963D74435BE3E96D2 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
19:12:59.0031 3584 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
19:12:59.0031 3584 ATI Smart - detected UnsignedFile.Multi.Generic (1)
19:12:59.0187 3584 [ B63516824DA0D8B9AD136E6E044A795F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:12:59.0375 3584 ati2mtag - ok
19:12:59.0437 3584 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:12:59.0562 3584 Atmarpc - ok
19:12:59.0593 3584 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:12:59.0734 3584 AudioSrv - ok
19:12:59.0750 3584 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:12:59.0906 3584 audstub - ok
19:12:59.0937 3584 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:13:00.0078 3584 Beep - ok
19:13:00.0125 3584 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:13:00.0296 3584 BITS - ok
19:13:00.0328 3584 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
19:13:00.0343 3584 Brother XP spl Service - ok
19:13:00.0406 3584 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
19:13:00.0484 3584 Browser - ok
19:13:00.0531 3584 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
19:13:00.0546 3584 BrPar ( UnsignedFile.Multi.Generic ) - warning
19:13:00.0546 3584 BrPar - detected UnsignedFile.Multi.Generic (1)
19:13:00.0562 3584 C-Dilla - ok
19:13:00.0578 3584 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:13:00.0718 3584 cbidf2k - ok
19:13:00.0750 3584 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:13:00.0890 3584 CCDECODE - ok
19:13:00.0906 3584 cd20xrnt - ok
19:13:00.0953 3584 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:13:01.0078 3584 Cdaudio - ok
19:13:01.0125 3584 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:13:01.0265 3584 Cdfs - ok
19:13:01.0312 3584 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:13:01.0437 3584 Cdrom - ok
19:13:01.0437 3584 Changer - ok
19:13:01.0468 3584 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:13:01.0609 3584 CiSvc - ok
19:13:01.0640 3584 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:13:01.0781 3584 ClipSrv - ok
19:13:01.0843 3584 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:01.0890 3584 clr_optimization_v2.0.50727_32 - ok
19:13:01.0890 3584 CmdIde - ok
19:13:01.0906 3584 COMSysApp - ok
19:13:01.0921 3584 Cpqarray - ok
19:13:01.0953 3584 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:13:02.0093 3584 CryptSvc - ok
19:13:02.0093 3584 dac2w2k - ok
19:13:02.0109 3584 dac960nt - ok
19:13:02.0156 3584 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:13:02.0265 3584 DcomLaunch - ok
19:13:02.0328 3584 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:13:02.0468 3584 Dhcp - ok
19:13:02.0515 3584 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:13:02.0640 3584 Disk - ok
19:13:02.0640 3584 dmadmin - ok
19:13:02.0703 3584 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:13:02.0859 3584 dmboot - ok
19:13:02.0875 3584 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
19:13:03.0000 3584 dmio - ok
19:13:03.0015 3584 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:13:03.0156 3584 dmload - ok
19:13:03.0171 3584 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:13:03.0281 3584 dmserver - ok
19:13:03.0328 3584 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:13:03.0468 3584 DMusic - ok
19:13:03.0515 3584 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:13:03.0578 3584 Dnscache - ok
19:13:03.0656 3584 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:13:03.0796 3584 Dot3svc - ok
19:13:03.0812 3584 dpti2o - ok
19:13:03.0812 3584 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:13:03.0953 3584 drmkaud - ok
19:13:04.0000 3584 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:13:04.0156 3584 EapHost - ok
19:13:04.0296 3584 [ 5D09CCD05D538A0A3A63ADF0FC54E8BF ] EPGService C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
19:13:04.0312 3584 EPGService ( UnsignedFile.Multi.Generic ) - warning
19:13:04.0312 3584 EPGService - detected UnsignedFile.Multi.Generic (1)
19:13:04.0359 3584 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:13:04.0484 3584 ERSvc - ok
19:13:04.0515 3584 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:13:04.0546 3584 Eventlog - ok
19:13:04.0609 3584 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
19:13:04.0671 3584 EventSystem - ok
19:13:04.0718 3584 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:13:04.0828 3584 Fastfat - ok
19:13:04.0890 3584 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:13:04.0937 3584 FastUserSwitchingCompatibility - ok
19:13:05.0015 3584 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:13:05.0140 3584 Fdc - ok
19:13:05.0187 3584 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:13:05.0312 3584 Fips - ok
19:13:05.0578 3584 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:13:05.0625 3584 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:13:05.0625 3584 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:13:05.0671 3584 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:13:05.0812 3584 Flpydisk - ok
19:13:05.0859 3584 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:13:06.0000 3584 FltMgr - ok
19:13:06.0062 3584 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:13:06.0078 3584 FontCache3.0.0.0 - ok
19:13:06.0078 3584 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:13:06.0203 3584 Fs_Rec - ok
19:13:06.0234 3584 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:13:06.0359 3584 Ftdisk - ok
19:13:06.0390 3584 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:13:06.0515 3584 gameenum - ok
19:13:06.0562 3584 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:13:06.0703 3584 Gpc - ok
19:13:06.0750 3584 [ F22BF7F345DF95C09942951246AAA28D ] GVCplDrv C:\WINDOWS\system32\drivers\GVCplDrv.sys
19:13:06.0750 3584 GVCplDrv ( UnsignedFile.Multi.Generic ) - warning
19:13:06.0750 3584 GVCplDrv - detected UnsignedFile.Multi.Generic (1)
19:13:06.0796 3584 [ 223CB078064E12D89767EE8655970CFD ] HCW88AUD C:\WINDOWS\system32\drivers\hcw88aud.sys
19:13:06.0843 3584 HCW88AUD - ok
19:13:06.0890 3584 [ 0B86BAF04613627D6C50F0D045C79572 ] HCW88BDA C:\WINDOWS\system32\drivers\hcw88bda.sys
19:13:06.0937 3584 HCW88BDA - ok
19:13:06.0953 3584 [ F663B7D1420293A7AD79BBD813E3DD45 ] hcw88rc5 C:\WINDOWS\system32\Drivers\hcw88rc5.sys
19:13:07.0000 3584 hcw88rc5 - ok
19:13:07.0046 3584 [ F2663A40699608A27CD8B75781B1B957 ] HCW88TSE C:\WINDOWS\system32\drivers\hcw88tse.sys
19:13:07.0093 3584 HCW88TSE - ok
19:13:07.0109 3584 [ 4925745358275BD5E3F84E036C3A4978 ] HCW88TUNE C:\WINDOWS\system32\drivers\hcw88tun.sys
19:13:07.0125 3584 HCW88TUNE - ok
19:13:07.0187 3584 [ 8FD6AAE27DACA4B866D4CEBF2F7050B3 ] hcw88vid C:\WINDOWS\system32\drivers\hcw88vid.sys
19:13:07.0250 3584 hcw88vid - ok
19:13:07.0296 3584 [ EB79777D829C0B83514E65B333CECC34 ] HCW88XBAR C:\WINDOWS\system32\drivers\HCW88BAR.sys
19:13:07.0312 3584 HCW88XBAR - ok
19:13:07.0390 3584 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:13:07.0531 3584 helpsvc - ok
19:13:07.0531 3584 HidServ - ok
19:13:07.0578 3584 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:13:07.0703 3584 hidusb - ok
19:13:07.0750 3584 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:13:07.0890 3584 hkmsvc - ok
19:13:07.0906 3584 hpn - ok
19:13:07.0937 3584 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:13:07.0968 3584 HTTP - ok
19:13:08.0015 3584 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:13:08.0125 3584 HTTPFilter - ok
19:13:08.0125 3584 i2omgmt - ok
19:13:08.0140 3584 i2omp - ok
19:13:08.0171 3584 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:13:08.0328 3584 i8042prt - ok
19:13:08.0437 3584 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:13:08.0500 3584 idsvc - ok
19:13:08.0546 3584 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:13:08.0671 3584 Imapi - ok
19:13:08.0703 3584 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:13:08.0859 3584 ImapiService - ok
19:13:08.0875 3584 ini910u - ok
19:13:08.0875 3584 IntelIde - ok
19:13:08.0921 3584 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:13:09.0062 3584 ip6fw - ok
19:13:09.0093 3584 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:13:09.0250 3584 IpFilterDriver - ok
19:13:09.0265 3584 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:13:09.0406 3584 IpInIp - ok
19:13:09.0437 3584 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:13:09.0578 3584 IpNat - ok
19:13:09.0625 3584 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:13:09.0750 3584 IPSec - ok
19:13:09.0781 3584 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:13:09.0859 3584 IRENUM - ok
19:13:09.0906 3584 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:13:10.0031 3584 isapnp - ok
19:13:10.0125 3584 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
19:13:10.0156 3584 JavaQuickStarterService - ok
19:13:10.0203 3584 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:13:10.0328 3584 Kbdclass - ok
19:13:10.0375 3584 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:13:10.0515 3584 kbdhid - ok
19:13:10.0546 3584 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:13:10.0671 3584 kmixer - ok
19:13:10.0703 3584 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:13:10.0781 3584 KSecDD - ok
19:13:10.0828 3584 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:13:10.0875 3584 lanmanserver - ok
19:13:10.0921 3584 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:13:10.0968 3584 lanmanworkstation - ok
19:13:10.0968 3584 lbrtfdc - ok
19:13:11.0015 3584 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:13:11.0171 3584 LmHosts - ok
19:13:11.0187 3584 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:13:11.0250 3584 MBAMProtector - ok
19:13:11.0312 3584 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:13:11.0328 3584 MBAMScheduler - ok
19:13:11.0375 3584 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:13:11.0437 3584 MBAMService - ok
19:13:11.0484 3584 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:13:11.0625 3584 Messenger - ok
19:13:11.0671 3584 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:13:11.0812 3584 mnmdd - ok
19:13:11.0843 3584 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:13:12.0000 3584 mnmsrvc - ok
19:13:12.0031 3584 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:13:12.0171 3584 Modem - ok
19:13:12.0218 3584 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:13:12.0359 3584 Mouclass - ok
19:13:12.0390 3584 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:13:12.0515 3584 mouhid - ok
19:13:12.0562 3584 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:13:12.0703 3584 MountMgr - ok
19:13:12.0765 3584 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:13:12.0828 3584 MozillaMaintenance - ok
19:13:12.0859 3584 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
19:13:13.0000 3584 MPE - ok
19:13:13.0015 3584 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:13:13.0031 3584 MpFilter - ok
19:13:13.0093 3584 MpKsl97ccd5e3 - ok
19:13:13.0109 3584 mraid35x - ok
19:13:13.0140 3584 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:13:13.0281 3584 MRxDAV - ok
19:13:13.0328 3584 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:13:13.0375 3584 MRxSmb - ok
19:13:13.0421 3584 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:13:13.0562 3584 MSDTC - ok
19:13:13.0578 3584 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:13:13.0734 3584 Msfs - ok
19:13:13.0734 3584 MSIServer - ok
19:13:13.0781 3584 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:13:13.0921 3584 MSKSSRV - ok
19:13:13.0984 3584 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
19:13:14.0000 3584 MsMpSvc - ok
19:13:14.0031 3584 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:13:14.0156 3584 MSPCLOCK - ok
19:13:14.0171 3584 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:13:14.0312 3584 MSPQM - ok
19:13:14.0328 3584 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:13:14.0453 3584 mssmbios - ok
19:13:14.0484 3584 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:13:14.0609 3584 MSTEE - ok
19:13:14.0640 3584 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
19:13:14.0750 3584 ms_mpu401 - ok
19:13:14.0796 3584 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:13:14.0843 3584 MTsensor - ok
19:13:14.0890 3584 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:13:14.0968 3584 Mup - ok
19:13:15.0031 3584 MySQL - ok
19:13:15.0093 3584 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:13:15.0218 3584 NABTSFEC - ok
19:13:15.0296 3584 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:13:15.0437 3584 napagent - ok
19:13:15.0484 3584 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:13:15.0609 3584 NDIS - ok
19:13:15.0625 3584 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:13:15.0750 3584 NdisIP - ok
19:13:15.0765 3584 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:13:15.0812 3584 NdisTapi - ok
19:13:15.0843 3584 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:13:16.0000 3584 Ndisuio - ok
19:13:16.0015 3584 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:13:16.0156 3584 NdisWan - ok
19:13:16.0187 3584 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:13:16.0250 3584 NDProxy - ok
19:13:16.0296 3584 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:13:16.0421 3584 NetBIOS - ok
19:13:16.0468 3584 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:13:16.0609 3584 NetBT - ok
19:13:16.0687 3584 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:13:16.0828 3584 NetDDE - ok
19:13:16.0843 3584 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:13:16.0968 3584 NetDDEdsdm - ok
19:13:17.0015 3584 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:13:17.0171 3584 Netlogon - ok
19:13:17.0187 3584 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:13:17.0328 3584 Netman - ok
19:13:17.0406 3584 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:17.0421 3584 NetTcpPortSharing - ok
19:13:17.0484 3584 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:13:17.0625 3584 NIC1394 - ok
19:13:17.0656 3584 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:13:17.0687 3584 Nla - ok
19:13:17.0765 3584 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Programme\CDBurnerXP\NMSAccessU.exe
19:13:17.0781 3584 NMSAccessU - ok
19:13:17.0812 3584 [ 357DDB51E03CAE598C096D95497373D0 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
19:13:18.0234 3584 nmwcd - ok
19:13:18.0265 3584 [ 7CD443F9D36C80E152FADB274089577A ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:13:18.0328 3584 nmwcdc - ok
19:13:18.0375 3584 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:13:18.0500 3584 Npfs - ok
19:13:18.0562 3584 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:13:18.0718 3584 Ntfs - ok
19:13:18.0750 3584 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:13:18.0859 3584 NtLmSsp - ok
19:13:18.0937 3584 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:13:19.0093 3584 NtmsSvc - ok
19:13:19.0125 3584 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:13:19.0250 3584 Null - ok
19:13:19.0281 3584 [ C8DAA008F9E390B9DA504C1CD0DA1EE9 ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
19:13:19.0281 3584 nvatabus ( UnsignedFile.Multi.Generic ) - warning
19:13:19.0281 3584 nvatabus - detected UnsignedFile.Multi.Generic (1)
19:13:19.0312 3584 [ 0F432994CA6BAFD97321BFA86296F435 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:13:19.0328 3584 NVENETFD ( UnsignedFile.Multi.Generic ) - warning
19:13:19.0328 3584 NVENETFD - detected UnsignedFile.Multi.Generic (1)
19:13:19.0359 3584 [ CAE6911F13850B56CB6C96F6BDA70D9B ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:13:19.0375 3584 nvnetbus ( UnsignedFile.Multi.Generic ) - warning
19:13:19.0375 3584 nvnetbus - detected UnsignedFile.Multi.Generic (1)
19:13:19.0390 3584 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:13:19.0531 3584 NwlnkFlt - ok
19:13:19.0531 3584 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:13:19.0656 3584 NwlnkFwd - ok
19:13:19.0687 3584 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:13:19.0812 3584 ohci1394 - ok
19:13:19.0828 3584 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:13:19.0968 3584 Parport - ok
19:13:20.0000 3584 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:13:20.0125 3584 PartMgr - ok
19:13:20.0156 3584 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:13:20.0281 3584 ParVdm - ok
19:13:20.0312 3584 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:13:20.0359 3584 pccsmcfd - ok
19:13:20.0359 3584 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:13:20.0500 3584 PCI - ok
19:13:20.0515 3584 PCIDump - ok
19:13:20.0531 3584 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:13:20.0640 3584 PCIIde - ok
19:13:20.0703 3584 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:13:20.0843 3584 Pcmcia - ok
19:13:20.0843 3584 PDCOMP - ok
19:13:20.0859 3584 PDFRAME - ok
19:13:20.0859 3584 PDRELI - ok
19:13:20.0875 3584 PDRFRAME - ok
19:13:20.0875 3584 perc2 - ok
19:13:20.0890 3584 perc2hib - ok
19:13:20.0937 3584 [ E5AC9F8C128B597DD7919AF96B84172E ] pfc C:\WINDOWS\system32\drivers\pfc.sys
19:13:20.0953 3584 pfc ( UnsignedFile.Multi.Generic ) - warning
19:13:20.0953 3584 pfc - detected UnsignedFile.Multi.Generic (1)
19:13:20.0968 3584 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:13:20.0984 3584 PlugPlay - ok
19:13:20.0984 3584 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:13:21.0109 3584 PolicyAgent - ok
19:13:21.0125 3584 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:13:21.0250 3584 PptpMiniport - ok
19:13:21.0296 3584 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:13:21.0421 3584 Processor - ok
19:13:21.0421 3584 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:13:21.0546 3584 ProtectedStorage - ok
19:13:21.0546 3584 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:13:21.0671 3584 PSched - ok
19:13:21.0687 3584 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:13:21.0812 3584 Ptilink - ok
19:13:21.0812 3584 ql1080 - ok
19:13:21.0828 3584 Ql10wnt - ok
19:13:21.0828 3584 ql12160 - ok
19:13:21.0843 3584 ql1240 - ok
19:13:21.0843 3584 ql1280 - ok
19:13:21.0890 3584 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:13:22.0000 3584 RasAcd - ok
19:13:22.0062 3584 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:13:22.0187 3584 RasAuto - ok
19:13:22.0218 3584 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:13:22.0343 3584 Rasl2tp - ok
19:13:22.0359 3584 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:13:22.0500 3584 RasMan - ok
19:13:22.0500 3584 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:13:22.0625 3584 RasPppoe - ok
19:13:22.0625 3584 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:13:22.0765 3584 Raspti - ok
19:13:22.0812 3584 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:13:22.0921 3584 Rdbss - ok
19:13:22.0937 3584 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:13:23.0046 3584 RDPCDD - ok
19:13:23.0078 3584 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:13:23.0187 3584 rdpdr - ok
19:13:23.0218 3584 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:13:23.0265 3584 RDPWD - ok
19:13:23.0281 3584 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:13:23.0421 3584 RDSessMgr - ok
19:13:23.0437 3584 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:13:23.0562 3584 redbook - ok
19:13:23.0609 3584 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:13:23.0750 3584 RemoteAccess - ok
19:13:23.0781 3584 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:13:23.0906 3584 RemoteRegistry - ok
19:13:23.0953 3584 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:13:24.0078 3584 RpcLocator - ok
19:13:24.0093 3584 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:13:24.0125 3584 RpcSs - ok
19:13:24.0203 3584 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:13:24.0359 3584 RSVP - ok
19:13:24.0421 3584 SageDB 5.0 - ok
19:13:24.0453 3584 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:13:24.0578 3584 SamSs - ok
19:13:24.0640 3584 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:13:24.0765 3584 SCardSvr - ok
19:13:24.0812 3584 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:13:24.0921 3584 Schedule - ok
19:13:24.0968 3584 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:13:25.0015 3584 Secdrv - ok
19:13:25.0062 3584 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:13:25.0218 3584 seclogon - ok
19:13:25.0218 3584 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:13:25.0343 3584 SENS - ok
19:13:25.0375 3584 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:13:25.0515 3584 serenum - ok
19:13:25.0531 3584 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:13:25.0640 3584 Serial - ok
19:13:25.0734 3584 [ 8988D1F32F56B3CD3F0F6C39F8A91A98 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
19:13:25.0796 3584 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:13:25.0796 3584 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:13:25.0843 3584 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:13:25.0968 3584 Sfloppy - ok
19:13:26.0015 3584 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:13:26.0140 3584 SharedAccess - ok
19:13:26.0156 3584 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:13:26.0203 3584 ShellHWDetection - ok
19:13:26.0203 3584 Si3114r5 - ok
19:13:26.0218 3584 SiFilter - ok
19:13:26.0218 3584 Simbad - ok
19:13:26.0281 3584 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
19:13:26.0296 3584 SkypeUpdate - ok
19:13:26.0343 3584 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:13:26.0468 3584 SLIP - ok
19:13:26.0500 3584 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:13:26.0640 3584 SONYPVU1 - ok
19:13:26.0656 3584 Sparrow - ok
19:13:26.0703 3584 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:13:26.0812 3584 splitter - ok
19:13:26.0859 3584 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:13:26.0906 3584 Spooler - ok
19:13:26.0968 3584 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
19:13:27.0062 3584 sptd - ok
19:13:27.0109 3584 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:13:27.0156 3584 sr - ok
19:13:27.0234 3584 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
19:13:27.0296 3584 srservice - ok
19:13:27.0328 3584 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:13:27.0406 3584 Srv - ok
19:13:27.0437 3584 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:13:27.0515 3584 SSDPSRV - ok
19:13:27.0562 3584 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:13:27.0562 3584 ssmdrv - ok
19:13:27.0593 3584 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:13:27.0765 3584 stisvc - ok
19:13:27.0781 3584 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:13:27.0921 3584 streamip - ok
19:13:27.0937 3584 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:13:28.0046 3584 swenum - ok
19:13:28.0093 3584 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:13:28.0218 3584 swmidi - ok
19:13:28.0234 3584 SwPrv - ok
19:13:28.0234 3584 symc810 - ok
19:13:28.0250 3584 symc8xx - ok
19:13:28.0250 3584 sym_hi - ok
19:13:28.0265 3584 sym_u3 - ok
19:13:28.0296 3584 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:13:28.0421 3584 sysaudio - ok
19:13:28.0453 3584 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:13:28.0562 3584 SysmonLog - ok
19:13:28.0578 3584 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:13:28.0687 3584 TapiSrv - ok
19:13:28.0734 3584 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:13:28.0765 3584 Tcpip - ok
19:13:28.0812 3584 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:13:28.0921 3584 TDPIPE - ok
19:13:28.0937 3584 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:13:29.0046 3584 TDTCP - ok
19:13:29.0062 3584 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:13:29.0171 3584 TermDD - ok
19:13:29.0203 3584 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:13:29.0328 3584 TermService - ok
19:13:29.0343 3584 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:13:29.0375 3584 Themes - ok
19:13:29.0406 3584 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
19:13:29.0484 3584 TlntSvr - ok
19:13:29.0484 3584 TosIde - ok
19:13:29.0515 3584 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:13:29.0625 3584 TrkWks - ok
19:13:29.0671 3584 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:13:29.0796 3584 Udfs - ok
19:13:29.0796 3584 ultra - ok
19:13:29.0828 3584 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:13:29.0906 3584 UMWdf - ok
19:13:29.0937 3584 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:13:30.0062 3584 Update - ok
19:13:30.0109 3584 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:13:30.0187 3584 upnphost - ok
19:13:30.0218 3584 [ 15629E4D65F97AB5432D6D9597CF6A33 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:13:30.0296 3584 upperdev - ok
19:13:30.0312 3584 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:13:30.0453 3584 UPS - ok
19:13:30.0468 3584 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:13:30.0593 3584 usbccgp - ok
19:13:30.0625 3584 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:13:30.0734 3584 usbehci - ok
19:13:30.0750 3584 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:13:30.0859 3584 usbhub - ok
19:13:30.0875 3584 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:13:31.0000 3584 usbohci - ok
19:13:31.0031 3584 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:13:31.0125 3584 usbprint - ok
19:13:31.0156 3584 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:13:31.0265 3584 usbscan - ok
19:13:31.0281 3584 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
19:13:31.0406 3584 usbser - ok
19:13:31.0421 3584 [ 5C17E6A11AA8BE53F79FD364BA19F0CE ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:13:31.0484 3584 UsbserFilt - ok
19:13:31.0500 3584 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:13:31.0609 3584 usbstor - ok
19:13:31.0625 3584 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:13:31.0750 3584 VgaSave - ok
19:13:31.0765 3584 ViaIde - ok
19:13:31.0812 3584 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:13:31.0937 3584 VolSnap - ok
19:13:31.0984 3584 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:13:32.0078 3584 VSS - ok
19:13:32.0109 3584 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
19:13:32.0234 3584 W32Time - ok
19:13:32.0265 3584 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:13:32.0406 3584 Wanarp - ok
19:13:32.0453 3584 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:13:32.0484 3584 Wdf01000 - ok
19:13:32.0500 3584 WDICA - ok
19:13:32.0515 3584 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:13:32.0625 3584 wdmaud - ok
19:13:32.0656 3584 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:13:32.0796 3584 WebClient - ok
19:13:32.0875 3584 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:13:32.0984 3584 winmgmt - ok
19:13:33.0015 3584 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:13:33.0078 3584 WmdmPmSN - ok
19:13:33.0140 3584 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:13:33.0218 3584 Wmi - ok
19:13:33.0250 3584 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:13:33.0375 3584 WmiApSrv - ok
19:13:33.0406 3584 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:13:33.0546 3584 wscsvc - ok
19:13:33.0562 3584 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:13:33.0687 3584 WSTCODEC - ok
19:13:33.0718 3584 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:13:33.0859 3584 wuauserv - ok
19:13:33.0890 3584 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:13:34.0046 3584 WZCSVC - ok
19:13:34.0093 3584 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:13:34.0203 3584 xmlprov - ok
19:13:34.0250 3584 [ A8D429E2268792638CFFC57552C5E736 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:13:34.0312 3584 yukonwxp - ok
19:13:34.0328 3584 ================ Scan global ===============================
19:13:34.0375 3584 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:13:34.0437 3584 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:13:34.0437 3584 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:13:34.0468 3584 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:13:34.0468 3584 [Global] - ok
19:13:34.0468 3584 ================ Scan MBR ==================================
19:13:34.0468 3584 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:13:34.0781 3584 \Device\Harddisk0\DR0 - ok
19:13:34.0796 3584 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
19:13:35.0125 3584 \Device\Harddisk1\DR1 - ok
19:13:35.0140 3584 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk2\DR2
19:13:35.0375 3584 \Device\Harddisk2\DR2 - ok
19:13:35.0375 3584 ================ Scan VBR ==================================
19:13:35.0375 3584 [ CE74C5F9EA29F099FBBCC13110033548 ] \Device\Harddisk0\DR0\Partition1
19:13:35.0375 3584 \Device\Harddisk0\DR0\Partition1 - ok
19:13:35.0390 3584 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
19:13:35.0390 3584 \Device\Harddisk0\DR0\Partition2 - ok
19:13:35.0390 3584 [ 1D58992430217975931CD4DB74E5987D ] \Device\Harddisk1\DR1\Partition1
19:13:35.0390 3584 \Device\Harddisk1\DR1\Partition1 - ok
19:13:35.0406 3584 [ 10EEAD95C6F0A07BA63E0AD74B3DE198 ] \Device\Harddisk2\DR2\Partition1
19:13:35.0406 3584 \Device\Harddisk2\DR2\Partition1 - ok
19:13:35.0406 3584 ============================================================
19:13:35.0406 3584 Scan finished
19:13:35.0406 3584 ============================================================
19:13:35.0515 3556 Detected object count: 11
19:13:35.0515 3556 Actual detected object count: 11
19:14:43.0109 3556 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 EPGService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 EPGService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 GVCplDrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 GVCplDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 NVENETFD ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 NVENETFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 nvnetbus ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 nvnetbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:43.0109 3556 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:43.0109 3556 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.10.2012, 18:59
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 22:01
| #29 |
| | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Hier das ComboBox Logfile: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-15.01 - Falk 15.10.2012 22:46:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.391 [GMT 2:00]
ausgeführt von:: f:\schnelle downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Falk\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-15 bis 2012-10-15 ))))))))))))))))))))))))))))))
.
.
2012-10-15 14:01 . 2012-10-15 14:01 96224 ----a-w- c:\programme\Mozilla Firefox\updated\webapprt-stub.exe
2012-10-15 14:01 . 2012-10-15 14:01 157272 ----a-w- c:\programme\Mozilla Firefox\updated\webapp-uninstaller.exe
2012-10-15 10:59 . 2012-08-29 23:17 6980552 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{EAB74622-D0FA-468A-BA8D-9B79C1224B18}\mpengine.dll
2012-10-12 08:24 . 2012-08-29 23:17 6980552 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-11 20:48 . 2012-10-11 20:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Sage Group
2012-10-10 14:06 . 2012-10-10 14:06 -------- d-----w- c:\dokumente und einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\Sun
2012-10-08 11:14 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-08 11:14 . 2012-10-08 11:14 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-10-08 10:06 . 2012-10-09 08:08 -------- d-----w- c:\windows\system32\XPSViewer
2012-10-08 10:06 . 2012-10-08 10:06 -------- d-----w- c:\programme\MSBuild
2012-10-08 10:06 . 2012-10-08 10:06 -------- d-----w- c:\programme\Reference Assemblies
2012-10-08 10:06 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-10-08 10:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-10-08 10:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-10-08 10:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-10-08 10:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-10-08 10:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-10-08 10:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-10-08 10:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-10-08 10:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-10-08 09:36 . 2012-10-08 09:36 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2012-10-08 09:32 . 2012-10-08 10:49 -------- d-----w- c:\programme\Mozilla Maintenance Service
2012-10-08 09:32 . 2012-10-08 10:22 192600 ----a-w- c:\programme\Mozilla Firefox\maintenanceservice_installer.exe
2012-10-08 09:32 . 2012-10-08 10:22 68576 ----a-w- c:\programme\Mozilla Firefox\mozglue.dll
2012-10-08 09:32 . 2012-10-08 10:22 2244064 ----a-w- c:\programme\Mozilla Firefox\mozjs.dll
2012-10-08 09:32 . 2012-10-08 10:22 15840 ----a-w- c:\programme\Mozilla Firefox\mozalloc.dll
2012-10-08 09:32 . 2012-10-08 10:22 813536 ----a-w- c:\programme\Mozilla Firefox\mozsqlite3.dll
2012-10-08 09:28 . 2012-08-14 15:49 171136 ----a-w- c:\programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2012-10-08 09:28 . 2012-10-08 09:28 -------- d-----w- c:\programme\Tracker Software
2012-10-08 09:25 . 2012-10-08 09:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 09:21 . 2012-10-15 10:00 -------- d-----w- c:\dokumente und einstellungen\Falk\Anwendungsdaten\vlc
2012-10-08 09:04 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-10-08 09:04 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-10-06 22:42 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-06 22:38 . 2012-10-09 07:27 -------- d-----w- c:\programme\Microsoft Security Client
2012-10-06 22:33 . 2012-10-06 22:33 -------- d-sh--w- c:\dokumente und einstellungen\Falk\IETldCache
2012-10-06 21:58 . 2012-08-28 15:05 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-06 21:58 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-10-06 21:57 . 2012-08-28 15:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-10-06 21:57 . 2012-08-28 18:35 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-10-06 21:57 . 2012-08-28 15:05 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-06 21:57 . 2012-08-28 15:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-06 21:57 . 2012-08-28 15:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-06 21:57 . 2012-08-28 15:05 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-10-06 21:57 . 2012-08-28 15:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-06 21:56 . 2012-10-06 21:57 -------- dc-h--w- c:\windows\ie8
2012-10-06 21:56 . 2012-10-08 09:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-06 21:56 . 2012-10-06 21:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-06 21:54 . 2012-10-08 09:25 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-06 21:41 . 2012-10-06 21:41 -------- d-----w- c:\programme\MSXML 4.0
2012-10-06 21:32 . 2012-10-08 09:44 -------- d-----w- c:\dokumente und einstellungen\Falk\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
2012-10-06 21:26 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-10-06 21:26 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-06 21:24 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-10-06 21:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-10-06 21:13 . 2012-08-23 06:26 2195200 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-10-06 21:13 . 2012-08-23 06:26 2151424 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-10-06 21:13 . 2012-08-23 06:26 2030080 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-10-06 21:12 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-10-06 21:11 . 2012-10-09 20:27 -------- d--h--w- c:\windows\$hf_mig$
2012-10-06 21:08 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-05 21:41 . 2012-10-05 21:41 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2012-10-04 19:51 . 2012-10-04 19:51 -------- d-----w- c:\windows\system32\%programfiles%
2012-10-04 19:51 . 2012-10-04 19:51 -------- d-----w- c:\windows\system32\%commonprogramfiles%
2012-10-04 12:37 . 2012-10-04 12:37 -------- d-----w- C:\Program Files
2012-10-04 10:54 . 2012-10-04 10:54 -------- d-----w- c:\dokumente und einstellungen\Falk\Anwendungsdaten\Malwarebytes
2012-10-04 10:53 . 2012-10-04 10:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-02 23:22 . 2002-12-31 23:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 17:56 . 2012-09-05 14:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:56 . 2012-09-05 14:03 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 20:28 . 2012-08-30 20:28 81920 ------w- c:\windows\system32\ieencode.dll
2012-08-30 20:03 . 2012-03-20 18:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:05 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2008-04-14 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2008-04-14 07:30 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-08 10:22 . 2012-10-08 10:22 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
WISO Mein Steuer-Sparbuch heute.lnk - c:\programme\WISO\Steuersoftware 2012\mshaktuell.exe [2003-1-1 1380504]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Sage\\GSBuchhalter\\Gsbuchhalter.exe"=
.
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [08.11.2009 13:28 12928]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [08.11.2009 13:36 437248]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [08.10.2012 13:14 399432]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [08.11.2009 13:29 182400]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [08.11.2009 13:28 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [08.11.2009 13:28 320256]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [08.11.2009 13:28 74624]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [08.11.2009 13:28 394880]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [08.11.2009 13:28 17280]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.08.2008 00:55 716272]
S1 MpKsl97ccd5e3;MpKsl97ccd5e3;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{F177E9F4-3F95-4F18-B91F-6648A522A583}\MpKsl97ccd5e3.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{F177E9F4-3F95-4F18-B91F-6648A522A583}\MpKsl97ccd5e3.sys [?]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [08.10.2012 13:14 676936]
S2 SageDB 5.0;SageDB 5.0;c:\programme\Sage\SageDB 5.0\bin\mysqld-nt.exe "--defaults-file=c:\programme\Sage\SageDB 5.0\server.ini" "SageDB 5.0" --> c:\programme\Sage\SageDB 5.0\bin\mysqld-nt.exe --defaults-file=c:\programme\Sage\SageDB 5.0\server.ini [?]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.09.2012 16:03 250808]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08.10.2012 13:14 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [08.10.2012 11:32 114144]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 53419246
*Deregistered* - 53419246
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 17:56]
.
2012-10-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programme\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2012-10-15 c:\windows\Tasks\MpIdleTask.job
- c:\programme\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: Interfaces\{5791F2BD-7CE6-4B20-B7D0-237CBBA338E6}: NameServer = 192.168.0.1
TCP: Interfaces\{FE71409C-5452-4E13-817B-70745815C6BE}: NameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2012-09-05 17:18; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\dokumente und einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2012-09-15 20:17; firebug@software.joehewitt.com; c:\dokumente und einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2012-09-15 20:17; {c45c406e-ab73-11d8-be73-000a95be3b12}; c:\dokumente und einstellungen\Falk\Anwendungsdaten\Mozilla\Firefox\Profiles\af9dx3s4.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - ExtSQL: 2012-10-06 23:56; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-08 12:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{B9E618A2-A4FE-11D4-83C2-005004636C96} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-15 22:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programme\MySQL\MySQL Server 5.0\bin\mysqld\" --defaults-file=\"c:\programme\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-10-15 22:57:39
ComboFix-quarantined-files.txt 2012-10-15 20:57
.
Vor Suchlauf: 15 Verzeichnis(se), 169.176.698.880 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 169.127.178.240 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
.
- - End Of File - - 69687F57B79F8277A62D219BB524B142
|
|
16.10.2012, 16:11
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Probleme während der Beseitigung des Bundespolizei Verschlüsselungs-Trojaner |
| anleitung, anmelden, beseitigung, bildschirm, computer, dateien, eigenartig, einfrieren, ergebnis, fehler, fehlermeldung, festplatte, forum, gesperrt, google, infizierte, infizierte dateien, installation, neustart, nicht mehr, problem, probleme, reparieren, setup, sp3, system, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
