|
Plagegeister aller Art und deren Bekämpfung: Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.11.2012, 09:06 | #1 | |||
| Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? Hallo und guten Morgen zusammen, für eines unserer Systeme hat "ESET Endpoint Antivirus" (Version 5.0.2126) die nachfolgenden Warnungen ausgegeben: Zitat:
Zitat:
Zitat:
Vielen Dank für Eure Unterstützung !! Canni |
12.11.2012, 13:28 | #2 |
/// Malware-holic | Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? hi
__________________bitte mal drauf achten, in naher zukunft kommt eset 6 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
13.11.2012, 11:52 | #3 |
| Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? Hallo auch und vielen Dank für die schnelle Unterstützung. Auch wenn manche es anders sehen - ich bin für soetwas sehr dankbar.
__________________OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.11.2012 11:20:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = c:\dokumente und einstellungen\Username\desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 67,35% Memory free 3,72 Gb Paging File | 3,34 Gb Available in Paging File | 89,64% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 108,67 Gb Total Space | 86,07 Gb Free Space | 79,20% Space Free | Partition Type: NTFS Computer Name: Notebook03| User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Dokumente und Einstellungen\Username\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Eset\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Programme\Eset\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\Programme\gateProtect\VPN Client\bin\Service.exe () PRC - C:\Programme\gateProtect\VPN Client\bin\VpnClient.exe (gateProtect Aktiengesellschaft Germany) PRC - C:\Programme\gateProtect\VPN Client\bin\openvpn.exe () PRC - C:\WINDOWS\system32\DKabcoms.exe ( ) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\sdb4mlm.dll () MOD - C:\WINDOWS\system32\SaXPWIA.dll () MOD - C:\Programme\gateProtect\VPN Client\bin\Service.exe () MOD - C:\Programme\gateProtect\VPN Client\bin\openvpn.exe () MOD - C:\Programme\gateProtect\VPN Client\bin\libssl32.dll () MOD - C:\Programme\gateProtect\VPN Client\bin\libeay32.dll () MOD - C:\Programme\gateProtect\VPN Client\bin\libpkcs11-helper-1.dll () MOD - C:\Programme\Plustek\Plustek SmartOffice PS286\Scanapi.dll () MOD - C:\Programme\Adobe\Reader 8.0\Reader\AdobeXMP.dll () MOD - C:\WINDOWS\system32\bcm1xsup.dll () MOD - C:\WINDOWS\system32\redmonnt.dll () MOD - C:\WINDOWS\system32\HPBHEALR.DLL () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ESHASRV) -- C:\Programme\Eset\ESET NOD32 Antivirus\EShaSrv.exe (ESET) SRV - (EhttpSrv) -- C:\Programme\Eset\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Programme\Eset\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (PSEXESVC) -- C:\WINDOWS\PSEXESVC.EXE (Sysinternals) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (GPVPNService) -- C:\Programme\gateProtect\VPN Client\bin\Service.exe () SRV - (dkab_device) -- C:\WINDOWS\system32\DKabcoms.exe ( ) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (winvnc) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET) DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET) DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET) DRV - (SSPORT) -- C:\WINDOWS\system32\drivers\SSPORT.sys (Samsung Electronics) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.) DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft) DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 52 7F E4 0D 8C CD 01 [binary data] IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) O1 HOSTS File: ([2010.12.15 18:31:52 | 000,000,908 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.8.1 domainfs02 O1 - Hosts: 192.168.4.2. domainsrv02 O1 - Hosts: 192.168.3.2 domainsrv01 O1 - Hosts: 192.168.3.2 domain-server O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [WinVNC] C:\Programme\UltraVNC\WinVNC.exe (UltraVNC) O4 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184..\Run: [JHHUNHM] rundll32 "C:\Dokumente und Einstellungen\Username\Anwendungsdaten\olepro32R.dll",wkoceupvmph File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DocAction (Plustek SmartOffice PS286).lnk = C:\Programme\Plustek\Plustek SmartOffice PS286\DocuAction.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 1 = teamviewer_setup_de.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 2 = teamviewerqs_de.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 3 = teamviewer_host_setup.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 4 = teamviewerqj_de.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 5 = teamviewer_.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 6 = teamviewer_desktop.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 7 = teamviewer_service.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 8 = tv_w32.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 9 = teamviewer.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 10 = teamviewerportable.zip O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re strictCpl: 1 = access.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re strictCpl: 2 = desk.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re strictCpl: 3 = Drucker und Faxgeräte O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re strictCpl: 4 = inetcpl.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re strictCpl: 5 = main.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re strictCpl: 6 = ncpa.cpl (Microsoft Corporation) O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Re strictCpl: 7 = Netzwerkverbindungen O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 1 = teamviewer_setup_de.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 2 = teamviewerqs_de.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 3 = teamviewer_host_setup.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 4 = teamviewerqj_de.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 5 = teamviewer_.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 6 = teamviewer_desktop.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 7 = teamviewer_service.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 8 = tv_w32.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 9 = teamviewer.exe O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Di sallowRun: 10 = teamviewerportable.zip O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKU\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22EE4D86-E7E0-4173-A1D7-A824831BB6AE}: DhcpNameServer = 192.168.4.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E6FD560-B6A4-4E90-A33E-D443B7A988EB}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\t-mobile - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.01.08 20:36:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5ab0c3ca-be24-11dc-aeeb-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{5ab0c3ca-be24-11dc-aeeb-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ab0c3ca-be24-11dc-aeeb-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.13 11:20:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.13 08:18:05 | 000,517,804 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.13 08:18:05 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.13 08:18:05 | 000,084,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.13 08:18:04 | 000,101,656 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.13 07:58:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.11 12:15:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.12 12:02:48 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.06 10:59:38 | 000,950,585 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll [2012.09.06 10:58:23 | 000,124,224 | R--- | C] () -- C:\WINDOWS\wiainst.exe [2012.09.06 10:56:47 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2012.09.06 10:56:46 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2012.09.06 10:56:19 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\sdb4mlm.dll [2012.09.06 09:51:43 | 000,026,280 | RHS- | C] () -- C:\Dokumente und Einstellungen\Admin\ntuser.pol [2012.02.15 09:00:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.02 13:18:18 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll [2011.11.02 13:17:39 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabusb1.dll [2011.11.02 13:17:39 | 000,655,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabpmui.dll [2011.11.02 13:17:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabiesc.dll [2011.11.02 13:17:38 | 001,044,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabserv.dll [2011.11.02 13:17:38 | 000,573,440 | ---- | C] ( ) -- C:\WINDOWS\System32\dkablmpm.dll [2011.11.02 13:17:38 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabpar1.dll [2011.11.02 13:17:37 | 000,864,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabip1.dll [2011.11.02 13:17:37 | 000,454,656 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabiobj.dll [2011.11.02 13:17:37 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabhcp.dll [2011.11.02 13:17:37 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabinpa.dll [2011.11.02 13:17:36 | 000,819,200 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabcomc.dll [2011.11.02 13:17:36 | 000,586,992 | ---- | C] ( ) -- C:\WINDOWS\System32\DKabcoms.exe [2011.11.02 13:17:36 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabcomm.dll [2010.12.17 17:11:48 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\CDASpl.dll [2008.01.09 17:49:09 | 000,111,582 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol ========== ZeroAccess Check ========== [2008.01.09 14:47:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.11.10 18:00:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gateProtect [2012.09.06 14:28:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\postgresql [2012.09.06 11:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung [2008.05.28 12:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gateProtect [2008.01.09 18:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.domain\Anwendungsdaten\gateProtect [2012.09.06 13:48:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\catalog.wci [2012.09.12 09:27:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2008.01.09 18:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gateProtect [2012.05.15 08:15:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GroupPolicy [2008.01.11 12:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username\Anwendungsdaten\gateProtect [2012.09.06 10:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username\Anwendungsdaten\ScanSoft [2009.11.10 17:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username\Anwendungsdaten\TeamViewer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.04.02 11:05:48 | 000,000,000 | ---D | M] -- C:\0e879178f524f79b48d972edae98ca [2008.01.08 20:46:29 | 000,000,000 | ---D | M] -- C:\DELL [2012.09.06 14:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2012.05.09 11:05:26 | 000,000,000 | ---D | M] -- C:\f61568063dd41ca28217b41279f7a3 [2008.01.08 20:48:19 | 000,000,000 | ---D | M] -- C:\Intel [2012.04.02 10:35:36 | 000,000,000 | ---D | M] -- C:\lj1015 [2008.01.09 17:53:35 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.09.06 12:05:51 | 000,000,000 | R--D | M] -- C:\Programme [2009.09.16 09:33:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.09.06 11:00:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.13 07:59:20 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 06:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 06:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 06:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 06:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 06:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 06:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 06:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2008.01.08 20:34:27 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2008.01.08 20:41:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012.11.12 12:02:48 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 11:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: IASTOR.SYS > [2007.07.12 22:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\dell\iastor\iastor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATA.SYS > [2006.10.18 23:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\nvata.sys < MD5 for: NVATABUS.SYS > [2006.10.18 22:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 11:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 11:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 11:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 11:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.08 21:10:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.01.08 21:10:03 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.01.08 21:10:03 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.11.13 11:22:34 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\NTUSER.DAT [2012.11.13 11:32:12 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\NTUSER.DAT.LOG [2012.10.05 14:08:45 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.ini [2012.09.06 09:51:43 | 000,026,280 | RHS- | M] () -- C:\Dokumente und Einstellungen\Admin\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.07.03 19:25:08 | 001,866,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.11.2012 11:20:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = c:\dokumente und einstellungen\username\desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 67,35% Memory free 3,72 Gb Paging File | 3,34 Gb Available in Paging File | 89,64% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 108,67 Gb Total Space | 86,07 Gb Free Space | 79,20% Space Free | Partition Type: NTFS Computer Name: Notebook03 | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1825349137-338196624-3985880893-1184\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-1825349137-338196624-3985880893-1226\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications] "Enabled" = 0 "AllowUserPrefMerge" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] "Enabled" = 0 "AllowUserPrefMerge" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 0 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging] "LogDroppedPackets" = 0 "LogSuccessfulConnections" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "DisableNotifications" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications] "Enabled" = 0 "AllowUserPrefMerge" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts] "AllowUserPrefMerge" = 0 "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 0 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Globa llyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung "80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Glo ballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Autho rizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\DKabcoms.exe" = C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP -- ( ) "C:\WINDOWS\twain_32\Dell\DELL1265\SCNSearch\USDAgent.exe" = C:\WINDOWS\twain_32\Dell\DELL1265\SCNSearch\USDAgent.exe:*:Enabled:Dell Scanner Discovery Module V2 -- () "C:\Programme\Dell\Dell B1265dnf Laser MFP\Dell Scan Assistant\USDAgent.exe" = C:\Programme\Dell\Dell B1265dnf Laser MFP\Dell Scan Assistant\USDAgent.exe:*:Enabled:Dell B1265dnf Laser MFP Scan Assistant - USDAgent.exe -- () "C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe" = C:\Programme\Gemeinsame Dateien\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- () "C:\Programme\Dell\Dell Printer Manager\Dell.Application.exe" = C:\Programme\Dell\Dell Printer Manager\Dell.Application.exe:*:Enabled:Dell Printer Manager -- (Dell Inc.) "C:\Programme\Dell\Dell Printer Manager\Dell.OrderSupplies.exe" = C:\Programme\Dell\Dell Printer Manager\Dell.OrderSupplies.exe:*:Enabled:Dell Order Supplies -- (Dell Inc.) "C:\Programme\Dell\Dell Printer Manager\Dell.Alert.exe" = C:\Programme\Dell\Dell Printer Manager\Dell.Alert.exe:*:Enabled:Dell Alert -- (Dell Inc.) "C:\Programme\Dell\Dell Printer Manager\uninstall.exe" = C:\Programme\Dell\Dell Printer Manager\uninstall.exe:*:Enabled:Dell uninstaller -- (Dell Inc.) "C:\Programme\Dell\Dell Printer Manager\CDAS2PC\Dell.CDAS2PC.exe" = C:\Programme\Dell\Dell Printer Manager\CDAS2PC\Dell.CDAS2PC.exe:*:Enabled:Dell CDA Scan2PC -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Aut horizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\DKabcoms.exe" = C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP -- ( ) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04DB82C1-94DF-45AE-88C4-C32489EE1E85}" = DI Capture "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{2DBE349F-FF05-42FE-81A9-2B3A0EC22BBE}" = Common Desktop Agent "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4771CFBF-A680-419C-9447-BB9D3EAE12A1}" = ESET Endpoint Antivirus "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2 "{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D01750A5-49E5-4BF4-92CC-F72F5F20DBEC}" = Adobe Flash Player 11 ActiveX "{D9A717D8-6C94-43EA-9E83-7C2A5B7DFA65}" = Plustek SmartOffice PS286 "{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "4569969E1360D2854474C661EF9B4D54F143EB16" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "Dell B1265dnf Laser MFP" = Dell B1265dnf Laser MFP "Dell B1265dnf Laser MFP Scan Assistant" = Dell B1265dnf Laser MFP Scan Assistant "Dell_HostCD" = Dell Druckersoftware-Deinstallation "FreePDF_XP" = FreePDF XP (Remove only) "gateProtect VPN Client 3.0" = gateProtect VPN Client 3.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "iDRS(tm) OCR Software by I.R.I.S" = iDRS(tm) OCR Software by I.R.I.S "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PROHYBRIDR" = 2007 Microsoft Office system "Redirection Port Monitor" = RedMon - Redirection Port Monitor "sv.net" = sv.net "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.11.2012 14:48:29 | Computer Name = Notebook03 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 12.11.2012 14:48:31 | Computer Name = Notebook03 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 12.11.2012 15:04:44 | Computer Name = Notebook03 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 12.11.2012 15:08:58 | Computer Name = Notebook03 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 13.11.2012 02:59:11 | Computer Name = Notebook03 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 13.11.2012 02:59:11 | Computer Name = Notebook03 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 13.11.2012 03:06:35 | Computer Name = Notebook03 | Source = Ci | ID = 4124 Description = Der Inhaltsindex auf c:\system volume information\catalog.wci ist beschädigt. Fahren Sie den Indexdienst (cisvc) herunter, und starten Sie ihn erneut. Error - 13.11.2012 03:06:35 | Computer Name = Notebook03 | Source = Ci | ID = 4126 Description = Die Metadaten des Inhaltsindex auf c:\system volume information\catalog.wci werden aufgeräumt. Wiederherstellen des Indexes erfolgt automatisch durch erneutes Filtern aller Dokumente. Error - 13.11.2012 03:16:18 | Computer Name = Notebook03 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. [ OSession Events ] Error - 14.09.2009 08:57:06 | Computer Name = Notebook03 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7006 seconds with 5100 seconds of active time. This session ended with a crash. Error - 11.03.2011 15:17:23 | Computer Name = Notebook03 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 12.11.2012 14:48:29 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = NETLOGON | ID = 5719 Description = Es steht kein Domänencontroller für die Domäne Domain aus folgendem Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 12.11.2012 15:04:43 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 13.11.2012 02:59:10 | Computer Name = Notebook03 | Source = NETLOGON | ID = 5719 Description = Es steht kein Domänencontroller für die Domäne Domain aus folgendem Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. Error - 13.11.2012 02:59:10 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 13.11.2012 02:59:11 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 13.11.2012 03:14:14 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 13.11.2012 03:16:59 | Computer Name = Notebook03 | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.9.38 für die Netzwerkkarte mit der Netzwerkadresse 00FF22EE4D86 wurde durch den DHCP-Server 192.168.9.254 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 13.11.2012 03:17:02 | Computer Name = Notebook03 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. < End of report > Heute Morgen kam beim Systemstart ein Verweis auf die olepro32r.dll, welche fehlt (Virenscanner hat sie ja eliminiert). |
13.11.2012, 22:05 | #4 |
/// Malware-holic | Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? hi sieht bisher nicht weiter schlimm aus. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.11.2012, 13:55 | #5 |
| Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? Hallo markusg, Danke für Deine Hilfe. Ich habe alles so umgesetzt, wie Du es geschrieben hast. Logfile: Code:
ATTFilter 14:57:00.0692 4088 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:57:01.0099 4088 ============================================================ 14:57:01.0099 4088 Current date / time: 2012/11/15 14:57:01.0099 14:57:01.0099 4088 SystemInfo: 14:57:01.0099 4088 14:57:01.0099 4088 OS Version: 5.1.2600 ServicePack: 3.0 14:57:01.0099 4088 Product type: Workstation 14:57:01.0099 4088 ComputerName: Notebook03 14:57:01.0099 4088 UserName: Admin 14:57:01.0099 4088 Windows directory: C:\WINDOWS 14:57:01.0099 4088 System windows directory: C:\WINDOWS 14:57:01.0099 4088 Processor architecture: Intel x86 14:57:01.0099 4088 Number of processors: 2 14:57:01.0099 4088 Page size: 0x1000 14:57:01.0099 4088 Boot type: Normal boot 14:57:01.0099 4088 ============================================================ 14:57:03.0247 4088 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 14:57:03.0262 4088 ============================================================ 14:57:03.0262 4088 \Device\Harddisk0\DR0: 14:57:03.0262 4088 MBR partitions: 14:57:03.0262 4088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0xD9572EA 14:57:03.0262 4088 ============================================================ 14:57:03.0294 4088 C: <-> \Device\Harddisk0\DR0\Partition1 14:57:03.0294 4088 ============================================================ 14:57:03.0294 4088 Initialize success 14:57:03.0294 4088 ============================================================ 14:57:43.0247 2104 ============================================================ 14:57:43.0247 2104 Scan started 14:57:43.0247 2104 Mode: Manual; SigCheck; TDLFS; 14:57:43.0247 2104 ============================================================ 14:57:44.0031 2104 ================ Scan system memory ======================== 14:57:44.0031 2104 System memory - ok 14:57:44.0031 2104 ================ Scan services ============================= 14:57:44.0141 2104 Abiosdsk - ok 14:57:44.0156 2104 abp480n5 - ok 14:57:44.0219 2104 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:57:45.0113 2104 ACPI - ok 14:57:45.0144 2104 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 14:57:45.0316 2104 ACPIEC - ok 14:57:45.0395 2104 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:57:45.0426 2104 AdobeFlashPlayerUpdateSvc - ok 14:57:45.0426 2104 adpu160m - ok 14:57:45.0442 2104 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 14:57:45.0630 2104 aec - ok 14:57:45.0661 2104 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 14:57:45.0724 2104 AFD - ok 14:57:45.0724 2104 Aha154x - ok 14:57:45.0740 2104 aic78u2 - ok 14:57:45.0740 2104 aic78xx - ok 14:57:45.0802 2104 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 14:57:45.0975 2104 Alerter - ok 14:57:46.0069 2104 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 14:57:46.0241 2104 ALG - ok 14:57:46.0241 2104 AliIde - ok 14:57:46.0288 2104 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 14:57:46.0414 2104 AmdK8 - ok 14:57:46.0414 2104 amsint - ok 14:57:46.0476 2104 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 14:57:46.0649 2104 AppMgmt - ok 14:57:46.0649 2104 asc - ok 14:57:46.0664 2104 asc3350p - ok 14:57:46.0680 2104 asc3550 - ok 14:57:46.0821 2104 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 14:57:46.0868 2104 aspnet_state - ok 14:57:46.0884 2104 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:57:47.0056 2104 AsyncMac - ok 14:57:47.0072 2104 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 14:57:47.0229 2104 atapi - ok 14:57:47.0244 2104 Atdisk - ok 14:57:47.0291 2104 [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 14:57:47.0370 2104 Ati HotKey Poller - ok 14:57:47.0464 2104 [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 14:57:47.0934 2104 ati2mtag - ok 14:57:47.0981 2104 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:57:48.0153 2104 Atmarpc - ok 14:57:48.0185 2104 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 14:57:48.0341 2104 AudioSrv - ok 14:57:48.0373 2104 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 14:57:48.0545 2104 audstub - ok 14:57:48.0608 2104 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 14:57:48.0859 2104 BCM43XX - ok 14:57:48.0906 2104 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 14:57:49.0015 2104 bcm4sbxp - ok 14:57:49.0078 2104 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 14:57:49.0251 2104 Beep - ok 14:57:49.0313 2104 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 14:57:49.0486 2104 BITS - ok 14:57:49.0533 2104 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 14:57:49.0564 2104 Browser - ok 14:57:49.0611 2104 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys 14:57:49.0689 2104 BrScnUsb ( UnsignedFile.Multi.Generic ) - warning 14:57:49.0689 2104 BrScnUsb - detected UnsignedFile.Multi.Generic (1) 14:57:49.0721 2104 [ D48C13F4A409AEE8DAFADDAC81E34557 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys 14:57:49.0846 2104 BrSerIf - ok 14:57:49.0862 2104 [ 8FA0AC830A8312912A3AA0C0431CBA0D ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys 14:57:49.0940 2104 BrUsbSer - ok 14:57:50.0003 2104 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 14:57:50.0191 2104 cbidf2k - ok 14:57:50.0207 2104 cd20xrnt - ok 14:57:50.0254 2104 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 14:57:50.0442 2104 Cdaudio - ok 14:57:50.0473 2104 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 14:57:50.0614 2104 Cdfs - ok 14:57:50.0646 2104 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:57:50.0834 2104 Cdrom - ok 14:57:50.0865 2104 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys 14:57:50.0881 2104 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 14:57:50.0881 2104 cercsr6 - detected UnsignedFile.Multi.Generic (1) 14:57:50.0896 2104 Changer - ok 14:57:50.0943 2104 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 14:57:51.0100 2104 CiSvc - ok 14:57:51.0131 2104 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 14:57:51.0320 2104 ClipSrv - ok 14:57:51.0367 2104 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:57:51.0429 2104 clr_optimization_v2.0.50727_32 - ok 14:57:51.0461 2104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:57:51.0508 2104 clr_optimization_v4.0.30319_32 - ok 14:57:51.0539 2104 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 14:57:51.0711 2104 CmBatt - ok 14:57:51.0711 2104 CmdIde - ok 14:57:51.0743 2104 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 14:57:51.0884 2104 Compbatt - ok 14:57:51.0884 2104 COMSysApp - ok 14:57:51.0900 2104 Cpqarray - ok 14:57:51.0962 2104 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 14:57:52.0119 2104 CryptSvc - ok 14:57:52.0119 2104 dac2w2k - ok 14:57:52.0135 2104 dac960nt - ok 14:57:52.0197 2104 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 14:57:52.0291 2104 DcomLaunch - ok 14:57:52.0370 2104 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 14:57:52.0542 2104 Dhcp - ok 14:57:52.0558 2104 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 14:57:52.0715 2104 Disk - ok 14:57:52.0715 2104 dkab_device - ok 14:57:52.0730 2104 dmadmin - ok 14:57:53.0044 2104 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 14:57:53.0436 2104 dmboot - ok 14:57:53.0451 2104 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 14:57:53.0624 2104 dmio - ok 14:57:53.0639 2104 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 14:57:53.0827 2104 dmload - ok 14:57:53.0859 2104 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 14:57:54.0000 2104 dmserver - ok 14:57:54.0016 2104 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 14:57:54.0188 2104 DMusic - ok 14:57:54.0219 2104 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 14:57:54.0313 2104 Dnscache - ok 14:57:54.0376 2104 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 14:57:54.0517 2104 Dot3svc - ok 14:57:54.0564 2104 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys 14:57:54.0846 2104 Dot4 - ok 14:57:54.0878 2104 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 14:57:55.0113 2104 Dot4Print - ok 14:57:55.0113 2104 [ 29E86AF2F3457D0441348020FE3CFBD0 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys 14:57:55.0364 2104 dot4usb - ok 14:57:55.0364 2104 dpti2o - ok 14:57:55.0395 2104 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 14:57:55.0599 2104 drmkaud - ok 14:57:55.0661 2104 [ 4D2A9AF9D9AE43FBCF6FEB3CBD98AD12 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys 14:57:56.0053 2104 eamon - ok 14:57:56.0147 2104 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 14:57:56.0335 2104 EapHost - ok 14:57:56.0382 2104 [ A0BD6F855387CD1A36C6D28D8EDDBCFA ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys 14:57:56.0461 2104 ehdrv - ok 14:57:56.0633 2104 [ D1418489E6E7F327588048A18F7B0E77 ] EhttpSrv C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 14:57:56.0649 2104 EhttpSrv - ok 14:57:56.0727 2104 [ 9F8DAD98CD208B31F47D30B6CD9C0536 ] ekrn C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe 14:57:56.0884 2104 ekrn - ok 14:57:56.0962 2104 [ DF85C125F6F8CED74982687D13CACF0E ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 14:57:57.0166 2104 epfwtdir - ok 14:57:57.0229 2104 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 14:57:57.0370 2104 ERSvc - ok 14:57:57.0448 2104 [ C4ED090444B65D50569969DCA99B4A90 ] ESHASRV C:\Programme\ESET\ESET NOD32 Antivirus\EShaSrv.exe 14:57:57.0480 2104 ESHASRV - ok 14:57:57.0511 2104 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 14:57:57.0574 2104 Eventlog - ok 14:57:57.0621 2104 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 14:57:57.0683 2104 EventSystem - ok 14:57:57.0715 2104 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 14:57:57.0871 2104 Fastfat - ok 14:57:57.0918 2104 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 14:57:57.0997 2104 FastUserSwitchingCompatibility - ok 14:57:58.0012 2104 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 14:57:58.0154 2104 Fdc - ok 14:57:58.0185 2104 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 14:57:58.0326 2104 Fips - ok 14:57:58.0357 2104 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 14:57:58.0530 2104 Flpydisk - ok 14:57:58.0577 2104 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 14:57:58.0718 2104 FltMgr - ok 14:57:58.0796 2104 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 14:57:58.0828 2104 FontCache3.0.0.0 - ok 14:57:58.0843 2104 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:57:59.0016 2104 Fs_Rec - ok 14:57:59.0031 2104 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:57:59.0219 2104 Ftdisk - ok 14:57:59.0251 2104 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:57:59.0423 2104 Gpc - ok 14:57:59.0517 2104 [ 676CC03365C8B1DACEB5260AE0FE1E8E ] GPVPNService C:\Programme\gateProtect\VPN Client\bin\Service.exe 14:57:59.0533 2104 GPVPNService ( UnsignedFile.Multi.Generic ) - warning 14:57:59.0533 2104 GPVPNService - detected UnsignedFile.Multi.Generic (1) 14:57:59.0580 2104 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 14:57:59.0768 2104 HDAudBus - ok 14:57:59.0815 2104 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 14:57:59.0956 2104 helpsvc - ok 14:57:59.0987 2104 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 14:58:00.0160 2104 HidServ - ok 14:58:00.0191 2104 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 14:58:00.0379 2104 hidusb - ok 14:58:00.0411 2104 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 14:58:00.0552 2104 hkmsvc - ok 14:58:00.0552 2104 hpn - ok 14:58:00.0630 2104 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 14:58:00.0944 2104 HSF_DPV - ok 14:58:00.0975 2104 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 14:58:01.0116 2104 HSXHWAZL - ok 14:58:01.0179 2104 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 14:58:01.0241 2104 HTTP - ok 14:58:01.0288 2104 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 14:58:01.0429 2104 HTTPFilter - ok 14:58:01.0445 2104 i2omgmt - ok 14:58:01.0445 2104 i2omp - ok 14:58:01.0492 2104 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 14:58:01.0680 2104 i8042prt - ok 14:58:01.0790 2104 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:58:01.0900 2104 idsvc - ok 14:58:01.0915 2104 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 14:58:02.0088 2104 Imapi - ok 14:58:02.0135 2104 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 14:58:02.0809 2104 ImapiService - ok 14:58:02.0824 2104 ini910u - ok 14:58:02.0840 2104 IntelIde - ok 14:58:02.0903 2104 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 14:58:03.0122 2104 Ip6Fw - ok 14:58:03.0154 2104 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:58:03.0389 2104 IpFilterDriver - ok 14:58:03.0420 2104 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:58:03.0592 2104 IpInIp - ok 14:58:03.0624 2104 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:58:03.0796 2104 IpNat - ok 14:58:03.0843 2104 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:58:04.0016 2104 IPSec - ok 14:58:04.0047 2104 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 14:58:04.0219 2104 IRENUM - ok 14:58:04.0251 2104 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:58:04.0408 2104 isapnp - ok 14:58:04.0439 2104 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:58:04.0658 2104 Kbdclass - ok 14:58:04.0705 2104 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 14:58:04.0909 2104 kbdhid - ok 14:58:05.0003 2104 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 14:58:05.0191 2104 kmixer - ok 14:58:05.0223 2104 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 14:58:05.0348 2104 KSecDD - ok 14:58:05.0411 2104 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 14:58:05.0442 2104 lanmanserver - ok 14:58:05.0520 2104 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 14:58:05.0552 2104 lanmanworkstation - ok 14:58:05.0567 2104 lbrtfdc - ok 14:58:05.0614 2104 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 14:58:05.0756 2104 LmHosts - ok 14:58:05.0787 2104 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 14:58:05.0850 2104 mdmxsdk - ok 14:58:05.0897 2104 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 14:58:06.0038 2104 Messenger - ok 14:58:06.0085 2104 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 14:58:06.0257 2104 mnmdd - ok 14:58:06.0320 2104 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 14:58:06.0461 2104 mnmsrvc - ok 14:58:06.0508 2104 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 14:58:06.0649 2104 Modem - ok 14:58:06.0665 2104 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:58:06.0837 2104 Mouclass - ok 14:58:06.0853 2104 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 14:58:07.0072 2104 mouhid - ok 14:58:07.0088 2104 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 14:58:07.0245 2104 MountMgr - ok 14:58:07.0245 2104 mraid35x - ok 14:58:07.0260 2104 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:58:07.0323 2104 MRxDAV - ok 14:58:07.0370 2104 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 14:58:07.0464 2104 MRxSmb - ok 14:58:07.0511 2104 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 14:58:07.0668 2104 MSDTC - ok 14:58:07.0683 2104 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 14:58:07.0809 2104 Msfs - ok 14:58:07.0825 2104 MSIServer - ok 14:58:07.0840 2104 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:58:08.0075 2104 MSKSSRV - ok 14:58:08.0107 2104 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:58:08.0279 2104 MSPCLOCK - ok 14:58:08.0279 2104 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 14:58:08.0451 2104 MSPQM - ok 14:58:08.0483 2104 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:58:08.0624 2104 mssmbios - ok 14:58:08.0655 2104 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 14:58:08.0671 2104 Mup - ok 14:58:08.0734 2104 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 14:58:08.0875 2104 napagent - ok 14:58:08.0906 2104 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 14:58:09.0047 2104 NDIS - ok 14:58:09.0094 2104 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:58:09.0125 2104 NdisTapi - ok 14:58:09.0172 2104 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:58:09.0361 2104 Ndisuio - ok 14:58:09.0361 2104 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:58:09.0564 2104 NdisWan - ok 14:58:09.0611 2104 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 14:58:09.0643 2104 NDProxy - ok 14:58:09.0690 2104 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 14:58:09.0831 2104 NetBIOS - ok 14:58:09.0862 2104 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 14:58:10.0035 2104 NetBT - ok 14:58:10.0066 2104 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 14:58:10.0254 2104 NetDDE - ok 14:58:10.0254 2104 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 14:58:10.0395 2104 NetDDEdsdm - ok 14:58:10.0442 2104 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 14:58:10.0583 2104 Netlogon - ok 14:58:10.0630 2104 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 14:58:10.0771 2104 Netman - ok 14:58:10.0787 2104 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:58:10.0818 2104 NetTcpPortSharing - ok 14:58:10.0865 2104 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 14:58:10.0897 2104 Nla - ok 14:58:10.0944 2104 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 14:58:11.0085 2104 Npfs - ok 14:58:11.0116 2104 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 14:58:11.0288 2104 Ntfs - ok 14:58:11.0304 2104 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 14:58:11.0430 2104 NtLmSsp - ok 14:58:11.0461 2104 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 14:58:11.0649 2104 NtmsSvc - ok 14:58:11.0665 2104 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 14:58:11.0837 2104 Null - ok 14:58:11.0868 2104 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:58:12.0088 2104 NwlnkFlt - ok 14:58:12.0119 2104 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:58:12.0323 2104 NwlnkFwd - ok 14:58:12.0401 2104 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 14:58:12.0433 2104 odserv - ok 14:58:12.0480 2104 [ 7AF6EC0EA4261ECF7DA084103BE31EA8 ] odysseyIM4 C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys 14:58:12.0574 2104 odysseyIM4 - ok 14:58:12.0589 2104 OMCI - ok 14:58:12.0621 2104 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 14:58:12.0636 2104 ose - ok 14:58:12.0668 2104 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 14:58:12.0825 2104 Parport - ok 14:58:12.0840 2104 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 14:58:12.0981 2104 PartMgr - ok 14:58:13.0013 2104 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 14:58:13.0216 2104 ParVdm - ok 14:58:13.0216 2104 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 14:58:13.0373 2104 PCI - ok 14:58:13.0373 2104 PCIDump - ok 14:58:13.0389 2104 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 14:58:13.0561 2104 PCIIde - ok 14:58:13.0577 2104 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 14:58:13.0749 2104 Pcmcia - ok 14:58:13.0765 2104 PDCOMP - ok 14:58:13.0765 2104 PDFRAME - ok 14:58:13.0781 2104 PDRELI - ok 14:58:13.0796 2104 PDRFRAME - ok 14:58:13.0812 2104 perc2 - ok 14:58:13.0812 2104 perc2hib - ok 14:58:13.0859 2104 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 14:58:13.0875 2104 PlugPlay - ok 14:58:13.0890 2104 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 14:58:14.0016 2104 PolicyAgent - ok 14:58:14.0047 2104 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:58:14.0204 2104 PptpMiniport - ok 14:58:14.0267 2104 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 14:58:14.0439 2104 Processor - ok 14:58:14.0455 2104 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 14:58:14.0596 2104 ProtectedStorage - ok 14:58:14.0611 2104 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 14:58:14.0784 2104 PSched - ok 14:58:14.0815 2104 [ A283E768FA12EF33087F07B01F82D6DD ] PSEXESVC C:\WINDOWS\PSEXESVC.EXE 14:58:14.0909 2104 PSEXESVC - ok 14:58:14.0925 2104 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:58:15.0144 2104 Ptilink - ok 14:58:15.0144 2104 ql1080 - ok 14:58:15.0160 2104 Ql10wnt - ok 14:58:15.0176 2104 ql12160 - ok 14:58:15.0176 2104 ql1240 - ok 14:58:15.0191 2104 ql1280 - ok 14:58:15.0238 2104 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:58:15.0426 2104 RasAcd - ok 14:58:15.0458 2104 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 14:58:15.0630 2104 RasAuto - ok 14:58:15.0646 2104 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:58:15.0865 2104 Rasl2tp - ok 14:58:15.0881 2104 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 14:58:16.0100 2104 RasMan - ok 14:58:16.0100 2104 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:58:16.0289 2104 RasPppoe - ok 14:58:16.0289 2104 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 14:58:16.0508 2104 Raspti - ok 14:58:16.0524 2104 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:58:16.0680 2104 Rdbss - ok 14:58:16.0696 2104 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:58:16.0884 2104 RDPCDD - ok 14:58:16.0931 2104 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:58:17.0104 2104 rdpdr - ok 14:58:17.0151 2104 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 14:58:17.0198 2104 RDPWD - ok 14:58:17.0213 2104 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 14:58:17.0354 2104 RDSessMgr - ok 14:58:17.0370 2104 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 14:58:17.0543 2104 redbook - ok 14:58:17.0558 2104 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 14:58:17.0715 2104 RemoteAccess - ok 14:58:17.0762 2104 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 14:58:17.0919 2104 RemoteRegistry - ok 14:58:17.0966 2104 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 14:58:18.0075 2104 rimmptsk - ok 14:58:18.0107 2104 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 14:58:18.0248 2104 RpcLocator - ok 14:58:18.0295 2104 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 14:58:18.0326 2104 RpcSs - ok 14:58:18.0389 2104 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 14:58:18.0608 2104 RSVP - ok 14:58:18.0624 2104 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 14:58:18.0749 2104 SamSs - ok 14:58:18.0781 2104 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 14:58:18.0922 2104 SCardSvr - ok 14:58:18.0953 2104 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 14:58:19.0094 2104 Schedule - ok 14:58:19.0126 2104 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 14:58:19.0408 2104 sdbus - ok 14:58:19.0439 2104 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:58:19.0596 2104 Secdrv - ok 14:58:19.0627 2104 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 14:58:19.0768 2104 seclogon - ok 14:58:19.0800 2104 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 14:58:19.0956 2104 SENS - ok 14:58:20.0003 2104 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 14:58:20.0176 2104 Serial - ok 14:58:20.0223 2104 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 14:58:20.0395 2104 Sfloppy - ok 14:58:20.0427 2104 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 14:58:20.0583 2104 SharedAccess - ok 14:58:20.0599 2104 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 14:58:20.0630 2104 ShellHWDetection - ok 14:58:20.0630 2104 Simbad - ok 14:58:20.0646 2104 Sparrow - ok 14:58:20.0677 2104 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 14:58:20.0818 2104 splitter - ok 14:58:20.0850 2104 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 14:58:20.0897 2104 Spooler - ok 14:58:20.0912 2104 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 14:58:21.0038 2104 sr - ok 14:58:21.0085 2104 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 14:58:21.0242 2104 srservice - ok 14:58:21.0273 2104 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 14:58:21.0336 2104 Srv - ok 14:58:21.0383 2104 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 14:58:21.0524 2104 SSDPSRV - ok 14:58:21.0571 2104 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\WINDOWS\system32\Drivers\SSPORT.sys 14:58:21.0571 2104 SSPORT ( UnsignedFile.Multi.Generic ) - warning 14:58:21.0571 2104 SSPORT - detected UnsignedFile.Multi.Generic (1) 14:58:21.0665 2104 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys 14:58:22.0088 2104 STHDA - ok 14:58:22.0166 2104 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 14:58:22.0307 2104 stisvc - ok 14:58:22.0339 2104 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 14:58:22.0511 2104 swenum - ok 14:58:22.0527 2104 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 14:58:22.0715 2104 swmidi - ok 14:58:22.0715 2104 SwPrv - ok 14:58:22.0731 2104 symc810 - ok 14:58:22.0731 2104 symc8xx - ok 14:58:22.0746 2104 sym_hi - ok 14:58:22.0746 2104 sym_u3 - ok 14:58:22.0809 2104 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 14:58:22.0950 2104 sysaudio - ok 14:58:22.0997 2104 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 14:58:23.0154 2104 SysmonLog - ok 14:58:23.0217 2104 [ 5C7C939BBD03784FE58C80578D065CC9 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys 14:58:23.0295 2104 tap0901 ( UnsignedFile.Multi.Generic ) - warning 14:58:23.0295 2104 tap0901 - detected UnsignedFile.Multi.Generic (1) 14:58:23.0342 2104 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 14:58:23.0514 2104 TapiSrv - ok 14:58:23.0577 2104 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:58:23.0608 2104 Tcpip - ok 14:58:23.0640 2104 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 14:58:23.0797 2104 TDPIPE - ok 14:58:23.0812 2104 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 14:58:23.0985 2104 TDTCP - ok 14:58:23.0985 2104 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 14:58:24.0188 2104 TermDD - ok 14:58:24.0235 2104 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 14:58:24.0815 2104 TermService - ok 14:58:24.0847 2104 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 14:58:24.0894 2104 Themes - ok 14:58:24.0941 2104 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 14:58:25.0160 2104 TlntSvr - ok 14:58:25.0176 2104 TosIde - ok 14:58:25.0223 2104 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 14:58:25.0364 2104 TrkWks - ok 14:58:25.0395 2104 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 14:58:25.0536 2104 Udfs - ok 14:58:25.0552 2104 ultra - ok 14:58:25.0599 2104 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 14:58:25.0850 2104 Update - ok 14:58:25.0881 2104 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 14:58:26.0069 2104 upnphost - ok 14:58:26.0101 2104 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 14:58:26.0242 2104 UPS - ok 14:58:26.0273 2104 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:58:26.0461 2104 usbccgp - ok 14:58:26.0492 2104 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:58:26.0665 2104 usbehci - ok 14:58:26.0665 2104 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:58:26.0837 2104 usbhub - ok 14:58:26.0869 2104 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 14:58:27.0025 2104 usbohci - ok 14:58:27.0057 2104 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 14:58:27.0213 2104 usbprint - ok 14:58:27.0261 2104 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 14:58:27.0417 2104 usbscan - ok 14:58:27.0449 2104 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:58:27.0605 2104 USBSTOR - ok 14:58:27.0668 2104 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 14:58:27.0809 2104 VgaSave - ok 14:58:27.0825 2104 ViaIde - ok 14:58:27.0856 2104 [ B67632451F760797BB183E1FB99F4B39 ] vnccom C:\WINDOWS\system32\Drivers\vnccom.SYS 14:58:27.0919 2104 vnccom ( UnsignedFile.Multi.Generic ) - warning 14:58:27.0919 2104 vnccom - detected UnsignedFile.Multi.Generic (1) 14:58:27.0966 2104 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys 14:58:28.0013 2104 vncdrv ( UnsignedFile.Multi.Generic ) - warning 14:58:28.0013 2104 vncdrv - detected UnsignedFile.Multi.Generic (1) 14:58:28.0044 2104 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 14:58:28.0185 2104 VolSnap - ok 14:58:28.0264 2104 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 14:58:28.0420 2104 VSS - ok 14:58:28.0452 2104 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 14:58:28.0593 2104 W32Time - ok 14:58:28.0608 2104 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:58:28.0765 2104 Wanarp - ok 14:58:28.0765 2104 WDICA - ok 14:58:28.0828 2104 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 14:58:28.0985 2104 wdmaud - ok 14:58:29.0000 2104 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 14:58:29.0157 2104 WebClient - ok 14:58:29.0188 2104 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 14:58:29.0455 2104 winachsf - ok 14:58:29.0565 2104 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 14:58:29.0721 2104 winmgmt - ok 14:58:29.0800 2104 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll 14:58:29.0972 2104 WinRM - ok 14:58:30.0098 2104 [ 913FF5A608DE6A2AB320EB919092049A ] winvnc C:\Programme\UltraVNC\WinVNC.exe 14:58:30.0207 2104 winvnc ( UnsignedFile.Multi.Generic ) - warning 14:58:30.0207 2104 winvnc - detected UnsignedFile.Multi.Generic (1) 14:58:30.0207 2104 wltrysvc - ok 14:58:30.0254 2104 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 14:58:30.0317 2104 WmdmPmSN - ok 14:58:30.0395 2104 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 14:58:30.0521 2104 Wmi - ok 14:58:30.0552 2104 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 14:58:30.0819 2104 WmiAcpi - ok 14:58:30.0850 2104 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 14:58:31.0007 2104 WmiApSrv - ok 14:58:31.0132 2104 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 14:58:31.0383 2104 WMPNetworkSvc - ok 14:58:31.0508 2104 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:58:31.0587 2104 WPFFontCache_v0400 - ok 14:58:31.0634 2104 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 14:58:31.0775 2104 wscsvc - ok 14:58:31.0790 2104 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 14:58:31.0947 2104 wuauserv - ok 14:58:31.0978 2104 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 14:58:32.0057 2104 WudfPf - ok 14:58:32.0088 2104 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 14:58:32.0104 2104 WudfRd - ok 14:58:32.0135 2104 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 14:58:32.0151 2104 WudfSvc - ok 14:58:32.0214 2104 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 14:58:32.0386 2104 WZCSVC - ok 14:58:32.0402 2104 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 14:58:32.0558 2104 xmlprov - ok 14:58:32.0574 2104 ================ Scan global =============================== 14:58:32.0621 2104 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 14:58:32.0652 2104 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 14:58:32.0668 2104 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 14:58:32.0699 2104 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 14:58:32.0699 2104 [Global] - ok 14:58:32.0699 2104 ================ Scan MBR ================================== 14:58:32.0731 2104 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 14:58:33.0060 2104 \Device\Harddisk0\DR0 - ok 14:58:33.0060 2104 ================ Scan VBR ================================== 14:58:33.0060 2104 [ ACC2F3FFF9BA05F0C5662455218CA57E ] \Device\Harddisk0\DR0\Partition1 14:58:33.0076 2104 \Device\Harddisk0\DR0\Partition1 - ok 14:58:33.0076 2104 ============================================================ 14:58:33.0076 2104 Scan finished 14:58:33.0076 2104 ============================================================ 14:58:33.0201 3592 Detected object count: 8 14:58:33.0201 3592 Actual detected object count: 8 14:58:57.0693 3592 BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0693 3592 BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:57.0693 3592 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0693 3592 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:57.0693 3592 GPVPNService ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0693 3592 GPVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:57.0708 3592 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0708 3592 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:57.0708 3592 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0708 3592 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:57.0708 3592 vnccom ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0708 3592 vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:57.0708 3592 vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0708 3592 vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:57.0724 3592 winvnc ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:57.0724 3592 winvnc ( UnsignedFile.Multi.Generic ) - User select action: Skip |
19.11.2012, 17:31 | #6 |
/// Malware-holic | Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKU\S-1-5-21-1825349137-338196624-3985880893-1184..\Run: [JHHUNHM] rundll32 "C:\Dokumente und Einstellungen\Username\Anwendungsdaten\olepro32R.dll",wkoceupvmph File not found :Files :Commands [EMPTYFLASH] [emptytemp]] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ --> Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? |
26.11.2012, 12:23 | #7 |
| Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? Das kam als Bestätigung ... passt das so? Vielen Dank ! Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1825349137-338196624-3985880893-1184\Software\Microsoft\Windows\CurrentVersion\Run\\JHHUNHM deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Admin ->Flash cache emptied: 405 bytes User: Administrator User: Administrator.Domain ->Flash cache emptied: 405 bytes User: All Users User: Default User User: User ->Flash cache emptied: 78696 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb Error: Unable to interpret <[emptytemp]]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 11262012_120842 |
27.11.2012, 18:04 | #8 | |
/// Malware-holic | Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? hi, passt. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ? |
antivirus, dokumente, einstellungen, entfernen, eset, guten, kryptik.aoob trojan, morgen, ponmocup.aa, rechner, restore, rundll, rundll32.exe, system volume information, systeme, threat, trojan, unterstützung, variant, version, volume, warnungen, win, win32/ponmocup.aa, würde, würdet, zusammen, _restore |