| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ihavenet trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.11.2012, 11:35
| #1 |
 |  ihavenet trojaner Servus, ich hab mir leider den ihavenet Trojaner eingefangen. Otl Scan files Extras.txt Code:
ATTFilter OTL Extras logfile created on: 18.11.2012 11:11:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,75% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,71% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,76 Gb Free Space | 52,76% Space Free | Partition Type: NTFS
Drive D: | 56,76 Gb Total Space | 52,73 Gb Free Space | 92,90% Space Free | Partition Type: NTFS
Drive E: | 43,46 Gb Total Space | 40,51 Gb Free Space | 93,22% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive I: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive J: | 116,45 Gb Total Space | 109,24 Gb Free Space | 93,81% Space Free | Partition Type: NTFS
Drive K: | 7,50 Gb Total Space | 7,50 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: SCHMULI | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = UltraEdit.html] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" = C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
"D:\Programme\SmartFtp\SmartFTP.exe" = D:\Programme\SmartFtp\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 7.0 -- (Kaspersky Lab)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Kaufmann 2008
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C27C64B-D5CF-4881-A310-0BD2A0D21927}" = ElsterFormular 2005/2006
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6DC47739-3BB0-4494-A43D-193BF54070AE}" = Cisco Systems VPN Client 4.6.00.0049
"{6F9D49F2-1046-11D8-9F20-00010215F7FF}" = Lexware lohnauskunft 2004
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}" = IKEA HomePlanner Kitchen
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}" = C-Pen 20
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0.9 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agfa ScanWise 1.70" = Agfa ScanWise 1.70
"AGFAnet Print Service" = AGFAnet Print Service
"Driver Updater Pro" = Driver Updater Pro
"ElsterFormular 11.3.0.4235" = ElsterFormular
"foobar2000" = foobar2000 v0.9.4.2
"FRITZ! 2.0" = AVM FRITZ!
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LetsTrade" = LetsTrade Komponenten
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Meine Zeiterfassung" = Meine Zeiterfassung 2.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft AutoRoute Express EUR" = Microsoft AutoRoute Express Europa (CD-ROM erforderlich)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"XP Codec Pack" = XP Codec Pack
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.09.2012 04:35:19 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 05.10.2012 08:10:16 | Computer Name = SCHMULI | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x10002403.
Error - 10.10.2012 02:49:10 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 10.10.2012 02:50:14 | Computer Name = SCHMULI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.10.2012 11:40:43 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 07.11.2012 01:35:10 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 10.11.2012 02:49:27 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 17.11.2012 08:47:27 | Computer Name = SCHMULI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xoftspyse_setup_rw.exe, Version 7.0.1.0,
fehlgeschlagenes Modul system.dll, Version 0.0.0.0, Fehleradresse 0x000018ed.
Error - 17.11.2012 09:16:59 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 18.11.2012 06:10:33 | Computer Name = SCHMULI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 16.0.2.4680, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 09.11.2012 12:34:51 | Computer Name = SCHMULI | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 14.11.2012 02:15:16 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 14.11.2012 02:15:16 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 15.11.2012 08:15:02 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 16.11.2012 02:54:21 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 16.11.2012 02:54:21 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 06:24:28 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 09:15:30 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 09:15:30 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 11:12:49 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
< End of report >
Code:
ATTFilter OTL logfile created on: 18.11.2012 11:11:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,75% Memory free 3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,71% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,76 Gb Free Space | 52,76% Space Free | Partition Type: NTFS Drive D: | 56,76 Gb Total Space | 52,73 Gb Free Space | 92,90% Space Free | Partition Type: NTFS Drive E: | 43,46 Gb Total Space | 40,51 Gb Free Space | 93,22% Space Free | Partition Type: NTFS Drive F: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive G: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive I: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive J: | 116,45 Gb Total Space | 109,24 Gb Free Space | 93,81% Space Free | Partition Type: NTFS Drive K: | 7,50 Gb Total Space | 7,50 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: SCHMULI | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.18 11:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe PRC - [2012.09.04 19:09:50 | 000,687,088 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\19.9.0.9\cltlmh.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe PRC - [2012.06.09 08:47:39 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- D:\Programme\RealPlayer\Update\realsched.exe PRC - [2011.06.09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.03.19 17:16:13 | 002,766,848 | ---- | M] (iXi Tools) -- C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.07 12:19:04 | 000,652,592 | ---- | M] (REINER SCT) -- C:\WINDOWS\system32\cjpcsc.exe PRC - [2006.10.18 15:29:44 | 001,962,896 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2006.10.18 15:23:48 | 001,189,920 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2006.10.17 11:47:22 | 000,087,584 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2006.01.27 14:53:04 | 000,184,320 | ---- | M] (Anoto AB) -- D:\Programme\C Technologies\C-Pen 20\CPenDesk.exe PRC - [2006.01.27 13:54:22 | 000,241,664 | ---- | M] ( ) -- D:\Programme\C Technologies\C-Pen 20\CPen20.exe PRC - [2006.01.24 14:55:00 | 000,049,152 | ---- | M] () -- D:\Programme\C Technologies\C-Pen 20\CPenOCR.exe PRC - [2006.01.12 20:52:32 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe\Acrobat 7.0\Distillr\AcroTray.exe PRC - [2005.11.02 02:06:04 | 000,241,664 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe PRC - [2004.08.27 10:34:52 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.11.15 16:53:55 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_90110d3f\mscorlib.dll MOD - [2012.11.15 16:53:53 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_95507774\system.drawing.dll MOD - [2012.11.15 16:53:44 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_216716de\system.windows.forms.dll MOD - [2012.11.15 16:53:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2dd6cc66\system.dll MOD - [2012.11.15 16:53:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.11.15 16:53:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2012.06.14 11:40:56 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.11.04 09:41:57 | 000,083,968 | ---- | M] () -- C:\Programme\iXi Tools\Driver Updater Pro\SysInfoDll.dll MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.10.17 10:48:36 | 000,050,720 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll MOD - [2006.01.24 14:55:00 | 000,114,688 | ---- | M] () -- D:\Programme\C Technologies\C-Pen 20\CPenOCR.dll MOD - [2006.01.24 14:55:00 | 000,049,152 | ---- | M] () -- D:\Programme\C Technologies\C-Pen 20\CPenOCR.exe MOD - [2006.01.12 21:20:48 | 001,265,664 | ---- | M] () -- D:\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU MOD - [2006.01.12 21:20:26 | 000,019,968 | ---- | M] () -- D:\Adobe\Acrobat 7.0\Distillr\AcroTray.DEU MOD - [2006.01.12 21:13:46 | 000,019,968 | ---- | M] () -- D:\Adobe\Acrobat 7.0\Distillr\AcroTray.FRA MOD - [2006.01.11 12:26:28 | 000,897,099 | ---- | M] () -- D:\Programme\C Technologies\C-Pen 20\RFFTW2dll.dll MOD - [2005.10.19 11:56:28 | 000,125,952 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2004.08.10 13:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.28 09:27:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 08:02:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe -- (NAV) SRV - [2008.01.07 12:19:04 | 000,652,592 | ---- | M] (REINER SCT) [Auto | Running] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc) SRV - [2006.11.05 13:56:44 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2005.02.24 15:30:50 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.08.27 10:34:52 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.09.13 07:19:51 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121116.020\NAVEX15.SYS -- (NAVEX15) DRV - [2012.09.13 07:19:51 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121116.020\NAVENG.SYS -- (NAVENG) DRV - [2012.09.06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121116.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012.08.09 06:37:27 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.09 06:37:27 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\ccsetx86.sys -- (ccSet_NAV) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symefa.sys -- (SymEFA) DRV - [2012.04.18 03:13:32 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symtdi.sys -- (SYMTDI) DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\ironx86.sys -- (SymIRON) DRV - [2012.03.27 16:13:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.07.25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symds.sys -- (SymDS) DRV - [2008.05.08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008.04.13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2007.05.31 07:38:18 | 000,023,040 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb) DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial) DRV - [2007.01.02 10:47:10 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2007.01.02 10:47:10 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2007.01.02 10:47:05 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2006.07.27 02:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.03.17 19:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2005.02.16 08:53:20 | 000,014,382 | ---- | M] (Anoto) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CPen20.sys -- (CPen20) DRV - [2005.02.14 15:27:42 | 000,032,408 | ---- | M] (Anoto AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pendfu.sys -- (pendfu) DRV - [2004.08.27 10:30:38 | 000,269,387 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2004.08.13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.02.02 12:29:00 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2003.08.28 21:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2003.05.01 13:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2001.08.10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {4881A009-07EB-4210-8C74-E5064BF93234} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4881A009-07EB-4210-8C74-E5064BF93234}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGIC_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=F8xZm4v8qS38fTCKIQ6t_JEVyrE?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: d:\programme\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: d:\programme\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: d:\programme\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.6a: D:\Programme\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.03.21 08:57:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.09 08:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.09 08:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 09:27:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.28 09:27:35 | 000,000,000 | ---D | M] [2008.06.18 13:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions [2012.11.17 13:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions [2011.06.02 15:32:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.05.20 10:27:00 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.07.25 08:24:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 09:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 09:27:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.10.28 09:27:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.09 08:48:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2012.06.21 10:12:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 15:36:04 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.21 10:12:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 10:12:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 10:12:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 10:12:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Programme\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: VLC Multimedia Plugin (Enabled) = D:\Programme\VLC\npvlc.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 7.0] D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] D:\programme\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe (iXi Tools) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\C-Pen 20.lnk = C:\WINDOWS\Installer\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}\_5A1930EDFA8D_4359_BB47_DE9376F17160.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246298546868 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9686110-4EC4-4342-8882-C4EEB1005753}: DhcpNameServer = 192.168.3.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.05 09:44:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.07.25 08:03:52 | 000,000,000 | ---D | M] - D:\Autoroute -- [ NTFS ] O33 - MountPoints2\{6e6e94f4-93bb-11df-9707-0018f34ed70c}\Shell\AutoRun\command - "" = K:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 11:11:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.11.17 13:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XoftSpySE [2012.11.17 13:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.10.28 09:27:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.18 11:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.11.18 11:05:52 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2012.11.18 11:05:51 | 000,002,259 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\C-Pen 20.lnk [2012.11.18 11:05:50 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2012.11.18 11:05:49 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1844823847-839522115-1003.job [2012.11.18 11:05:44 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.18 11:05:44 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\FHDZSH.job [2012.11.18 11:05:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.17 16:14:31 | 000,017,652 | ---- | M] () -- C:\WINDOWS\uedit32.INI [2012.11.17 16:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.17 15:35:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.17 14:15:47 | 000,000,209 | -HS- | M] () -- C:\boot.ini [2012.11.17 11:33:43 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\msdxmlcp.dll [2012.11.17 11:24:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.17 11:24:09 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.16 17:14:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.10 09:50:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1844823847-839522115-1003.job [2012.11.09 19:07:19 | 000,079,149 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\kristberg-panorama.pdf [2012.11.07 11:37:13 | 000,001,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.10.29 06:52:53 | 000,044,032 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\image-418171-galleryV9-tkvq.jpg [2012.10.28 09:09:36 | 000,408,454 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 09:09:36 | 000,394,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 09:09:36 | 000,068,640 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 09:09:36 | 000,056,954 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.25 14:21:27 | 000,942,674 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_3.pdf [2012.10.25 13:18:55 | 000,044,246 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\AgfaScanWise.pdf [2012.10.25 12:42:07 | 000,942,740 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_2.pdf [2012.10.25 12:17:15 | 000,729,696 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_1.pdf [2012.10.25 08:47:10 | 000,720,968 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung1.pdf [2012.10.25 08:36:49 | 000,144,355 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung.pdf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.17 11:33:43 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\msdxmlcp.dll [2012.11.17 11:33:43 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\FHDZSH.job [2012.11.09 19:07:19 | 000,079,149 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\kristberg-panorama.pdf [2012.10.29 06:52:52 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\image-418171-galleryV9-tkvq.jpg [2012.10.25 13:18:55 | 000,044,246 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\AgfaScanWise.pdf [2012.10.25 13:10:22 | 000,942,674 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_3.pdf [2012.10.25 12:42:06 | 000,942,740 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_2.pdf [2012.10.25 12:17:14 | 000,729,696 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_1.pdf [2012.10.25 08:47:09 | 000,720,968 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung1.pdf [2012.10.25 08:36:49 | 000,144,355 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung.pdf [2012.02.17 08:42:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.10.20 11:23:53 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.10.20 11:18:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2007.12.05 15:54:29 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.12.05 16:38:10 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.05 16:04:41 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2006.11.05 16:04:41 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2006.11.05 16:04:40 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2006.11.05 10:16:11 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.05 09:38:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2007.01.19 22:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Acronis [2010.04.08 08:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\elsterformular [2012.11.13 09:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\foobar2000 [2008.08.12 11:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\FRITZ! [2011.03.21 12:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\K-PACS-Lite [2010.02.14 16:31:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\UDC Profiles [2007.01.02 11:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2010.04.22 09:00:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2008.03.20 16:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cyberJack Base Components [2010.04.08 08:32:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2007.11.22 09:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2008.07.29 06:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2010.04.22 08:37:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CC51AE54-B346-4954-ADDB-30BD4F138CF2} ========== Purity Check ========== < End of report > litotes |
|
19.11.2012, 15:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ihavenet trojaner Hallo und
__________________ Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
19.11.2012, 19:46
| #3 |
| | ihavenet trojaner Es ist ein büro-rechner im heimnetzwerk.
__________________ |
|
19.11.2012, 20:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet trojaner Was denn nun? Firmen-PC oder privat?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2012, 21:59
| #5 |
| | ihavenet trojaner Es ist ein privater Pc. |
|
20.11.2012, 09:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet trojaner Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> ihavenet trojaner |
|
20.11.2012, 20:52
| #7 |
| | ihavenet trojaner gmer hat leider bis jetzt noch nicht einwandfrei funktioniert. aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-20 17:54:36
-----------------------------
17:54:36.968 OS Version: Windows 5.1.2600 Service Pack 3
17:54:36.968 Number of processors: 2 586 0xF06
17:54:36.968 ComputerName: SCHMULI UserName: admin
17:54:39.296 Initialize success
19:09:09.437 AVAST engine defs: 12111901
19:39:00.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
19:39:00.890 Disk 0 Vendor: Maxtor_6V160E0 VA111630 Size: 152627MB BusType: 3
19:39:00.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1b
19:39:00.906 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
19:39:00.921 Disk 0 MBR read successfully
19:39:00.921 Disk 0 MBR scan
19:39:00.953 Disk 0 Windows XP default MBR code
19:39:00.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
19:39:00.968 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 58125 MB offset 102398310
19:39:00.984 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 44500 MB offset 221439960
19:39:00.984 Disk 0 scanning sectors +312576705
19:39:01.031 Disk 0 scanning C:\WINDOWS\system32\drivers
19:39:10.250 Service scanning
19:39:22.046 Modules scanning
19:39:27.796 Disk 0 trace - called modules:
19:39:27.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:39:27.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3b2ab8]
19:39:27.796 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a3679e8]
19:39:27.796 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8a391940]
19:39:28.343 AVAST engine scan C:\WINDOWS
19:39:44.281 AVAST engine scan C:\WINDOWS\system32
19:41:44.625 AVAST engine scan C:\WINDOWS\system32\drivers
19:41:55.187 AVAST engine scan C:\Dokumente und Einstellungen\admin
19:55:50.046 AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:57:11.921 Scan finished successfully
20:50:14.375 Disk 0 MBR has been saved successfully to "K:\MBR.dat"
20:50:14.390 The log file has been saved successfully to "K:\aswMBR.txt"
|
|
20.11.2012, 21:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 21:30
| #9 |
| | ihavenet trojanerCode:
ATTFilter 21:27:23.0375 3272 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:27:23.0437 3272 ============================================================
21:27:23.0437 3272 Current date / time: 2012/11/20 21:27:23.0437
21:27:23.0437 3272 SystemInfo:
21:27:23.0437 3272
21:27:23.0437 3272 OS Version: 5.1.2600 ServicePack: 3.0
21:27:23.0437 3272 Product type: Workstation
21:27:23.0437 3272 ComputerName: SCHMULI
21:27:23.0437 3272 UserName: admin
21:27:23.0437 3272 Windows directory: C:\WINDOWS
21:27:23.0437 3272 System windows directory: C:\WINDOWS
21:27:23.0437 3272 Processor architecture: Intel x86
21:27:23.0437 3272 Number of processors: 2
21:27:23.0437 3272 Page size: 0x1000
21:27:23.0437 3272 Boot type: Normal boot
21:27:23.0437 3272 ============================================================
21:27:26.0515 3272 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:27:26.0531 3272 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:27:26.0531 3272 Drive \Device\Harddisk2\DR13 - Size: 0x1E1400000 (7.52 Gb), SectorSize: 0x200, Cylinders: 0x3D5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:27:26.0531 3272 ============================================================
21:27:26.0531 3272 \Device\Harddisk0\DR0:
21:27:26.0531 3272 MBR partitions:
21:27:26.0531 3272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
21:27:26.0531 3272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A7966, BlocksNum 0x7186E72
21:27:26.0531 3272 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD32E7D8, BlocksNum 0x56EA2E9
21:27:26.0531 3272 \Device\Harddisk1\DR1:
21:27:26.0531 3272 MBR partitions:
21:27:26.0531 3272 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E0321
21:27:26.0531 3272 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xE8E0360, BlocksNum 0xE8E0360
21:27:26.0531 3272 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1D1C06C0, BlocksNum 0xE8E0360
21:27:26.0531 3272 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x2BAA0A20, BlocksNum 0xE8E4221
21:27:26.0531 3272 \Device\Harddisk2\DR13:
21:27:26.0531 3272 MBR partitions:
21:27:26.0531 3272 \Device\Harddisk2\DR13\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF09FE0
21:27:26.0531 3272 ============================================================
21:27:26.0546 3272 C: <-> \Device\Harddisk0\DR0\Partition1
21:27:26.0578 3272 D: <-> \Device\Harddisk0\DR0\Partition2
21:27:26.0640 3272 E: <-> \Device\Harddisk0\DR0\Partition3
21:27:26.0656 3272 F: <-> \Device\Harddisk1\DR1\Partition1
21:27:26.0703 3272 G: <-> \Device\Harddisk1\DR1\Partition2
21:27:26.0750 3272 I: <-> \Device\Harddisk1\DR1\Partition3
21:27:26.0875 3272 J: <-> \Device\Harddisk1\DR1\Partition4
21:27:26.0875 3272 ============================================================
21:27:26.0875 3272 Initialize success
21:27:26.0875 3272 ============================================================
21:27:52.0437 1768 ============================================================
21:27:52.0437 1768 Scan started
21:27:52.0437 1768 Mode: Manual; SigCheck; TDLFS;
21:27:52.0437 1768 ============================================================
21:27:53.0125 1768 ================ Scan system memory ========================
21:27:54.0375 1768 System memory - ok
21:27:54.0375 1768 ================ Scan services =============================
21:27:54.0468 1768 Abiosdsk - ok
21:27:54.0468 1768 abp480n5 - ok
21:27:54.0500 1768 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:27:55.0250 1768 ACPI - ok
21:27:55.0265 1768 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:27:55.0421 1768 ACPIEC - ok
21:27:55.0656 1768 [ 4430593EF7915EC7FECB2FC33960704F ] AcrSch2Svc C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
21:27:55.0687 1768 AcrSch2Svc - ok
21:27:55.0750 1768 [ AB0D9669BAB1009E48CC91117E59912B ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:27:55.0875 1768 ADIHdAudAddService - ok
21:27:55.0937 1768 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
21:27:56.0046 1768 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:27:56.0046 1768 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:27:56.0171 1768 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:56.0234 1768 AdobeFlashPlayerUpdateSvc - ok
21:27:56.0234 1768 adpu160m - ok
21:27:56.0296 1768 [ 03BE587E90C8B37C7FF1FE2E9C1D1C90 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
21:27:56.0359 1768 AEAudio - ok
21:27:56.0375 1768 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:27:56.0546 1768 aec - ok
21:27:56.0593 1768 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:27:56.0718 1768 AFD - ok
21:27:56.0718 1768 Aha154x - ok
21:27:56.0734 1768 aic78u2 - ok
21:27:56.0734 1768 aic78xx - ok
21:27:56.0796 1768 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:27:56.0953 1768 Alerter - ok
21:27:56.0968 1768 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:27:57.0093 1768 ALG - ok
21:27:57.0093 1768 AliIde - ok
21:27:57.0109 1768 amsint - ok
21:27:57.0140 1768 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:27:57.0312 1768 AppMgmt - ok
21:27:57.0312 1768 asc - ok
21:27:57.0328 1768 asc3350p - ok
21:27:57.0328 1768 asc3550 - ok
21:27:57.0515 1768 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
21:27:57.0515 1768 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
21:27:57.0515 1768 aspnet_state - detected UnsignedFile.Multi.Generic (1)
21:27:57.0671 1768 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:27:57.0843 1768 AsyncMac - ok
21:27:57.0859 1768 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:27:57.0984 1768 atapi - ok
21:27:57.0984 1768 Atdisk - ok
21:27:58.0000 1768 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:27:58.0171 1768 Atmarpc - ok
21:27:58.0187 1768 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:27:58.0312 1768 AudioSrv - ok
21:27:58.0328 1768 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:27:58.0468 1768 audstub - ok
21:27:58.0500 1768 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:27:58.0703 1768 Beep - ok
21:27:59.0000 1768 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
21:27:59.0531 1768 BHDrvx86 - ok
21:27:59.0640 1768 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:27:59.0812 1768 BITS - ok
21:27:59.0859 1768 [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial C:\WINDOWS\system32\drivers\bizVSerialNT.sys
21:27:59.0953 1768 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
21:27:59.0953 1768 bizVSerial - detected UnsignedFile.Multi.Generic (1)
21:28:00.0031 1768 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:28:00.0156 1768 Browser - ok
21:28:00.0218 1768 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:28:00.0375 1768 cbidf2k - ok
21:28:00.0484 1768 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV C:\WINDOWS\system32\drivers\NAV\1309000.009\ccSetx86.sys
21:28:00.0546 1768 ccSet_NAV - ok
21:28:00.0546 1768 cd20xrnt - ok
21:28:00.0640 1768 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:28:00.0812 1768 Cdaudio - ok
21:28:00.0890 1768 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:28:01.0015 1768 Cdfs - ok
21:28:01.0031 1768 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:28:01.0218 1768 Cdrom - ok
21:28:01.0218 1768 Changer - ok
21:28:01.0281 1768 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc C:\WINDOWS\system32\cisvc.exe
21:28:01.0406 1768 cisvc - ok
21:28:01.0656 1768 [ 09085F44C1C4728F712C87504F4133AE ] cjpcsc C:\WINDOWS\system32\cjpcsc.exe
21:28:01.0843 1768 cjpcsc - ok
21:28:01.0875 1768 [ 1DA35415E7414FB1F547E0B79579768F ] cjusb C:\WINDOWS\system32\DRIVERS\cjusb.sys
21:28:01.0906 1768 cjusb - ok
21:28:01.0921 1768 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:28:02.0000 1768 ClipSrv - ok
21:28:02.0000 1768 CmdIde - ok
21:28:02.0015 1768 COMSysApp - ok
21:28:02.0031 1768 [ 852D79A0A0FE1C17619D0B2A4789E8A2 ] CPen20 C:\WINDOWS\system32\Drivers\CPen20.sys
21:28:02.0046 1768 CPen20 ( UnsignedFile.Multi.Generic ) - warning
21:28:02.0046 1768 CPen20 - detected UnsignedFile.Multi.Generic (1)
21:28:02.0046 1768 Cpqarray - ok
21:28:02.0062 1768 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:28:02.0140 1768 CryptSvc - ok
21:28:02.0171 1768 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:28:02.0187 1768 CVirtA - ok
21:28:02.0281 1768 [ 2FE4DBE1DA7CD0DA86F77C554934BC22 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
21:28:02.0375 1768 CVPND - ok
21:28:02.0406 1768 [ CED30BC5A19EF02099C9A92F1D148272 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:28:02.0421 1768 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:28:02.0421 1768 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:28:02.0421 1768 dac2w2k - ok
21:28:02.0421 1768 dac960nt - ok
21:28:02.0453 1768 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:28:02.0531 1768 DcomLaunch - ok
21:28:02.0593 1768 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:28:02.0687 1768 Dhcp - ok
21:28:02.0703 1768 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:28:02.0781 1768 Disk - ok
21:28:02.0781 1768 dmadmin - ok
21:28:02.0812 1768 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:28:02.0906 1768 dmboot - ok
21:28:02.0937 1768 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:28:03.0031 1768 dmio - ok
21:28:03.0062 1768 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:28:03.0140 1768 dmload - ok
21:28:03.0171 1768 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:28:03.0234 1768 dmserver - ok
21:28:03.0250 1768 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:28:03.0328 1768 DMusic - ok
21:28:03.0359 1768 [ C86FBF607445BF693450D84B775F168C ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:28:03.0390 1768 DNE - ok
21:28:03.0406 1768 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:28:03.0453 1768 Dnscache - ok
21:28:03.0484 1768 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:28:03.0578 1768 Dot3svc - ok
21:28:03.0578 1768 dpti2o - ok
21:28:03.0609 1768 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:28:03.0687 1768 drmkaud - ok
21:28:03.0718 1768 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:28:03.0781 1768 EapHost - ok
21:28:03.0859 1768 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
21:28:03.0890 1768 eeCtrl - ok
21:28:03.0968 1768 [ 27434C42A13C11F92CA45840B720D671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
21:28:03.0984 1768 ehRecvr ( UnsignedFile.Multi.Generic ) - warning
21:28:03.0984 1768 ehRecvr - detected UnsignedFile.Multi.Generic (1)
21:28:04.0000 1768 [ FCD56D0506A5AAD5E211701F1400597D ] ehSched C:\WINDOWS\eHome\ehSched.exe
21:28:04.0015 1768 ehSched ( UnsignedFile.Multi.Generic ) - warning
21:28:04.0015 1768 ehSched - detected UnsignedFile.Multi.Generic (1)
21:28:04.0046 1768 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:28:04.0046 1768 EraserUtilRebootDrv - ok
21:28:04.0078 1768 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:28:04.0156 1768 ERSvc - ok
21:28:04.0171 1768 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:28:04.0203 1768 Eventlog - ok
21:28:04.0234 1768 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:28:04.0265 1768 EventSystem - ok
21:28:04.0296 1768 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:28:04.0390 1768 Fastfat - ok
21:28:04.0406 1768 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:28:04.0437 1768 FastUserSwitchingCompatibility - ok
21:28:04.0453 1768 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:28:04.0515 1768 Fdc - ok
21:28:04.0531 1768 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:28:04.0640 1768 Fips - ok
21:28:04.0656 1768 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:28:04.0734 1768 Flpydisk - ok
21:28:04.0750 1768 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:28:04.0843 1768 FltMgr - ok
21:28:04.0843 1768 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:28:04.0921 1768 Fs_Rec - ok
21:28:04.0953 1768 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:28:05.0031 1768 Ftdisk - ok
21:28:05.0046 1768 [ 8C18F85EDD5D47F34068F3EFD5689FA9 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:28:05.0062 1768 GEARAspiWDM - ok
21:28:05.0125 1768 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
21:28:05.0140 1768 GoogleDesktopManager-051210-111108 - ok
21:28:05.0156 1768 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:28:05.0234 1768 Gpc - ok
21:28:05.0265 1768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:28:05.0281 1768 gupdate - ok
21:28:05.0281 1768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:28:05.0296 1768 gupdatem - ok
21:28:05.0359 1768 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:05.0375 1768 gusvc - ok
21:28:05.0390 1768 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:28:05.0468 1768 HDAudBus - ok
21:28:05.0562 1768 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:28:05.0656 1768 helpsvc - ok
21:28:05.0671 1768 HidServ - ok
21:28:05.0687 1768 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:28:05.0765 1768 HidUsb - ok
21:28:05.0796 1768 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:28:05.0875 1768 hkmsvc - ok
21:28:05.0875 1768 hpn - ok
21:28:05.0906 1768 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:28:05.0968 1768 HTTP - ok
21:28:05.0984 1768 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:28:06.0062 1768 HTTPFilter - ok
21:28:06.0078 1768 i2omgmt - ok
21:28:06.0078 1768 i2omp - ok
21:28:06.0109 1768 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:28:06.0187 1768 i8042prt - ok
21:28:06.0218 1768 [ 6AA3F94167A12B5BCCBD0883ED27AEA0 ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:28:06.0234 1768 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:28:06.0234 1768 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:28:06.0296 1768 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121119.002\IDSxpx86.sys
21:28:06.0312 1768 IDSxpx86 - ok
21:28:06.0343 1768 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:28:06.0406 1768 Imapi - ok
21:28:06.0437 1768 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:28:06.0531 1768 ImapiService - ok
21:28:06.0531 1768 ini910u - ok
21:28:06.0531 1768 IntelIde - ok
21:28:06.0593 1768 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:28:06.0671 1768 intelppm - ok
21:28:06.0687 1768 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:28:06.0765 1768 Ip6Fw - ok
21:28:06.0781 1768 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:28:06.0859 1768 IpFilterDriver - ok
21:28:06.0890 1768 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:28:06.0968 1768 IpInIp - ok
21:28:07.0000 1768 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:28:07.0078 1768 IpNat - ok
21:28:07.0093 1768 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:28:07.0171 1768 IPSec - ok
21:28:07.0187 1768 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:28:07.0265 1768 IRENUM - ok
21:28:07.0281 1768 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:28:07.0359 1768 isapnp - ok
21:28:07.0703 1768 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
21:28:08.0140 1768 JavaQuickStarterService - ok
21:28:08.0156 1768 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:28:08.0234 1768 Kbdclass - ok
21:28:08.0265 1768 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:28:08.0343 1768 kmixer - ok
21:28:08.0375 1768 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:28:08.0406 1768 KSecDD - ok
21:28:08.0421 1768 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:28:08.0437 1768 lanmanserver - ok
21:28:08.0468 1768 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:28:08.0484 1768 lanmanworkstation - ok
21:28:08.0500 1768 lbrtfdc - ok
21:28:08.0515 1768 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:28:08.0640 1768 LmHosts - ok
21:28:08.0703 1768 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
21:28:08.0718 1768 MDM - ok
21:28:08.0734 1768 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:28:08.0812 1768 Messenger - ok
21:28:08.0843 1768 [ DED60230E3019C508769EC3C15BCDA44 ] MHN C:\WINDOWS\System32\mhn.dll
21:28:08.0875 1768 MHN ( UnsignedFile.Multi.Generic ) - warning
21:28:08.0875 1768 MHN - detected UnsignedFile.Multi.Generic (1)
21:28:08.0890 1768 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:28:08.0890 1768 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
21:28:08.0890 1768 MHNDRV - detected UnsignedFile.Multi.Generic (1)
21:28:08.0921 1768 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:28:09.0000 1768 mnmdd - ok
21:28:09.0031 1768 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:28:09.0109 1768 mnmsrvc - ok
21:28:09.0140 1768 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:28:09.0203 1768 Modem - ok
21:28:09.0218 1768 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:28:09.0296 1768 Mouclass - ok
21:28:09.0328 1768 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:28:09.0406 1768 mouhid - ok
21:28:09.0421 1768 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:28:09.0500 1768 MountMgr - ok
21:28:09.0531 1768 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:28:09.0546 1768 MozillaMaintenance - ok
21:28:09.0609 1768 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
21:28:09.0703 1768 MQAC - ok
21:28:09.0703 1768 mraid35x - ok
21:28:09.0734 1768 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:28:09.0828 1768 MRxDAV - ok
21:28:09.0859 1768 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:28:09.0968 1768 MRxSmb - ok
21:28:10.0000 1768 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:28:10.0093 1768 MSDTC - ok
21:28:10.0140 1768 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:28:10.0234 1768 Msfs - ok
21:28:10.0234 1768 MSIServer - ok
21:28:10.0250 1768 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:28:10.0328 1768 MSKSSRV - ok
21:28:10.0453 1768 [ 0DCA65CF0B5E016192DFC8D184544FB6 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
21:28:10.0593 1768 MSMQ - ok
21:28:10.0656 1768 [ 7E68E3D511CF98CCD613DE1253DA4247 ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
21:28:10.0765 1768 MSMQTriggers - ok
21:28:10.0796 1768 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:28:10.0859 1768 MSPCLOCK - ok
21:28:10.0890 1768 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:28:10.0984 1768 MSPQM - ok
21:28:11.0000 1768 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:28:11.0078 1768 mssmbios - ok
21:28:11.0093 1768 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:28:11.0125 1768 MTsensor - ok
21:28:11.0140 1768 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:28:11.0171 1768 Mup - ok
21:28:11.0203 1768 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:28:11.0296 1768 napagent - ok
21:28:11.0359 1768 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
21:28:11.0375 1768 NAV - ok
21:28:11.0421 1768 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121120.003\NAVENG.SYS
21:28:11.0421 1768 NAVENG - ok
21:28:11.0468 1768 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121120.003\NAVEX15.SYS
21:28:11.0531 1768 NAVEX15 - ok
21:28:11.0609 1768 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:28:11.0703 1768 NDIS - ok
21:28:11.0718 1768 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:28:11.0734 1768 NdisTapi - ok
21:28:11.0750 1768 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:28:11.0828 1768 Ndisuio - ok
21:28:11.0828 1768 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:28:11.0906 1768 NdisWan - ok
21:28:11.0921 1768 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:28:11.0953 1768 NDProxy - ok
21:28:11.0984 1768 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:28:12.0062 1768 NetBIOS - ok
21:28:12.0078 1768 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:28:12.0171 1768 NetBT - ok
21:28:12.0187 1768 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:28:12.0281 1768 NetDDE - ok
21:28:12.0281 1768 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:28:12.0359 1768 NetDDEdsdm - ok
21:28:12.0359 1768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:28:12.0437 1768 Netlogon - ok
21:28:12.0468 1768 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:28:12.0546 1768 Netman - ok
21:28:12.0609 1768 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:28:12.0625 1768 Nla - ok
21:28:12.0656 1768 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:28:12.0718 1768 Npfs - ok
21:28:12.0734 1768 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:28:12.0859 1768 Ntfs - ok
21:28:12.0875 1768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:28:12.0937 1768 NtLmSsp - ok
21:28:12.0984 1768 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:28:13.0109 1768 NtmsSvc - ok
21:28:13.0125 1768 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:28:13.0437 1768 Null - ok
21:28:13.0656 1768 [ 5950E6CC9FB3FABB61604D395DBC8550 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:28:14.0140 1768 nv - ok
21:28:14.0156 1768 [ 9FE764D5EECCA13B0932FAB81A4A5A6F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:28:14.0187 1768 NVSvc - ok
21:28:14.0218 1768 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:28:14.0296 1768 NwlnkFlt - ok
21:28:14.0312 1768 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:28:14.0375 1768 NwlnkFwd - ok
21:28:14.0421 1768 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:28:14.0421 1768 ose - ok
21:28:14.0453 1768 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:28:14.0531 1768 Parport - ok
21:28:14.0546 1768 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:28:14.0609 1768 PartMgr - ok
21:28:14.0656 1768 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:28:14.0734 1768 ParVdm - ok
21:28:14.0765 1768 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:28:14.0843 1768 PCI - ok
21:28:14.0843 1768 PCIDump - ok
21:28:14.0859 1768 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:28:14.0937 1768 PCIIde - ok
21:28:14.0953 1768 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:28:15.0046 1768 Pcmcia - ok
21:28:15.0046 1768 PDCOMP - ok
21:28:15.0046 1768 PDFRAME - ok
21:28:15.0046 1768 PDRELI - ok
21:28:15.0046 1768 PDRFRAME - ok
21:28:15.0078 1768 [ 9163BE83D58DE67F25FAE24894CCD80C ] pendfu C:\WINDOWS\system32\Drivers\pendfu.sys
21:28:15.0093 1768 pendfu ( UnsignedFile.Multi.Generic ) - warning
21:28:15.0093 1768 pendfu - detected UnsignedFile.Multi.Generic (1)
21:28:15.0109 1768 perc2 - ok
21:28:15.0109 1768 perc2hib - ok
21:28:15.0125 1768 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:28:15.0140 1768 PlugPlay - ok
21:28:15.0156 1768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:28:15.0218 1768 PolicyAgent - ok
21:28:15.0250 1768 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:28:15.0328 1768 PptpMiniport - ok
21:28:15.0359 1768 [ 681F46AF2812C615E23B8DF63F499A9E ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys
21:28:15.0375 1768 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
21:28:15.0375 1768 PQNTDrv - detected UnsignedFile.Multi.Generic (1)
21:28:15.0375 1768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:28:15.0437 1768 ProtectedStorage - ok
21:28:15.0468 1768 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:28:15.0531 1768 PSched - ok
21:28:15.0546 1768 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:28:15.0640 1768 Ptilink - ok
21:28:15.0687 1768 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:28:15.0703 1768 PxHelp20 - ok
21:28:15.0703 1768 ql1080 - ok
21:28:15.0703 1768 Ql10wnt - ok
21:28:15.0718 1768 ql12160 - ok
21:28:15.0718 1768 ql1240 - ok
21:28:15.0718 1768 ql1280 - ok
21:28:15.0734 1768 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:28:15.0828 1768 RasAcd - ok
21:28:15.0859 1768 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:28:15.0921 1768 RasAuto - ok
21:28:15.0937 1768 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:28:16.0031 1768 Rasl2tp - ok
21:28:16.0046 1768 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:28:16.0140 1768 RasMan - ok
21:28:16.0140 1768 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:28:16.0218 1768 RasPppoe - ok
21:28:16.0234 1768 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:28:16.0296 1768 Raspti - ok
21:28:16.0328 1768 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:28:16.0421 1768 Rdbss - ok
21:28:16.0421 1768 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:28:16.0500 1768 RDPCDD - ok
21:28:16.0515 1768 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:28:16.0656 1768 rdpdr - ok
21:28:16.0703 1768 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:28:16.0734 1768 RDPWD - ok
21:28:16.0750 1768 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:28:16.0843 1768 RDSessMgr - ok
21:28:16.0906 1768 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:28:16.0984 1768 redbook - ok
21:28:17.0015 1768 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:28:17.0093 1768 RemoteAccess - ok
21:28:17.0125 1768 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:28:17.0187 1768 RemoteRegistry - ok
21:28:17.0218 1768 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
21:28:17.0250 1768 RMCAST - ok
21:28:17.0265 1768 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:28:17.0343 1768 RpcLocator - ok
21:28:17.0359 1768 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:28:17.0375 1768 RpcSs - ok
21:28:17.0421 1768 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:28:17.0500 1768 RSVP - ok
21:28:17.0531 1768 [ F58A92E8B9CAEBE2FA8E73ADA7D9BD4C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:28:17.0546 1768 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
21:28:17.0546 1768 RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
21:28:17.0562 1768 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:28:17.0625 1768 SamSs - ok
21:28:17.0671 1768 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:28:17.0765 1768 SCardSvr - ok
21:28:17.0781 1768 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:28:17.0875 1768 Schedule - ok
21:28:17.0906 1768 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:28:17.0968 1768 Secdrv - ok
21:28:17.0984 1768 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:28:18.0062 1768 seclogon - ok
21:28:18.0078 1768 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
21:28:18.0140 1768 SenFiltService - ok
21:28:18.0171 1768 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:28:18.0234 1768 SENS - ok
21:28:18.0250 1768 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:28:18.0328 1768 serenum - ok
21:28:18.0328 1768 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:28:18.0406 1768 Serial - ok
21:28:18.0406 1768 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:28:18.0484 1768 Sfloppy - ok
21:28:18.0515 1768 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:28:18.0718 1768 SharedAccess - ok
21:28:18.0765 1768 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:28:18.0781 1768 ShellHWDetection - ok
21:28:18.0781 1768 Simbad - ok
21:28:18.0812 1768 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
21:28:18.0828 1768 snapman - ok
21:28:18.0828 1768 Sparrow - ok
21:28:18.0875 1768 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:28:18.0953 1768 splitter - ok
21:28:18.0984 1768 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:28:19.0000 1768 Spooler - ok
21:28:19.0000 1768 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:28:19.0078 1768 sr - ok
21:28:19.0093 1768 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:28:19.0187 1768 srservice - ok
21:28:19.0218 1768 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NAV\1309000.009\SRTSP.SYS
21:28:19.0250 1768 SRTSP - ok
21:28:19.0265 1768 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NAV\1309000.009\SRTSPX.SYS
21:28:19.0281 1768 SRTSPX - ok
21:28:19.0312 1768 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:28:19.0375 1768 Srv - ok
21:28:19.0406 1768 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:28:19.0484 1768 SSDPSRV - ok
21:28:19.0515 1768 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:28:19.0703 1768 stisvc - ok
21:28:19.0734 1768 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:28:19.0812 1768 swenum - ok
21:28:19.0828 1768 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:28:19.0953 1768 swmidi - ok
21:28:19.0953 1768 SwPrv - ok
21:28:19.0953 1768 symc810 - ok
21:28:19.0968 1768 symc8xx - ok
21:28:20.0000 1768 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NAV\1309000.009\SYMDS.SYS
21:28:20.0015 1768 SymDS - ok
21:28:20.0046 1768 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NAV\1309000.009\SYMEFA.SYS
21:28:20.0093 1768 SymEFA - ok
21:28:20.0125 1768 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:28:20.0140 1768 SymEvent - ok
21:28:20.0171 1768 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NAV\1309000.009\Ironx86.SYS
21:28:20.0187 1768 SymIRON - ok
21:28:20.0203 1768 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NAV\1309000.009\SYMTDI.SYS
21:28:20.0234 1768 SYMTDI - ok
21:28:20.0234 1768 sym_hi - ok
21:28:20.0234 1768 sym_u3 - ok
21:28:20.0265 1768 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:28:20.0343 1768 sysaudio - ok
21:28:20.0359 1768 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:28:20.0453 1768 SysmonLog - ok
21:28:20.0453 1768 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:28:20.0546 1768 TapiSrv - ok
21:28:20.0609 1768 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:28:20.0640 1768 Tcpip - ok
21:28:20.0671 1768 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:28:20.0750 1768 TDPIPE - ok
21:28:20.0750 1768 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:28:20.0843 1768 TDTCP - ok
21:28:20.0875 1768 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:28:20.0953 1768 TermDD - ok
21:28:20.0984 1768 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:28:21.0078 1768 TermService - ok
21:28:21.0093 1768 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:28:21.0109 1768 Themes - ok
21:28:21.0140 1768 [ D352FFF2A623B916C08CEACBFC8B5C32 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:28:21.0156 1768 tifsfilter - ok
21:28:21.0171 1768 [ 64694B2A5C772E1C61FEAC300ED90CA6 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
21:28:21.0203 1768 timounter - ok
21:28:21.0218 1768 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:28:21.0281 1768 TlntSvr - ok
21:28:21.0296 1768 TosIde - ok
21:28:21.0312 1768 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:28:21.0390 1768 TrkWks - ok
21:28:21.0421 1768 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:28:21.0500 1768 Udfs - ok
21:28:21.0500 1768 ultra - ok
21:28:21.0531 1768 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:28:21.0531 1768 UMWdf ( UnsignedFile.Multi.Generic ) - warning
21:28:21.0531 1768 UMWdf - detected UnsignedFile.Multi.Generic (1)
21:28:21.0578 1768 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:28:21.0796 1768 Update - ok
21:28:21.0843 1768 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:28:21.0953 1768 upnphost - ok
21:28:21.0968 1768 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:28:22.0046 1768 UPS - ok
21:28:22.0062 1768 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:28:22.0140 1768 usbehci - ok
21:28:22.0140 1768 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:28:22.0218 1768 usbhub - ok
21:28:22.0234 1768 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:28:22.0312 1768 usbprint - ok
21:28:22.0328 1768 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:28:22.0421 1768 usbscan - ok
21:28:22.0437 1768 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:28:22.0500 1768 USBSTOR - ok
21:28:22.0515 1768 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:28:22.0593 1768 usbuhci - ok
21:28:22.0640 1768 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:28:22.0703 1768 VgaSave - ok
21:28:22.0703 1768 ViaIde - ok
21:28:22.0718 1768 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:28:22.0796 1768 VolSnap - ok
21:28:22.0812 1768 [ D658E49302C382B88C8E9A08E20B2E82 ] vsdatant C:\WINDOWS\system32\vsdatant.sys
21:28:22.0843 1768 vsdatant - ok
21:28:22.0875 1768 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:28:22.0968 1768 VSS - ok
21:28:22.0984 1768 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:28:23.0062 1768 W32Time - ok
21:28:23.0093 1768 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:28:23.0156 1768 Wanarp - ok
21:28:23.0156 1768 WDICA - ok
21:28:23.0187 1768 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:28:23.0250 1768 wdmaud - ok
21:28:23.0281 1768 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:28:23.0359 1768 WebClient - ok
21:28:23.0406 1768 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:28:23.0500 1768 winmgmt - ok
21:28:23.0531 1768 [ 5FDCCC838CD95F61097D8A637F842AA8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:28:23.0531 1768 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
21:28:23.0531 1768 WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
21:28:23.0593 1768 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:28:23.0687 1768 Wmi - ok
21:28:23.0781 1768 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:28:23.0859 1768 WmiApSrv - ok
21:28:23.0890 1768 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:28:23.0968 1768 wscsvc - ok
21:28:24.0000 1768 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:28:24.0078 1768 wuauserv - ok
21:28:24.0109 1768 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:28:24.0203 1768 WZCSVC - ok
21:28:24.0234 1768 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:28:24.0312 1768 xmlprov - ok
21:28:24.0312 1768 ================ Scan global ===============================
21:28:24.0343 1768 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:28:24.0375 1768 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:28:24.0406 1768 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:28:24.0421 1768 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:28:24.0421 1768 [Global] - ok
21:28:24.0421 1768 ================ Scan MBR ==================================
21:28:24.0437 1768 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:28:24.0656 1768 \Device\Harddisk0\DR0 - ok
21:28:24.0656 1768 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:28:24.0890 1768 \Device\Harddisk1\DR1 - ok
21:28:24.0906 1768 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR13
21:28:27.0281 1768 \Device\Harddisk2\DR13 - ok
21:28:27.0281 1768 ================ Scan VBR ==================================
21:28:27.0296 1768 [ 72E036D6D050239E96A2F70DE54860AD ] \Device\Harddisk0\DR0\Partition1
21:28:27.0296 1768 \Device\Harddisk0\DR0\Partition1 - ok
21:28:27.0312 1768 [ 8225AC76F28320464BEC51053728A7FA ] \Device\Harddisk0\DR0\Partition2
21:28:27.0312 1768 \Device\Harddisk0\DR0\Partition2 - ok
21:28:27.0328 1768 [ 4BAE981B9161FCBD175DFB985E72140B ] \Device\Harddisk0\DR0\Partition3
21:28:27.0328 1768 \Device\Harddisk0\DR0\Partition3 - ok
21:28:27.0328 1768 [ 314717415F2C9DB3D9FD72AF96441B35 ] \Device\Harddisk1\DR1\Partition1
21:28:27.0343 1768 \Device\Harddisk1\DR1\Partition1 - ok
21:28:27.0359 1768 [ 7AFA7A4D50834CEA3ED061705E1DC980 ] \Device\Harddisk1\DR1\Partition2
21:28:27.0359 1768 \Device\Harddisk1\DR1\Partition2 - ok
21:28:27.0359 1768 [ BDBCCF380F1842B39D5B7AB9B8CF0350 ] \Device\Harddisk1\DR1\Partition3
21:28:27.0359 1768 \Device\Harddisk1\DR1\Partition3 - ok
21:28:27.0359 1768 [ 61D6FADD365427579D1BA4AF4A3BF3DF ] \Device\Harddisk1\DR1\Partition4
21:28:27.0359 1768 \Device\Harddisk1\DR1\Partition4 - ok
21:28:27.0359 1768 [ 520D746B0CC09A41ABB2D271CDAF6717 ] \Device\Harddisk2\DR13\Partition1
21:28:27.0359 1768 \Device\Harddisk2\DR13\Partition1 - ok
21:28:27.0359 1768 ============================================================
21:28:27.0359 1768 Scan finished
21:28:27.0359 1768 ============================================================
21:28:27.0484 2128 Detected object count: 15
21:28:27.0484 2128 Actual detected object count: 15
21:29:02.0015 2128 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 CPen20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 CPen20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 ehSched ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 ehSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0015 2128 pendfu ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0015 2128 pendfu ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0031 2128 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0031 2128 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0031 2128 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0031 2128 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0031 2128 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0031 2128 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:02.0031 2128 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:02.0031 2128 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.11.2012, 00:10
| #11 |
| | ihavenet trojanerCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-21 00:07:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 Maxtor_6V160E0 rev.VA111630
Running: cqt0rfgi.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\pxldypoc.sys
---- System - GMER 1.0.15 ----
SSDT 89DDC310 ZwAlertResumeThread
SSDT 89B23E90 ZwAlertThread
SSDT 8A232408 ZwAllocateVirtualMemory
SSDT 89BA5D68 ZwAssignProcessToJobObject
SSDT 8A13A8A0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB68B4D40]
SSDT 8A226F80 ZwCreateMutant
SSDT 89BB3B80 ZwCreateSymbolicLinkObject
SSDT 8A23ADE0 ZwCreateThread
SSDT 89B97130 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB68B4FC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB68B5680]
SSDT 89DB4930 ZwDuplicateObject
SSDT 89BCAF80 ZwFreeVirtualMemory
SSDT 8A219EF0 ZwImpersonateAnonymousToken
SSDT 8A219FD0 ZwImpersonateThread
SSDT 89EBFC10 ZwLoadDriver
SSDT 89DCD008 ZwMapViewOfSection
SSDT 8A226EA0 ZwOpenEvent
SSDT 89C0F8F8 ZwOpenProcess
SSDT 89AE00F8 ZwOpenProcessToken
SSDT 89B28FD0 ZwOpenSection
SSDT 89B8C940 ZwOpenThread
SSDT 89BA5C98 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB68B5BF0]
SSDT 89B23F70 ZwResumeThread
SSDT 89B69118 ZwSetContextThread
SSDT 89AE30C8 ZwSetInformationProcess
SSDT 89B28EA8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB68B5910]
SSDT 89B9B128 ZwSuspendProcess
SSDT 89B47090 ZwSuspendThread
SSDT 89B83120 ZwTerminateProcess
SSDT 89B47008 ZwTerminateThread
SSDT 89DCD088 ZwUnmapViewOfSection
SSDT 89ADC1F8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F48360, 0x307AC7, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB6BB1A00]
---- User code sections - GMER 1.0.15 ----
.text D:\programme\realplayer\update\realsched.exe[1568] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
21.11.2012, 12:54
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet trojaner Ok, ich seh da keine Rookits adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2012, 16:33
| #13 |
| | ihavenet trojanerCode:
ATTFilter # AdwCleaner v2.008 - Datei am 21/11/2012 um 16:30:40 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : admin - SCHMULI
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\admin\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\S-1-5-21-1123561945-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\S-1-5-21-1123561945-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1501 octets] - [21/11/2012 16:30:40]
########## EOF - C:\AdwCleaner[R1].txt - [1561 octets] ##########
|
|
21.11.2012, 16:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2012, 21:12
| #15 |
| | ihavenet trojaner adwcleaner Code:
ATTFilter # AdwCleaner v2.008 - Datei am 21/11/2012 um 17:36:10 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : admin - SCHMULI
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1630 octets] - [21/11/2012 16:30:40]
AdwCleaner[S1].txt - [1117 octets] - [21/11/2012 17:36:10]
########## EOF - C:\AdwCleaner[S2].txt - [1177 octets] ##########
Code:
ATTFilter OTL logfile created on: 21.11.2012 17:52:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,34% Memory free 3,85 Gb Paging File | 3,48 Gb Available in Paging File | 90,44% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,61 Gb Free Space | 52,45% Space Free | Partition Type: NTFS Drive D: | 56,76 Gb Total Space | 52,74 Gb Free Space | 92,90% Space Free | Partition Type: NTFS Drive E: | 43,46 Gb Total Space | 40,66 Gb Free Space | 93,56% Space Free | Partition Type: NTFS Drive F: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive G: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive I: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive J: | 116,45 Gb Total Space | 109,24 Gb Free Space | 93,81% Space Free | Partition Type: NTFS Drive K: | 7,50 Gb Total Space | 7,50 Gb Free Space | 99,89% Space Free | Partition Type: FAT32 Computer Name: SCHMULI | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - D:\Programme\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe (iXi Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\cjpcsc.exe (REINER SCT) PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - D:\Programme\C Technologies\C-Pen 20\CPenDesk.exe (Anoto AB) PRC - D:\Programme\C Technologies\C-Pen 20\CPen20.exe ( ) PRC - D:\Programme\C Technologies\C-Pen 20\CPenOCR.exe () PRC - D:\Adobe\Acrobat 7.0\Distillr\AcroTray.exe (Adobe Systems Inc.) PRC - C:\Programme\FRITZ!\IWatch.exe (AVM Berlin) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_90110d3f\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_95507774\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_216716de\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2dd6cc66\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\Programme\iXi Tools\Driver Updater Pro\SysInfoDll.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll () MOD - D:\Programme\C Technologies\C-Pen 20\CPenOCR.dll () MOD - D:\Programme\C Technologies\C-Pen 20\CPenOCR.exe () MOD - D:\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - D:\Adobe\Acrobat 7.0\Distillr\AcroTray.DEU () MOD - D:\Adobe\Acrobat 7.0\Distillr\AcroTray.FRA () MOD - D:\Programme\C Technologies\C-Pen 20\RFFTW2dll.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\WINDOWS\system32\sbe.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NAV) -- C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (cjpcsc) -- C:\WINDOWS\system32\cjpcsc.exe (REINER SCT) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121120.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20121120.003\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121119.002\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1309000.009\srtspx.sys (Symantec Corporation) DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symefa.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symtdi.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1309000.009\ironx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symds.sys (Symantec Corporation) DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation) DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation) DRV - (cjusb) -- C:\WINDOWS\system32\drivers\cjusb.sys (REINER SCT) DRV - (bizVSerial) -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys (franson.biz) DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (CPen20) -- C:\WINDOWS\system32\drivers\CPen20.sys (Anoto) DRV - (pendfu) -- C:\WINDOWS\system32\drivers\pendfu.sys (Anoto AB) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\..\SearchScopes,DefaultScope = {4881A009-07EB-4210-8C74-E5064BF93234} IE - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\..\SearchScopes\{4881A009-07EB-4210-8C74-E5064BF93234}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de IE - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: d:\programme\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: d:\programme\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: d:\programme\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.6a: D:\Programme\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.03.21 08:57:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.09 08:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.09 08:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.28 09:27:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.28 09:27:35 | 000,000,000 | ---D | M] [2008.06.18 13:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions [2012.11.17 13:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions [2011.06.02 15:32:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.05.20 10:27:00 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.07.25 08:24:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\bem8a5rp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 09:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 09:27:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.10.28 09:27:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.09 08:48:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2012.06.21 10:12:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 15:36:04 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.21 10:12:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 10:12:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 10:12:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 10:12:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Programme\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: VLC Multimedia Plugin (Enabled) = D:\Programme\VLC\npvlc.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 7.0] D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] D:\programme\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-1123561945-1844823847-839522115-1003..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe (iXi Tools) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\C-Pen 20.lnk = C:\WINDOWS\Installer\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}\_5A1930EDFA8D_4359_BB47_DE9376F17160.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O15 - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1123561945-1844823847-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246298546868 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9686110-4EC4-4342-8882-C4EEB1005753}: DhcpNameServer = 192.168.3.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.05 09:44:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.07.25 08:03:52 | 000,000,000 | ---D | M] - D:\Autoroute -- [ NTFS ] O33 - MountPoints2\{6e6e94f4-93bb-11df-9707-0018f34ed70c}\Shell\AutoRun\command - "" = K:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 21:27:11 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\admin\Desktop\tdsskiller.exe [2012.11.20 17:54:31 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\admin\Desktop\aswMBR.exe [2012.11.18 11:11:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.11.17 13:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XoftSpySE [2012.11.17 13:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.10.28 09:27:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.21 17:52:13 | 000,017,640 | ---- | M] () -- C:\WINDOWS\uedit32.INI [2012.11.21 17:38:38 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2012.11.21 17:38:37 | 000,002,259 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\C-Pen 20.lnk [2012.11.21 17:38:36 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2012.11.21 17:38:35 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-1844823847-839522115-1003.job [2012.11.21 17:38:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 17:38:30 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\FHDZSH.job [2012.11.21 17:38:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.21 17:35:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 16:24:28 | 000,543,531 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\adwcleaner.exe [2012.11.21 00:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.20 21:25:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\admin\Desktop\tdsskiller.exe [2012.11.20 17:58:10 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\cqt0rfgi.exe [2012.11.20 17:54:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\admin\Desktop\aswMBR.exe [2012.11.20 11:33:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.18 11:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe [2012.11.17 14:15:47 | 000,000,209 | -HS- | M] () -- C:\boot.ini [2012.11.17 11:33:43 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\msdxmlcp.dll [2012.11.17 11:24:09 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.16 17:14:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.10 09:50:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-1844823847-839522115-1003.job [2012.11.09 19:07:19 | 000,079,149 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\kristberg-panorama.pdf [2012.11.07 11:37:13 | 000,001,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.10.29 06:52:53 | 000,044,032 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\image-418171-galleryV9-tkvq.jpg [2012.10.28 09:09:36 | 000,408,454 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 09:09:36 | 000,394,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 09:09:36 | 000,068,640 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 09:09:36 | 000,056,954 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.25 14:21:27 | 000,942,674 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_3.pdf [2012.10.25 13:18:55 | 000,044,246 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\AgfaScanWise.pdf [2012.10.25 12:42:07 | 000,942,740 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_2.pdf [2012.10.25 12:17:15 | 000,729,696 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_1.pdf [2012.10.25 08:47:10 | 000,720,968 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung1.pdf [2012.10.25 08:36:49 | 000,144,355 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung.pdf [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.21 16:28:08 | 000,543,531 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\adwcleaner.exe [2012.11.20 17:59:12 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\cqt0rfgi.exe [2012.11.17 11:33:43 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\msdxmlcp.dll [2012.11.17 11:33:43 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\FHDZSH.job [2012.11.09 19:07:19 | 000,079,149 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\kristberg-panorama.pdf [2012.10.29 06:52:52 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\image-418171-galleryV9-tkvq.jpg [2012.10.25 13:18:55 | 000,044,246 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\AgfaScanWise.pdf [2012.10.25 13:10:22 | 000,942,674 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_3.pdf [2012.10.25 12:42:06 | 000,942,740 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_2.pdf [2012.10.25 12:17:14 | 000,729,696 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung_1.pdf [2012.10.25 08:47:09 | 000,720,968 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung1.pdf [2012.10.25 08:36:49 | 000,144,355 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Antrag und Tourenbericht zur Bergfuehrerausbildung.pdf [2012.02.17 08:42:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.10.20 11:23:53 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.10.20 11:18:51 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2007.12.05 15:54:29 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.12.05 16:38:10 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.05 16:04:41 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2006.11.05 16:04:41 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2006.11.05 16:04:40 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2006.11.05 10:16:11 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.05 09:38:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.11.2012 17:52:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,34% Memory free
3,85 Gb Paging File | 3,48 Gb Available in Paging File | 90,44% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,61 Gb Free Space | 52,45% Space Free | Partition Type: NTFS
Drive D: | 56,76 Gb Total Space | 52,74 Gb Free Space | 92,90% Space Free | Partition Type: NTFS
Drive E: | 43,46 Gb Total Space | 40,66 Gb Free Space | 93,56% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive I: | 116,44 Gb Total Space | 116,37 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive J: | 116,45 Gb Total Space | 109,24 Gb Free Space | 93,81% Space Free | Partition Type: NTFS
Drive K: | 7,50 Gb Total Space | 7,50 Gb Free Space | 99,89% Space Free | Partition Type: FAT32
Computer Name: SCHMULI | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = UltraEdit.html] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- E:\sicherung\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
[HKEY_USERS\S-1-5-21-1123561945-1844823847-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" = C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
"D:\Programme\SmartFtp\SmartFTP.exe" = D:\Programme\SmartFtp\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 7.0 -- (Kaspersky Lab)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{13CE6A18-2936-49E5-B10C-148A12C035DD}" = Kaufmann 2008
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C27C64B-D5CF-4881-A310-0BD2A0D21927}" = ElsterFormular 2005/2006
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6DC47739-3BB0-4494-A43D-193BF54070AE}" = Cisco Systems VPN Client 4.6.00.0049
"{6F9D49F2-1046-11D8-9F20-00010215F7FF}" = Lexware lohnauskunft 2004
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}" = IKEA HomePlanner Kitchen
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}" = C-Pen 20
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0.9 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agfa ScanWise 1.70" = Agfa ScanWise 1.70
"AGFAnet Print Service" = AGFAnet Print Service
"Driver Updater Pro" = Driver Updater Pro
"ElsterFormular 11.3.0.4235" = ElsterFormular
"foobar2000" = foobar2000 v0.9.4.2
"FRITZ! 2.0" = AVM FRITZ!
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LetsTrade" = LetsTrade Komponenten
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Meine Zeiterfassung" = Meine Zeiterfassung 2.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft AutoRoute Express EUR" = Microsoft AutoRoute Express Europa (CD-ROM erforderlich)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"XP Codec Pack" = XP Codec Pack
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1123561945-1844823847-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.09.2012 04:35:19 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 05.10.2012 08:10:16 | Computer Name = SCHMULI | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x10002403.
Error - 10.10.2012 02:49:10 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 10.10.2012 02:50:14 | Computer Name = SCHMULI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.10.2012 11:40:43 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 07.11.2012 01:35:10 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 10.11.2012 02:49:27 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 17.11.2012 08:47:27 | Computer Name = SCHMULI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xoftspyse_setup_rw.exe, Version 7.0.1.0,
fehlgeschlagenes Modul system.dll, Version 0.0.0.0, Fehleradresse 0x000018ed.
Error - 17.11.2012 09:16:59 | Computer Name = SCHMULI | Source = Media Center Scheduler | ID = 0
Description =
Error - 18.11.2012 06:10:33 | Computer Name = SCHMULI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 16.0.2.4680, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 16.11.2012 02:54:21 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 16.11.2012 02:54:21 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 06:24:28 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 09:15:30 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 09:15:30 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 17.11.2012 11:12:49 | Computer Name = SCHMULI | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "E:" aus.
Error - 20.11.2012 18:06:56 | Computer Name = SCHMULI | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 20.11.2012 18:06:57 | Computer Name = SCHMULI | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 20.11.2012 18:07:01 | Computer Name = SCHMULI | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 20.11.2012 18:07:43 | Computer Name = SCHMULI | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort2 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
|
|
| Themen zu ihavenet trojaner |
| 0x00000001, ad-aware, adobe, avp.exe, bho, converter, document, downloader, einstellungen, error, explorer, flash player, format, ftp, google, google earth, intranet, logfile, microsoft office 2003, mozilla, picasa, plug-in, realtek, registry, rundll, scan, searchscopes, security, software, svchost.exe, tcp, trojaner, udp, windows internet |
Linear-Darstellung
