| |
| |||||||
Log-Analyse und Auswertung: Gesendete und empfangene Pakete Quote 1:1Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.11.2012, 20:46
| #1 |
| |  Gesendete und empfangene Pakete Quote 1:1 Hallo liebe Moderatoren! Ich habe das im Betreff genannte Problem: Die Anzahl der gesendeten und empfangenen Pakete beim normalen Surfen sind annähernd gleich. Man sagte mir, dass wäre untypisch und ein Anzeichen für einen Virus. Zudem bleibt die Quote fast 1:1, wenn ich einen Download in Firefox getätigt habe. Ich benutze keine P2P Software. Zur Vorgeschichte: Ich hatte den Bundespolizei-Trojaner auf dem PC und hatte mit Hilfe einer Anleitung eines anderen Forums(da hatte ich dieses hier noch nicht entdeckt) diesen entfernt. Danach trat dann das eben erklärte Problem auf. Ich habe dann mithilfe der Recovery CD meines Notebooks, die Festplatte gelöscht und Windows neu installiert. Das Problem ist immer noch da (also das upload download Problem). Ich habe mitlerweile 3 Virenscanner (avira,avast & eset online scanner) drüber laufen lassen. Zudem malware antybytes, aber überall keine Funde! Zudem hatte ich vor kurzem von gmx eine nachricht, dass mein emailkonto angegriffen worden sei. Dies war aber vor der Festplattenformatierung. Das PAsswort habe ich abgeändert. Ein Schaden ist (noch) nicht feststellbar. Ich wäre Euch für eine Hilfe mehr als dankbar. Bin extrem verunsichert. Vielen Dank im Voraus! Anbei die OTL logfiles: OTL logfile created on: 26.11.2012 20:19:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Ich\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,05 Mb Total Physical Memory | 540,46 Mb Available Physical Memory | 53,30% Memory free 2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,29% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,88 Gb Total Space | 47,04 Gb Free Space | 84,18% Space Free | Partition Type: NTFS Computer Name: YOUR-FE69442DB7 | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\WINDOWS\system32\acs.exe (Atheros) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) PRC - C:\Programme\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\AVAST Software\Avast\defs\12112600\algo.dll () MOD - C:\Programme\AVAST Software\Avast\defs\12111900\algo.dll () MOD - C:\Programme\TOSHIBA\TouchPad\TPECioctl.dll () MOD - C:\WINDOWS\system32\EBLib.DLL () MOD - C:\WINDOWS\system32\EKECioCtl.dll () MOD - C:\WINDOWS\system32\TCtrlIO.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros) SRV - (jswpsapi) -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe (wireless) SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (SYMIDSCO) -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.) DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA ) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1701558876-410344196-1227097868-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1701558876-410344196-1227097868-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.bvb.de" FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.11.18 15:52:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.11.19 13:56:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.18 17:37:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.11.19 13:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.11.18 17:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Extensions [2012.11.19 14:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\49zkhxv4.default\extensions [2012.11.18 17:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1701558876-410344196-1227097868-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-1701558876-410344196-1227097868-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA) O4 - HKU\S-1-5-21-1701558876-410344196-1227097868-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1701558876-410344196-1227097868-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FC44794-C639-4700-937C-9D933886F839}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.05.23 14:15:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.26 20:14:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2012.11.20 19:20:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2012.11.19 13:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2012.11.19 13:56:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\ForceField Shared Files [2012.11.19 13:56:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\CheckPoint [2012.11.19 13:55:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point [2012.11.19 13:49:20 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2012.11.19 13:49:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012.11.19 13:41:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Thunderbird [2012.11.19 13:41:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Thunderbird [2012.11.19 13:41:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.11.19 13:16:28 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll [2012.11.19 12:30:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes [2012.11.19 12:30:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.19 12:30:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.19 12:30:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.19 12:30:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.19 11:43:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP-LINK [2012.11.19 11:42:44 | 000,405,582 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscsup.dll [2012.11.19 11:42:44 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscimd.sys [2012.11.19 11:42:44 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\jswscimd.sys [2012.11.19 11:42:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TP-LINK [2012.11.19 11:42:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Atheros [2012.11.19 11:42:38 | 000,499,796 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe [2012.11.19 11:42:17 | 000,058,208 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys [2012.11.19 11:42:17 | 000,058,208 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys [2012.11.19 11:42:16 | 001,269,854 | ---- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll [2012.11.19 11:42:16 | 000,405,504 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll [2012.11.19 11:42:16 | 000,360,539 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapiU.dll [2012.11.19 11:42:16 | 000,311,390 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20U.dll [2012.11.19 11:42:16 | 000,254,022 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsfwDS.dll [2012.11.19 11:42:16 | 000,249,924 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.dll [2012.11.19 11:42:16 | 000,127,079 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20resU.dll [2012.11.19 11:42:16 | 000,127,053 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20res.dll [2012.11.19 11:42:16 | 000,082,017 | ---- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll [2012.11.19 11:42:15 | 000,237,568 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20.dll [2012.11.19 11:42:15 | 000,000,000 | ---D | C] -- C:\Programme\TP-LINK [2012.11.19 11:41:55 | 001,756,384 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athuw.sys [2012.11.19 11:41:55 | 001,756,384 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athuw.sys [2012.11.19 11:41:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2012.11.18 18:41:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\AdobeUM [2012.11.18 18:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2012.11.18 18:20:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2012.11.18 18:20:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2012.11.18 18:15:56 | 000,016,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2012.11.18 17:49:11 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2012.11.18 17:38:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads [2012.11.18 17:37:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Mozilla [2012.11.18 17:37:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla [2012.11.18 17:37:28 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.11.18 17:37:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.11.18 17:37:23 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.11.18 17:11:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Help [2012.11.18 17:11:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Help [2012.11.18 16:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Macromedia [2012.11.18 16:00:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2012.11.18 16:00:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2012.11.18 16:00:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2012.11.18 15:53:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.11.18 15:53:09 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.11.18 15:53:09 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.11.18 15:53:07 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.11.18 15:53:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.11.18 15:53:06 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.11.18 15:53:05 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.11.18 15:53:05 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.11.18 15:53:04 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.11.18 15:52:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.11.18 15:52:29 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.11.18 15:52:08 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.11.18 15:52:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.11.18 14:49:51 | 000,000,000 | ---D | C] -- C:\Downloads [2012.11.18 14:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.11.18 14:35:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.11.18 14:32:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Netzwerkumgebung [2012.11.18 14:32:22 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft [2012.11.18 14:32:22 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Ich\Cookies [2012.11.18 14:32:22 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten [2012.11.18 14:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\toshiba [2012.11.18 14:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Intel [2012.11.18 14:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Identities [2012.11.18 14:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop [2012.11.18 14:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Application Data [2012.11.18 14:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Adobe [2012.11.18 14:32:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\SendTo [2012.11.18 14:32:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Recent [2012.11.18 14:32:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Zubehör [2012.11.18 14:32:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü [2012.11.18 14:32:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Favoriten [2012.11.18 14:32:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Eigene Musik [2012.11.18 14:32:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien [2012.11.18 14:32:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Eigene Bilder [2012.11.18 14:32:21 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart [2012.11.18 14:32:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ich\Vorlagen [2012.11.18 14:32:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen [2012.11.18 14:32:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ich\Druckumgebung [2012.11.18 14:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\WINDOWS [2012.11.18 14:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Microsoft [2012.11.18 14:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory [2012.11.18 14:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.11.18 14:32:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\{3248F0A6-6813-11D6-A77B-00B0D0150060} [2012.11.18 14:31:20 | 000,000,000 | ---D | C] -- C:\Programme\ltmoh [2012.11.18 14:31:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Intel PROSet Wireless [2012.11.18 14:30:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.26 20:14:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2012.11.26 19:13:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.26 19:13:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.26 19:13:34 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 19:19:25 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.19 14:07:25 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2012.11.19 13:57:11 | 000,415,933 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2012.11.19 13:49:40 | 000,000,125 | ---- | M] () -- C:\user.js [2012.11.19 13:41:25 | 000,001,632 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk [2012.11.19 11:43:48 | 000,471,386 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.19 11:43:48 | 000,451,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.19 11:43:48 | 000,089,420 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.19 11:43:48 | 000,073,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.18 18:16:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.18 17:37:30 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.11.18 15:53:05 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.11.18 14:48:25 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.18 14:32:42 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04481-GR_PSAB0E-00J00.MRK [2012.11.18 14:31:25 | 000,000,332 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.10.30 23:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.19 13:56:41 | 000,415,933 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2012.11.19 13:49:39 | 000,000,125 | ---- | C] () -- C:\user.js [2012.11.19 13:41:25 | 000,001,632 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk [2012.11.19 11:42:44 | 000,035,967 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.cat [2012.11.19 11:42:44 | 000,035,538 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.cat [2012.11.19 11:42:44 | 000,005,529 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.inf [2012.11.19 11:42:44 | 000,002,231 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.inf [2012.11.19 11:42:38 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll [2012.11.19 11:42:17 | 000,042,067 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat [2012.11.19 11:42:17 | 000,042,052 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat [2012.11.19 11:42:17 | 000,005,363 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf [2012.11.19 11:42:17 | 000,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf [2012.11.19 11:42:16 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll [2012.11.19 11:41:55 | 000,039,369 | ---- | C] () -- C:\WINDOWS\System32\netathuw.inf [2012.11.19 11:41:55 | 000,007,488 | ---- | C] () -- C:\WINDOWS\System32\netathuw.cat [2012.11.18 17:50:03 | 000,001,622 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader.lnk [2012.11.18 17:50:03 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Deinstallationsprogramm.lnk [2012.11.18 17:50:03 | 000,001,545 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Update.lnk [2012.11.18 17:37:29 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.11.18 17:37:29 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.11.18 15:53:05 | 000,000,302 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.18 14:32:42 | 003,072,054 | ---- | C] () -- C:\WINDOWS\TOSHIBA SATELLITE.bmp [2012.11.18 14:32:42 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04481-GR_PSAB0E-00J00.MRK [2012.11.18 14:32:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2012.11.18 14:32:23 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Remoteunterstützung.lnk [2012.11.18 14:32:23 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Windows Media Player.lnk [2012.11.18 14:32:23 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Internet Explorer.lnk [2012.11.18 14:32:23 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Outlook Express.lnk [2012.11.18 14:25:15 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2006.05.23 14:21:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2006.01.09 19:00:25 | 001,495,040 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004.08.04 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.18 15:52:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.11.19 13:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012.11.19 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2012.11.18 22:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\toshiba [2012.11.19 13:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\CheckPoint [2012.11.19 13:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Thunderbird [2012.11.18 22:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\toshiba [2012.11.19 12:11:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP-LINK ========== Purity Check ========== < End of report > OTL Extras logfile created on: 26.11.2012 20:19:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Ich\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,05 Mb Total Physical Memory | 540,46 Mb Available Physical Memory | 53,30% Memory free 2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,29% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,88 Gb Total Space | 47,04 Gb Free Space | 84,18% Space Free | Partition Type: NTFS Computer Name: YOUR-FE69442DB7 | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1701558876-410344196-1227097868-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\JDownloader\jre\bin\javaw.exe" = C:\Programme\JDownloader\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation) "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver "{075A7877-02CA-4B15-8534-1211712A8E79}" = ZoneAlarm Firewall "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1BD9E24B-DB16-491C-8092-F158664BB9F6}" = ZoneAlarm Security "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator "{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver "{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver "{62FE0726-9652-4CD2-9F09-C769D8699C21}" = TL-WN822N Driver "{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm "{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility "{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook "5513-1208-7298-9440" = JDownloader 0.9 "avast" = avast! Free Antivirus "InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey-Dienstprogramm "InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Touchpad EIN/AUS-Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool "ProInst" = Intel(R) PROSet/Wireless Software "TOSHIBA Software Modem" = TOSHIBA Software Modem "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.11.2012 12:22:15 | Computer Name = YOUR-FE69442DB7 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2838, Fehleradresse 0x00072016. Error - 18.11.2012 12:22:26 | Computer Name = YOUR-FE69442DB7 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2838, Fehleradresse 0x00072016. Error - 18.11.2012 12:30:18 | Computer Name = YOUR-FE69442DB7 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2838, Fehleradresse 0x00072016. Error - 18.11.2012 12:30:28 | Computer Name = YOUR-FE69442DB7 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul mshtml.dll, Version 6.0.2900.2838, Fehleradresse 0x00072016. [ System Events ] Error - 19.11.2012 08:51:14 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was Die referenzierte Assemblierung ist nicht auf dem Computer installiert. Error - 19.11.2012 08:51:14 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Die referenzierte Assemblierung ist nicht auf dem Computer installiert. . Error - 19.11.2012 08:51:14 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\WINDOWS\system32\ZoneLabs\FFApi.dll. Reference error message: Der Vorgang wurde erfolgreich beendet. . Error - 19.11.2012 08:51:14 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was Die referenzierte Assemblierung ist nicht auf dem Computer installiert. Error - 19.11.2012 08:51:14 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Die referenzierte Assemblierung ist nicht auf dem Computer installiert. . Error - 19.11.2012 08:51:14 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\WINDOWS\system32\ZoneLabs\FFApi.dll. Reference error message: Der Vorgang wurde erfolgreich beendet. . Error - 19.11.2012 08:56:06 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was Die referenzierte Assemblierung ist nicht auf dem Computer installiert. Error - 19.11.2012 08:56:06 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Die referenzierte Assemblierung ist nicht auf dem Computer installiert. . Error - 19.11.2012 08:56:06 | Computer Name = YOUR-FE69442DB7 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\DOKUME~1\Ich\LOKALE~1\Temp\schk.tmp. Reference error message: Der Vorgang wurde erfolgreich beendet. . Error - 19.11.2012 09:05:05 | Computer Name = YOUR-FE69442DB7 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TP-LINK Configuration Service. < End of report > |
| Themen zu Gesendete und empfangene Pakete Quote 1:1 |
| adobe, antivirus, avast, avira, bho, einstellungen, error, explorer, failed, festplatte, firefox, home, iexplore.exe, malware, plug-in, problem, realtek, recovery cd, registry, rundll, safer networking, scan, security, surfen, temp, windows |
Baum-Darstellung