| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google links führen auf falsche SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.12.2012, 10:53
| #1 |
| |  Google links führen auf falsche Seiten Hallo, ich habe hier den Rechner meines Nachbarn, er hat das ähnliche / gleiche Problem, da in diesem Thread:hxxp://http://www.trojaner-board.de/127866-...n-werbung.html beschrieben wird. Es handelt sich um ein Fujitsu Siemens Lifebook C Series, msinfo32 gibt folgendes aus: Code:
ATTFilter Betriebssystemname Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
Betriebssystemhersteller Microsoft Corporation
Systemname BRUNO-5E8548D68
Systemhersteller FUJITSU SIEMENS
Systemmodell LIFEBOOK C1410
Systemtyp X86-basierter PC
Prozessor x86 Family 6 Model 15 Stepping 6 GenuineIntel ~1995 Mhz
BIOS-Version/-Datum FUJITSU // Phoenix Technologies Ltd. Version 1.13, 05.10.2007
SMBIOS-Version 2.4
Windows-Verzeichnis C:\WINDOWS
Systemverzeichnis C:\WINDOWS\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "5.1.2600.5512 (xpsp.080413-2111)"
Benutzername BRUNO-5E8548D68\*********
Zeitzone Westeuropäische Normalzeit
Gesamter realer Speicher 1.024,00 MB
Verfügbarer realer Speicher 571,11 MB
Gesamter virtueller Speicher 2,00 GB
Verfügbarer virtueller Speicher 1,96 GB
Größe der Auslagerungsdatei 2,38 GB
Auslagerungsdatei C:\pagefile.sys
Ich habe mir OLT herruntergeladen und mit dem Inhalt der Textbox Benutzerdefiniert gescannt. Textbox: Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
OLT.txt: Code:
ATTFilter OTL logfile created on: 18.12.2012 09:59:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,98 Mb Total Physical Memory | 565,13 Mb Available Physical Memory | 55,73% Memory free 2,38 Gb Paging File | 2,08 Gb Available in Paging File | 87,38% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,70 Gb Total Space | 14,12 Gb Free Space | 54,96% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 46,41 Gb Free Space | 95,05% Space Free | Partition Type: NTFS Drive E: | 3,71 Gb Total Space | 0,54 Gb Free Space | 14,49% Space Free | Partition Type: FAT32 Computer Name: BRUNO-5E8548D68 | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe PRC - [2012.09.17 12:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2009.08.31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2009.08.31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2008.03.14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2007.10.25 14:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe PRC - [2006.11.17 14:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2006.07.05 10:57:16 | 000,118,784 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\PSUtility\TrayManager.exe PRC - [2006.04.07 16:36:00 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2006.04.07 15:37:00 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2006.02.06 22:00:00 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2006.01.27 17:17:00 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2006.01.23 20:47:00 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2005.12.05 15:50:00 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2005.10.12 11:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2005.09.09 23:12:40 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2005.07.21 13:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe PRC - [2005.07.21 13:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe PRC - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2009.04.27 22:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.09.29 08:07:00 | 000,148,816 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\VsEvntUI.DLL MOD - [2008.03.14 04:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll MOD - [2005.07.22 20:30:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll MOD - [2004.10.14 09:18:00 | 000,040,960 | ---- | M] () -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll MOD - [2004.07.20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) SRV - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- c:\temp\asliahmy.sys -- (asliahmy) DRV - [2009.08.31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.08.31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.08.31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009.08.31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009.08.31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009.08.31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2006.07.06 07:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006.06.29 12:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.04.17 08:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.04.13 19:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2006.03.16 09:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2006.03.15 09:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) DRV - [2006.02.24 00:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006.02.10 10:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2006.02.08 16:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid) DRV - [2005.10.18 20:08:50 | 000,033,280 | ---- | M] (REDC) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk) DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.07.21 13:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd) DRV - [2005.07.11 17:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt) DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004.10.18 14:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1) DRV - [2004.01.17 20:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001.08.01 20:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=13F832B5-832C-488C-A0D3-699DC579DFE6&apn_sauid=F62B5524-BF7B-4869-8139-FB6695FDED67 IE - HKCU\..\SearchScopes\{208E5592-DDCC-4C43-8506-ED885E532611}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] c:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217401535390 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC11B496-896B-4D31-BDCE-9A8BBF1BE108}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\FJWSEL: DllName - (FJWSWNP.dll) - C:\WINDOWS\System32\FJWSWNP.dll (FUJITSU LIMITED) O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.29 07:32:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell - "" = AutoRun O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.18 08:34:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2012.12.17 21:47:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent [2012.12.17 21:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.12.17 20:16:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes [2012.12.17 20:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.12.17 20:16:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.12.17 20:16:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.12.17 20:16:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.12.17 20:15:12 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\****\Desktop\gert.exe [2012.12.12 18:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.12.12 17:27:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IECompatCache [2012.12.12 17:25:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\PrivacIE [2012.12.12 17:22:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IETldCache [2012.12.12 17:18:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2012.12.12 17:16:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2012.12.12 10:11:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Ahead [33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.18 09:58:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.12.18 09:50:10 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.18 09:23:33 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job [2012.12.18 09:06:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.18 09:05:02 | 000,278,161 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\gmer1015.zip [2012.12.18 08:34:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable [2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2012.12.18 08:31:25 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.18 08:28:22 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe [2012.12.18 08:28:02 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\ebtxeqrmt.job [2012.12.18 08:28:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.18 08:27:59 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys [2012.12.17 21:21:30 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.12.17 20:16:20 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 19:48:32 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\****\Desktop\gert.exe [2012.12.12 18:46:56 | 000,001,775 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Google Chrome.lnk [2012.12.12 10:09:07 | 000,002,531 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Microsoft PowerPoint.lnk [2012.12.12 09:53:09 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.11 13:17:27 | 000,114,688 | RHS- | M] () -- C:\WINDOWS\System32\ieapfltre.dll [33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.18 09:05:46 | 000,278,161 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\gmer1015.zip [2012.12.18 08:34:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable [2012.12.18 08:34:09 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe [2012.12.17 21:21:30 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.12.17 20:16:20 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.12 18:46:56 | 000,001,775 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Google Chrome.lnk [2012.12.12 18:45:46 | 000,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.12 18:45:45 | 000,001,108 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.12 17:27:46 | 000,000,442 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job [2012.12.11 13:17:27 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\ieapfltre.dll [2012.12.11 13:17:27 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\ebtxeqrmt.job [2012.02.16 11:43:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.12 08:47:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.03.01 12:24:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\capictrl.INI [2008.07.29 07:42:54 | 000,000,150 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.07.29 07:42:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.29 17:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2011.03.04 17:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FileZilla [2008.07.30 08:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InterVideo [2011.01.18 14:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TeamViewer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.07.29 07:56:18 | 000,000,000 | ---D | M] -- C:\AddOn [2012.11.16 10:43:45 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2008.07.29 07:45:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.07.29 07:53:19 | 000,000,000 | ---D | M] -- C:\fsc.tmp [2008.07.29 07:55:57 | 000,000,000 | ---D | M] -- C:\Program Files [2012.12.17 20:16:09 | 000,000,000 | ---D | M] -- C:\Programme [2008.07.30 08:32:02 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.12.12 09:45:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.18 09:23:33 | 000,000,000 | ---D | M] -- C:\temp [2012.12.18 08:28:29 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: IASTOR.SYS > [2005.10.12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2005.10.12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys [2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\iaStor.sys [2005.10.12 11:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATABUS.SYS > [2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys < MD5 for: SCECLI.DLL > [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VIAMRAID.SYS > [2005.04.08 10:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.07.29 09:16:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.07.29 09:16:23 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.07.29 09:16:23 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2012.12.11 13:17:27 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ieapfltre.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.12.18 08:34:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable [2012.12.17 21:52:23 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\NTUSER.DAT [2012.12.18 10:03:04 | 000,024,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.dat.LOG [2012.12.17 21:52:23 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.17.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ******** :: BRUNO-5E8548D68 [Administrator] 17.12.2012 20:17:17 mbam-log-2012-12-17 (20-17-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 285973 Laufzeit: 1 Stunde(n), 3 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Sollte ich Informationen vergessen haben, bitte einfach melden. Ich werde versuchen diese dann schleunigst nachzureichen. Ich möchte mich im vorraus schonmal für sämtliche Hilfe bedanken. MfG Stephan |
|
18.12.2012, 11:31
| #2 |
  | Google links führen auf falsche Seiten Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\WINDOWS\System32\ieapfltre.dll
Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html TDSS-Killer Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150 Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... chris
__________________ |
|
18.12.2012, 22:03
| #3 |
| | Google links führen auf falsche Seiten Hallo, danke für die Antwort. Hier die Scannergebnisse:
__________________ieapfltr.dll Code:
ATTFilter SHA256: cea3e89e9a3ec4209a9e1cc011a5192e8f069d7cf9c4b98a745708ce48a7be4e
SHA1: 26e6b3f7bc04c5892f4789baf4a12742b6c593c8
MD5: 66f1c930f4572816bb15c3a863590305
File size: 435.5 KB ( 445952 bytes )
File name: 742428C400ACEFF6CE3206365B8A57004081F6E3.dll
File type: Win32 DLL
Tags: pedll signed
Detection ratio: 0 / 42
Analysis date: 2012-09-26 00:05:11 UTC ( 2 Monate, 3 Wochen ago )
SuperAntiSpyware hat folgendes Ergebnis: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 12/18/2012 at 09:50 PM
Application Version : 5.6.1014
Core Rules Database Version : 9759
Trace Rules Database Version: 7571
Scan type : Complete Scan
Total Scan Time : 00:51:04
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 37526
Registry threats detected : 0
File items scanned : 46058
File threats detected : 15
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\******\Cookies\4ERULT1Z.txt [ /xml.trafficno.com ]
C:\Dokumente und Einstellungen\******\Cookies\YND5UU1L.txt [ /ad.yieldmanager.com ]
C:\Dokumente und Einstellungen\******\Cookies\JL4HFHFZ.txt [ /media6degrees.com ]
C:\Dokumente und Einstellungen\******\Cookies\DLHM05J2.txt [ /invitemedia.com ]
C:\Dokumente und Einstellungen\******\Cookies\V3RA7C7H.txt [ /ad.zanox.com ]
C:\Dokumente und Einstellungen\******\Cookies\SZEDLLKY.txt [ /ad.360yield.com ]
C:\Dokumente und Einstellungen\******\Cookies\P4PQJH3W.txt [ /adbrite.com ]
C:\Dokumente und Einstellungen\******\Cookies\70Z1DGUW.txt [ /casalemedia.com ]
C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\administrator@atdmt[2].txt [ Cookie:administrator@atdmt.com/ ]
C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\administrator@adfarm1.adition[1].txt [ Cookie:administrator@adfarm1.adition.com/ ]
C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\administrator@doubleclick[1].txt [ Cookie:administrator@doubleclick.net/ ]
C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\COOKIES\ADMINISTRATOR@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\******\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\******\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-Undef
C:\WINDOWS\SYSTEM32\IEAPFLTRE.DLL
Code:
ATTFilter 21:59:06.0640 3064 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:59:06.0703 3064 ============================================================
21:59:06.0703 3064 Current date / time: 2012/12/18 21:59:06.0703
21:59:06.0703 3064 SystemInfo:
21:59:06.0703 3064
21:59:06.0703 3064 OS Version: 5.1.2600 ServicePack: 3.0
21:59:06.0703 3064 Product type: Workstation
21:59:06.0703 3064 ComputerName: BRUNO-5E8548D68
21:59:06.0703 3064 UserName: ******
21:59:06.0703 3064 Windows directory: C:\WINDOWS
21:59:06.0703 3064 System windows directory: C:\WINDOWS
21:59:06.0703 3064 Processor architecture: Intel x86
21:59:06.0703 3064 Number of processors: 2
21:59:06.0703 3064 Page size: 0x1000
21:59:06.0703 3064 Boot type: Normal boot
21:59:06.0703 3064 ============================================================
21:59:07.0125 3064 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:59:07.0125 3064 ============================================================
21:59:07.0125 3064 \Device\Harddisk0\DR0:
21:59:07.0125 3064 MBR partitions:
21:59:07.0125 3064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3366B1C
21:59:07.0125 3064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3366B5B, BlocksNum 0x61A7966
21:59:07.0125 3064 ============================================================
21:59:07.0140 3064 C: <-> \Device\Harddisk0\DR0\Partition1
21:59:07.0171 3064 D: <-> \Device\Harddisk0\DR0\Partition2
21:59:07.0171 3064 ============================================================
21:59:07.0171 3064 Initialize success
21:59:07.0171 3064 ============================================================
21:59:11.0828 1036 ============================================================
21:59:11.0828 1036 Scan started
21:59:11.0828 1036 Mode: Manual;
21:59:11.0828 1036 ============================================================
21:59:13.0375 1036 ================ Scan system memory ========================
21:59:13.0375 1036 Scan interrupted by user!
21:59:13.0375 1036 ================ Scan services =============================
21:59:13.0375 1036 Scan interrupted by user!
21:59:13.0375 1036 ================ Scan global ===============================
21:59:13.0375 1036 Scan interrupted by user!
21:59:13.0375 1036 ================ Scan MBR ==================================
21:59:13.0375 1036 Scan interrupted by user!
21:59:13.0375 1036 ================ Scan VBR ==================================
21:59:13.0375 1036 Scan interrupted by user!
21:59:13.0375 1036 ============================================================
21:59:13.0375 1036 Scan finished
21:59:13.0375 1036 ============================================================
21:59:13.0390 1112 Detected object count: 0
21:59:13.0390 1112 Actual detected object count: 0
21:59:35.0265 3720 ============================================================
21:59:35.0265 3720 Scan started
21:59:35.0265 3720 Mode: Manual; SigCheck; TDLFS;
21:59:35.0265 3720 ============================================================
21:59:35.0437 3720 ================ Scan services =============================
21:59:35.0515 3720 Abiosdsk - ok
21:59:35.0515 3720 abp480n5 - ok
21:59:35.0562 3720 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:59:36.0000 3720 ACPI - ok
21:59:36.0015 3720 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:59:36.0203 3720 ACPIEC - ok
21:59:36.0203 3720 adpu160m - ok
21:59:36.0218 3720 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:59:36.0312 3720 aec - ok
21:59:36.0343 3720 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:59:36.0375 3720 AFD - ok
21:59:36.0437 3720 [ 90456051C422E09BC36E6340DD891F0C ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:59:36.0546 3720 AgereSoftModem - ok
21:59:36.0546 3720 Aha154x - ok
21:59:36.0546 3720 aic78u2 - ok
21:59:36.0546 3720 aic78xx - ok
21:59:36.0609 3720 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:59:36.0703 3720 Alerter - ok
21:59:36.0734 3720 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:59:36.0843 3720 ALG - ok
21:59:36.0843 3720 AliIde - ok
21:59:36.0843 3720 amsint - ok
21:59:36.0875 3720 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:59:37.0000 3720 AppMgmt - ok
21:59:37.0031 3720 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:59:37.0125 3720 Arp1394 - ok
21:59:37.0140 3720 asc - ok
21:59:37.0140 3720 asc3350p - ok
21:59:37.0140 3720 asc3550 - ok
21:59:37.0203 3720 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
21:59:37.0203 3720 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
21:59:37.0203 3720 aspnet_state - detected UnsignedFile.Multi.Generic (1)
21:59:37.0218 3720 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:59:37.0328 3720 AsyncMac - ok
21:59:37.0343 3720 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:59:37.0421 3720 atapi - ok
21:59:37.0437 3720 Atdisk - ok
21:59:37.0468 3720 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:59:37.0562 3720 Atmarpc - ok
21:59:37.0609 3720 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:59:37.0734 3720 AudioSrv - ok
21:59:37.0765 3720 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:59:37.0890 3720 audstub - ok
21:59:37.0921 3720 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:59:38.0062 3720 Beep - ok
21:59:38.0093 3720 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:59:38.0265 3720 BITS - ok
21:59:38.0296 3720 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
21:59:38.0328 3720 Brother XP spl Service - ok
21:59:38.0390 3720 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:59:38.0500 3720 Browser - ok
21:59:38.0546 3720 [ C84E0365E1B1D1F96EBDF3B403DE5FEB ] BtnHnd C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys
21:59:38.0562 3720 BtnHnd ( UnsignedFile.Multi.Generic ) - warning
21:59:38.0562 3720 BtnHnd - detected UnsignedFile.Multi.Generic (1)
21:59:38.0578 3720 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:59:38.0718 3720 cbidf2k - ok
21:59:38.0718 3720 cd20xrnt - ok
21:59:38.0734 3720 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:59:38.0859 3720 Cdaudio - ok
21:59:38.0906 3720 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:59:38.0984 3720 Cdfs - ok
21:59:39.0000 3720 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:59:39.0078 3720 Cdrom - ok
21:59:39.0078 3720 Changer - ok
21:59:39.0109 3720 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:59:39.0218 3720 CiSvc - ok
21:59:39.0234 3720 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:59:39.0343 3720 ClipSrv - ok
21:59:39.0359 3720 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:59:39.0453 3720 CmBatt - ok
21:59:39.0453 3720 CmdIde - ok
21:59:39.0484 3720 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:59:39.0593 3720 Compbatt - ok
21:59:39.0593 3720 COMSysApp - ok
21:59:39.0593 3720 Cpqarray - ok
21:59:39.0640 3720 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:59:39.0734 3720 CryptSvc - ok
21:59:39.0734 3720 dac2w2k - ok
21:59:39.0734 3720 dac960nt - ok
21:59:39.0781 3720 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:59:39.0828 3720 DcomLaunch - ok
21:59:39.0875 3720 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:59:39.0968 3720 Dhcp - ok
21:59:39.0984 3720 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:59:40.0078 3720 Disk - ok
21:59:40.0078 3720 dmadmin - ok
21:59:40.0125 3720 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:59:40.0234 3720 dmboot - ok
21:59:40.0250 3720 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:59:40.0343 3720 dmio - ok
21:59:40.0375 3720 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:59:40.0453 3720 dmload - ok
21:59:40.0484 3720 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:59:40.0578 3720 dmserver - ok
21:59:40.0609 3720 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:59:40.0703 3720 DMusic - ok
21:59:40.0718 3720 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:59:40.0765 3720 Dnscache - ok
21:59:40.0796 3720 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:59:40.0890 3720 Dot3svc - ok
21:59:40.0906 3720 dpti2o - ok
21:59:40.0921 3720 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:59:41.0015 3720 drmkaud - ok
21:59:41.0031 3720 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:59:41.0125 3720 EapHost - ok
21:59:41.0156 3720 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:59:41.0234 3720 ERSvc - ok
21:59:41.0265 3720 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:59:41.0296 3720 Eventlog - ok
21:59:41.0343 3720 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:59:41.0375 3720 EventSystem - ok
21:59:41.0406 3720 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:59:41.0500 3720 Fastfat - ok
21:59:41.0531 3720 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:59:41.0578 3720 FastUserSwitchingCompatibility - ok
21:59:41.0593 3720 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:59:41.0671 3720 Fdc - ok
21:59:41.0703 3720 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:59:41.0812 3720 Fips - ok
21:59:41.0812 3720 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:59:41.0906 3720 Flpydisk - ok
21:59:41.0953 3720 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:59:42.0046 3720 FltMgr - ok
21:59:42.0062 3720 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:59:42.0156 3720 Fs_Rec - ok
21:59:42.0171 3720 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:59:42.0281 3720 Ftdisk - ok
21:59:42.0296 3720 [ 00845DCD64FE6348DDF7890C310C17B9 ] FUJ02B1 C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
21:59:42.0328 3720 FUJ02B1 - ok
21:59:42.0343 3720 [ C4942669FDE5ABD7BBE70027C9DE1247 ] FUJ02E1 C:\WINDOWS\system32\Drivers\FUJ02E1.sys
21:59:42.0375 3720 FUJ02E1 - ok
21:59:42.0406 3720 [ EF9F310F86FD504AFCDCEDF8280091FB ] FUJ02E3 C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
21:59:42.0421 3720 FUJ02E3 - ok
21:59:42.0468 3720 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:59:42.0546 3720 Gpc - ok
21:59:42.0609 3720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:59:42.0625 3720 gupdate - ok
21:59:42.0640 3720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:59:42.0640 3720 gupdatem - ok
21:59:42.0671 3720 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:59:42.0765 3720 HDAudBus - ok
21:59:42.0828 3720 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:59:42.0906 3720 helpsvc - ok
21:59:42.0921 3720 HidServ - ok
21:59:42.0953 3720 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:59:43.0031 3720 hkmsvc - ok
21:59:43.0031 3720 hpn - ok
21:59:43.0062 3720 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:59:43.0109 3720 HTTP - ok
21:59:43.0125 3720 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:59:43.0218 3720 HTTPFilter - ok
21:59:43.0218 3720 hwdatacard - ok
21:59:43.0218 3720 i2omgmt - ok
21:59:43.0218 3720 i2omp - ok
21:59:43.0265 3720 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:59:43.0359 3720 i8042prt - ok
21:59:43.0421 3720 [ 0B66A9A2137213075F753579E7D573A5 ] IAANTMon C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
21:59:43.0437 3720 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
21:59:43.0437 3720 IAANTMon - detected UnsignedFile.Multi.Generic (1)
21:59:43.0500 3720 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:59:43.0609 3720 ialm - ok
21:59:43.0640 3720 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:59:43.0718 3720 iaStor - ok
21:59:43.0765 3720 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:59:43.0859 3720 Imapi - ok
21:59:43.0875 3720 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:59:43.0968 3720 ImapiService - ok
21:59:43.0968 3720 ini910u - ok
21:59:44.0125 3720 [ 71AE838A88B07268D732F596FC17CED5 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:59:44.0406 3720 IntcAzAudAddService - ok
21:59:44.0421 3720 IntelIde - ok
21:59:44.0484 3720 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:59:44.0578 3720 intelppm - ok
21:59:44.0609 3720 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:59:44.0687 3720 Ip6Fw - ok
21:59:44.0718 3720 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:59:44.0812 3720 IpFilterDriver - ok
21:59:44.0843 3720 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:59:44.0937 3720 IpInIp - ok
21:59:44.0953 3720 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:59:45.0062 3720 IpNat - ok
21:59:45.0093 3720 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:59:45.0187 3720 IPSec - ok
21:59:45.0203 3720 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
21:59:45.0296 3720 irda - ok
21:59:45.0312 3720 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:59:45.0406 3720 IRENUM - ok
21:59:45.0437 3720 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
21:59:45.0546 3720 Irmon - ok
21:59:45.0546 3720 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:59:45.0640 3720 isapnp - ok
21:59:45.0781 3720 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
21:59:45.0796 3720 JavaQuickStarterService - ok
21:59:45.0812 3720 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:59:45.0906 3720 Kbdclass - ok
21:59:45.0937 3720 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:59:46.0015 3720 kmixer - ok
21:59:46.0062 3720 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:59:46.0078 3720 KSecDD - ok
21:59:46.0109 3720 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:59:46.0140 3720 lanmanserver - ok
21:59:46.0171 3720 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:59:46.0203 3720 lanmanworkstation - ok
21:59:46.0203 3720 lbrtfdc - ok
21:59:46.0250 3720 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:59:46.0390 3720 LmHosts - ok
21:59:46.0546 3720 [ 4C24C5DE1BFDDDEADCA326BE4F0AA93A ] McAfeeEngineService C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
21:59:46.0593 3720 McAfeeEngineService - ok
21:59:46.0781 3720 [ 4CD3EE64736B4D156DAC5C1D6EB60C24 ] McAfeeFramework C:\Programme\McAfee\Common Framework\FrameworkService.exe
21:59:46.0828 3720 McAfeeFramework - ok
21:59:46.0906 3720 [ 3B26EC4190C52DEA7489302DA526B0C7 ] McShield C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
21:59:47.0015 3720 McShield - ok
21:59:47.0046 3720 [ EA6278098DA1F905AAEC3DD614357F6E ] McTaskManager C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
21:59:47.0062 3720 McTaskManager - ok
21:59:47.0125 3720 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
21:59:47.0156 3720 MDM - ok
21:59:47.0187 3720 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:59:47.0359 3720 Messenger - ok
21:59:47.0453 3720 [ 4D81C0E4ED846E9A70B881891A5598AB ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
21:59:47.0468 3720 mfeapfk - ok
21:59:47.0484 3720 [ FF75F47EC2A9EA3E780A9D08DABA1276 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
21:59:47.0500 3720 mfeavfk - ok
21:59:47.0515 3720 [ 5A3B000FDCCF826FFB74E76B0474C856 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
21:59:47.0546 3720 mfebopk - ok
21:59:47.0562 3720 [ 8E6B4E55D3A33B92693F7081EC018C39 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
21:59:47.0593 3720 mfehidk - ok
21:59:47.0625 3720 [ FA097D72A439C3A387FE38A654DF44C5 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
21:59:47.0656 3720 mferkdet - ok
21:59:47.0656 3720 mferkdk - ok
21:59:47.0671 3720 [ A45D0C099A478DE5CBD0D6E8466BECD5 ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
21:59:47.0687 3720 mfetdik - ok
21:59:47.0734 3720 [ A64018CFFCB51F0D926F63ABEA14E8EE ] mfevtp C:\WINDOWS\system32\mfevtps.exe
21:59:47.0750 3720 mfevtp - ok
21:59:47.0781 3720 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:59:47.0953 3720 mnmdd - ok
21:59:47.0984 3720 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:59:48.0062 3720 mnmsrvc - ok
21:59:48.0109 3720 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:59:48.0203 3720 Modem - ok
21:59:48.0203 3720 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:59:48.0312 3720 Mouclass - ok
21:59:48.0343 3720 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:59:48.0437 3720 mouhid - ok
21:59:48.0468 3720 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:59:48.0546 3720 MountMgr - ok
21:59:48.0546 3720 mraid35x - ok
21:59:48.0562 3720 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:59:48.0656 3720 MRxDAV - ok
21:59:48.0687 3720 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:59:48.0734 3720 MRxSmb - ok
21:59:48.0781 3720 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:59:48.0890 3720 MSDTC - ok
21:59:48.0890 3720 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:59:48.0984 3720 Msfs - ok
21:59:48.0984 3720 MSIServer - ok
21:59:49.0015 3720 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:59:49.0109 3720 MSKSSRV - ok
21:59:49.0125 3720 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:59:49.0203 3720 MSPCLOCK - ok
21:59:49.0218 3720 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:59:49.0312 3720 MSPQM - ok
21:59:49.0343 3720 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:59:49.0421 3720 mssmbios - ok
21:59:49.0453 3720 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:59:49.0500 3720 Mup - ok
21:59:49.0531 3720 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:59:49.0640 3720 napagent - ok
21:59:49.0671 3720 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:59:49.0781 3720 NDIS - ok
21:59:49.0812 3720 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:59:49.0843 3720 NdisTapi - ok
21:59:49.0859 3720 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:59:49.0953 3720 Ndisuio - ok
21:59:49.0953 3720 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:59:50.0093 3720 NdisWan - ok
21:59:50.0125 3720 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:59:50.0156 3720 NDProxy - ok
21:59:50.0187 3720 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:59:50.0312 3720 NetBIOS - ok
21:59:50.0343 3720 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:59:50.0468 3720 NetBT - ok
21:59:50.0500 3720 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:59:50.0625 3720 NetDDE - ok
21:59:50.0640 3720 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:59:50.0765 3720 NetDDEdsdm - ok
21:59:50.0781 3720 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:59:50.0921 3720 Netlogon - ok
21:59:50.0953 3720 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:59:51.0078 3720 Netman - ok
21:59:51.0156 3720 [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:59:51.0312 3720 NETw3x32 - ok
21:59:51.0343 3720 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:59:51.0437 3720 NIC1394 - ok
21:59:51.0468 3720 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:59:51.0500 3720 Nla - ok
21:59:51.0531 3720 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:59:51.0609 3720 Npfs - ok
21:59:51.0625 3720 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:59:51.0828 3720 Ntfs - ok
21:59:51.0843 3720 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:59:51.0921 3720 NtLmSsp - ok
21:59:51.0968 3720 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:59:52.0062 3720 NtmsSvc - ok
21:59:52.0078 3720 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:59:52.0171 3720 Null - ok
21:59:52.0187 3720 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:59:52.0281 3720 NwlnkFlt - ok
21:59:52.0281 3720 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:59:52.0390 3720 NwlnkFwd - ok
21:59:52.0437 3720 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:59:52.0531 3720 ohci1394 - ok
21:59:52.0546 3720 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:59:52.0625 3720 Parport - ok
21:59:52.0656 3720 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:59:52.0734 3720 PartMgr - ok
21:59:52.0765 3720 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:59:52.0859 3720 ParVdm - ok
21:59:52.0890 3720 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:59:52.0984 3720 PCI - ok
21:59:53.0000 3720 PCIDump - ok
21:59:53.0015 3720 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:59:53.0109 3720 PCIIde - ok
21:59:53.0125 3720 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:59:53.0218 3720 Pcmcia - ok
21:59:53.0218 3720 PDCOMP - ok
21:59:53.0218 3720 PDFRAME - ok
21:59:53.0218 3720 PDRELI - ok
21:59:53.0234 3720 PDRFRAME - ok
21:59:53.0234 3720 perc2 - ok
21:59:53.0234 3720 perc2hib - ok
21:59:53.0265 3720 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:59:53.0265 3720 PlugPlay - ok
21:59:53.0281 3720 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:59:53.0359 3720 PolicyAgent - ok
21:59:53.0390 3720 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:59:53.0484 3720 PptpMiniport - ok
21:59:53.0500 3720 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:59:53.0578 3720 ProtectedStorage - ok
21:59:53.0609 3720 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:59:53.0703 3720 PSched - ok
21:59:53.0718 3720 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:59:53.0828 3720 Ptilink - ok
21:59:53.0828 3720 ql1080 - ok
21:59:53.0828 3720 Ql10wnt - ok
21:59:53.0828 3720 ql12160 - ok
21:59:53.0828 3720 ql1240 - ok
21:59:53.0843 3720 ql1280 - ok
21:59:53.0859 3720 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:59:53.0968 3720 RasAcd - ok
21:59:54.0000 3720 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:59:54.0109 3720 RasAuto - ok
21:59:54.0140 3720 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:59:54.0203 3720 Rasirda - ok
21:59:54.0218 3720 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:59:54.0328 3720 Rasl2tp - ok
21:59:54.0375 3720 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:59:54.0484 3720 RasMan - ok
21:59:54.0500 3720 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:59:54.0625 3720 RasPppoe - ok
21:59:54.0640 3720 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:59:54.0734 3720 Raspti - ok
21:59:54.0765 3720 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:59:54.0875 3720 Rdbss - ok
21:59:54.0890 3720 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:59:55.0000 3720 RDPCDD - ok
21:59:55.0031 3720 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:59:55.0125 3720 rdpdr - ok
21:59:55.0156 3720 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:59:55.0203 3720 RDPWD - ok
21:59:55.0234 3720 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:59:55.0343 3720 RDSessMgr - ok
21:59:55.0375 3720 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:59:55.0484 3720 redbook - ok
21:59:55.0515 3720 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:59:55.0609 3720 RemoteAccess - ok
21:59:55.0640 3720 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:59:55.0734 3720 RemoteRegistry - ok
21:59:55.0765 3720 [ 881EAC7D2000E19F109298BAECCE2499 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys
21:59:55.0796 3720 risdptsk - ok
21:59:55.0843 3720 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:59:55.0921 3720 RpcLocator - ok
21:59:55.0968 3720 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:59:55.0984 3720 RpcSs - ok
21:59:56.0062 3720 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:59:56.0156 3720 RSVP - ok
21:59:56.0171 3720 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:59:56.0250 3720 SamSs - ok
21:59:56.0281 3720 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:59:56.0421 3720 SCardSvr - ok
21:59:56.0468 3720 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:59:56.0593 3720 Schedule - ok
21:59:56.0625 3720 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:59:56.0765 3720 sdbus - ok
21:59:56.0781 3720 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:59:56.0906 3720 Secdrv - ok
21:59:56.0937 3720 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:59:57.0062 3720 seclogon - ok
21:59:57.0093 3720 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:59:57.0218 3720 SENS - ok
21:59:57.0234 3720 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:59:57.0343 3720 serenum - ok
21:59:57.0359 3720 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:59:57.0437 3720 Serial - ok
21:59:57.0468 3720 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:59:57.0562 3720 Sfloppy - ok
21:59:57.0593 3720 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:59:57.0703 3720 SharedAccess - ok
21:59:57.0718 3720 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:59:57.0734 3720 ShellHWDetection - ok
21:59:57.0734 3720 Simbad - ok
21:59:57.0765 3720 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:59:57.0812 3720 SMCIRDA - ok
21:59:57.0828 3720 Sparrow - ok
21:59:57.0843 3720 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:59:57.0937 3720 splitter - ok
21:59:57.0968 3720 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:59:58.0015 3720 Spooler - ok
21:59:58.0031 3720 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:59:58.0125 3720 sr - ok
21:59:58.0156 3720 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:59:58.0281 3720 srservice - ok
21:59:58.0296 3720 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:59:58.0343 3720 Srv - ok
21:59:58.0359 3720 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:59:58.0484 3720 SSDPSRV - ok
21:59:58.0515 3720 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:59:58.0640 3720 stisvc - ok
21:59:58.0687 3720 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:59:58.0781 3720 swenum - ok
21:59:58.0812 3720 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:59:58.0921 3720 swmidi - ok
21:59:58.0921 3720 SwPrv - ok
21:59:58.0937 3720 symc810 - ok
21:59:58.0937 3720 symc8xx - ok
21:59:58.0937 3720 sym_hi - ok
21:59:58.0953 3720 sym_u3 - ok
21:59:58.0984 3720 [ F8393BDFB6726A0F97DD23AA54F3087D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:59:59.0031 3720 SynTP - ok
21:59:59.0046 3720 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:59:59.0171 3720 sysaudio - ok
21:59:59.0218 3720 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:59:59.0359 3720 SysmonLog - ok
21:59:59.0390 3720 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:59:59.0531 3720 TapiSrv - ok
21:59:59.0562 3720 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:59:59.0625 3720 Tcpip - ok
21:59:59.0656 3720 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:59:59.0828 3720 TDPIPE - ok
21:59:59.0843 3720 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:59:59.0937 3720 TDTCP - ok
21:59:59.0953 3720 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:00:00.0046 3720 TermDD - ok
22:00:00.0078 3720 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
22:00:00.0187 3720 TermService - ok
22:00:00.0203 3720 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:00:00.0218 3720 Themes - ok
22:00:00.0250 3720 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:00:00.0343 3720 TlntSvr - ok
22:00:00.0359 3720 [ E362D54FD394999C4178936396664E57 ] toshidpt C:\WINDOWS\system32\drivers\Toshidpt.sys
22:00:00.0375 3720 toshidpt ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0375 3720 toshidpt - detected UnsignedFile.Multi.Generic (1)
22:00:00.0375 3720 TosIde - ok
22:00:00.0390 3720 [ B2842672056CA33F0A4AAB3E5CBBF181 ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
22:00:00.0406 3720 tosporte ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0406 3720 tosporte - detected UnsignedFile.Multi.Generic (1)
22:00:00.0421 3720 [ 926CA0B7FD2FA62D82C33B3117936070 ] Tosrfbd C:\WINDOWS\system32\Drivers\tosrfbd.sys
22:00:00.0437 3720 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0437 3720 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
22:00:00.0453 3720 [ 1AE2BA74B2A4F5A358B13FCD35258C30 ] Tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
22:00:00.0453 3720 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0453 3720 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
22:00:00.0468 3720 [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
22:00:00.0468 3720 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0468 3720 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
22:00:00.0468 3720 [ 5DBF390AAB62DD0D4D43A9278614E001 ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
22:00:00.0468 3720 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0468 3720 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
22:00:00.0484 3720 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
22:00:00.0500 3720 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0500 3720 tosrfnds - detected UnsignedFile.Multi.Generic (1)
22:00:00.0531 3720 [ AB6FD13D7EFA2634FA6BDF84C7EF0696 ] TosRfSnd C:\WINDOWS\system32\drivers\TosRfSnd.sys
22:00:00.0546 3720 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0546 3720 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
22:00:00.0562 3720 [ D870FD6CE9060B73289F47E88630EE0E ] Tosrfusb C:\WINDOWS\system32\Drivers\tosrfusb.sys
22:00:00.0578 3720 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
22:00:00.0578 3720 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
22:00:00.0609 3720 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:00:00.0718 3720 TrkWks - ok
22:00:00.0734 3720 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:00:00.0828 3720 Udfs - ok
22:00:00.0828 3720 ultra - ok
22:00:00.0875 3720 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:00:01.0015 3720 Update - ok
22:00:01.0046 3720 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:00:01.0156 3720 upnphost - ok
22:00:01.0187 3720 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
22:00:01.0296 3720 UPS - ok
22:00:01.0328 3720 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:00:01.0421 3720 usbccgp - ok
22:00:01.0453 3720 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:00:01.0546 3720 usbehci - ok
22:00:01.0578 3720 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:00:01.0656 3720 usbhub - ok
22:00:01.0687 3720 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:00:01.0781 3720 USBSTOR - ok
22:00:01.0812 3720 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:00:01.0906 3720 usbuhci - ok
22:00:01.0937 3720 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:00:02.0015 3720 VgaSave - ok
22:00:02.0031 3720 ViaIde - ok
22:00:02.0046 3720 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:00:02.0140 3720 VolSnap - ok
22:00:02.0171 3720 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
22:00:02.0296 3720 VSS - ok
22:00:02.0312 3720 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
22:00:02.0406 3720 W32Time - ok
22:00:02.0421 3720 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:00:02.0531 3720 Wanarp - ok
22:00:02.0531 3720 WDICA - ok
22:00:02.0546 3720 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:00:02.0640 3720 wdmaud - ok
22:00:02.0671 3720 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:00:02.0765 3720 WebClient - ok
22:00:02.0828 3720 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:00:02.0921 3720 winmgmt - ok
22:00:02.0953 3720 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:00:02.0984 3720 WmdmPmSN - ok
22:00:03.0015 3720 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:00:03.0062 3720 Wmi - ok
22:00:03.0093 3720 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:00:03.0265 3720 WmiApSrv - ok
22:00:03.0359 3720 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
22:00:03.0484 3720 WMPNetworkSvc - ok
22:00:03.0515 3720 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:00:03.0625 3720 wscsvc - ok
22:00:03.0625 3720 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:00:03.0718 3720 wuauserv - ok
22:00:03.0750 3720 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:00:03.0796 3720 WudfPf - ok
22:00:03.0828 3720 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:00:03.0843 3720 WudfRd - ok
22:00:03.0859 3720 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:00:03.0906 3720 WudfSvc - ok
22:00:03.0953 3720 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:00:04.0109 3720 WZCSVC - ok
22:00:04.0140 3720 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:00:04.0218 3720 xmlprov - ok
22:00:04.0250 3720 [ 05D48E56EA2612D39A4E7F0ECC17B917 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:00:04.0296 3720 yukonwxp - ok
22:00:04.0312 3720 ================ Scan global ===============================
22:00:04.0343 3720 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:00:04.0375 3720 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:00:04.0375 3720 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:00:04.0390 3720 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:00:04.0406 3720 [Global] - ok
22:00:04.0406 3720 ================ Scan MBR ==================================
22:00:04.0406 3720 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
22:00:04.0703 3720 \Device\Harddisk0\DR0 - ok
22:00:04.0703 3720 ================ Scan VBR ==================================
22:00:04.0703 3720 [ CF209E8CB9A7DA0000CF044EFD9A4452 ] \Device\Harddisk0\DR0\Partition1
22:00:04.0703 3720 \Device\Harddisk0\DR0\Partition1 - ok
22:00:04.0734 3720 [ 8A54120711D44F92A7489803D73E69CE ] \Device\Harddisk0\DR0\Partition2
22:00:04.0734 3720 \Device\Harddisk0\DR0\Partition2 - ok
22:00:04.0734 3720 ============================================================
22:00:04.0734 3720 Scan finished
22:00:04.0734 3720 ============================================================
22:00:04.0843 2968 Detected object count: 12
22:00:04.0843 2968 Actual detected object count: 12
22:00:36.0828 2968 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0828 2968 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0828 2968 BtnHnd ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0828 2968 BtnHnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0828 2968 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0828 2968 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:36.0843 2968 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:36.0843 2968 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.12.2012, 11:08
| #4 |
| | Google links führen auf falsche Seiten Hallo, das ist schon das richtige Teil was wir erwischt haben (die Filesize stimmt nicht, die originale hat um die 400kb)... Das Teil verhindert den upload/scannen. Superantispyware hat es erkannt, ist die Frage ob es erfolgreich eliminiert werden konnte, daher folgendes OTL-Script abfahren, Log posten und bitte ein neues LOG erstellen und posten... OTL:
 Code:
ATTFilter :OTL
[2012.12.11 13:17:27 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\ieapfltre.dll
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
19.12.2012, 16:59
| #5 |
| | Google links führen auf falsche Seiten Hallo Chris, danke für deine Hilfe. Hier wie gefordert das Logfile nach dem Fix: Code:
ATTFilter All processes killed
========== OTL ==========
C:\WINDOWS\system32\ieapfltre.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 31591431 bytes
->Temporary Internet Files folder emptied: 13465418 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ****
->Temp folder emptied: 6902664 bytes
->Temporary Internet Files folder emptied: 20811115 bytes
->Java cache emptied: 46959637 bytes
->Google Chrome cache emptied: 10426233 bytes
->Flash cache emptied: 419 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
%systemdrive% .tmp files removed: 242340881 bytes
%systemroot% .tmp files removed: 2503692 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 135157391 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 487,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 12192012_164554
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 19.12.2012 16:49:43 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\******\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,98 Mb Total Physical Memory | 511,75 Mb Available Physical Memory | 50,47% Memory free 2,38 Gb Paging File | 2,02 Gb Available in Paging File | 84,77% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,70 Gb Total Space | 14,29 Gb Free Space | 55,61% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 46,41 Gb Free Space | 95,05% Space Free | Partition Type: NTFS Computer Name: BRUNO-5E8548D68 | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\******\Desktop\OTL.exe PRC - [2012.09.17 12:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2009.08.31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2009.08.31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2008.03.14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe PRC - [2007.10.25 14:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe PRC - [2006.11.17 14:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2006.07.05 10:57:16 | 000,118,784 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\PSUtility\TrayManager.exe PRC - [2006.04.07 16:36:00 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2006.04.07 15:37:00 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2006.02.06 22:00:00 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2006.01.27 17:17:00 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2006.01.23 20:47:00 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2005.12.05 15:50:00 | 002,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2005.10.12 11:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2005.09.09 23:12:40 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2005.07.21 13:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe PRC - [2005.07.21 13:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe PRC - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2009.04.27 22:49:26 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2008.03.14 04:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll MOD - [2005.07.22 20:30:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll MOD - [2004.10.14 09:18:00 | 000,040,960 | ---- | M] () -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll MOD - [2004.07.20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2009.08.31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2005.10.12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) SRV - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2009.08.31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.08.31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.08.31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009.08.31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009.08.31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009.08.31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2006.07.06 07:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006.06.29 12:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.04.17 08:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.04.13 19:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2006.03.16 09:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2006.03.15 09:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) DRV - [2006.02.24 00:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006.02.10 10:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2006.02.08 16:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid) DRV - [2005.10.18 20:08:50 | 000,033,280 | ---- | M] (REDC) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk) DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.07.21 13:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd) DRV - [2005.07.11 17:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt) DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004.10.18 14:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1) DRV - [2004.01.17 20:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001.08.01 20:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=13F832B5-832C-488C-A0D3-699DC579DFE6&apn_sauid=F62B5524-BF7B-4869-8139-FB6695FDED67 IE - HKCU\..\SearchScopes\{208E5592-DDCC-4C43-8506-ED885E532611}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] c:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217401535390 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC11B496-896B-4D31-BDCE-9A8BBF1BE108}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\FJWSEL: DllName - (FJWSWNP.dll) - C:\WINDOWS\System32\FJWSWNP.dll (FUJITSU LIMITED) O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.29 07:32:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell - "" = AutoRun O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{260d52fb-9fd9-11df-a73f-001b779a7a7d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 16:45:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.18 21:58:31 | 000,000,000 | ---D | C] -- C:\tdsskiller [2012.12.18 20:46:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\******\Eigene Dateien\Downloads [2012.12.18 08:34:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\******\Desktop\OTL.exe [2012.12.17 21:47:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\******\Recent [2012.12.17 21:21:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.12.17 20:16:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Malwarebytes [2012.12.17 20:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.12.17 20:16:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.12.17 20:16:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.12.17 20:16:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.12.17 20:15:12 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\******\Desktop\gert.exe [2012.12.12 18:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.12.12 18:45:30 | 000,763,448 | ---- | C] (Google Inc.) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\ChromeSetup.exe [2012.12.12 17:27:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\******\IECompatCache [2012.12.12 17:25:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\******\PrivacIE [2012.12.12 17:22:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\******\IETldCache [2012.12.12 17:18:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2012.12.12 17:16:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2012.12.12 17:15:00 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012.12.12 17:12:25 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2012.12.12 17:10:30 | 017,010,016 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\IE8-WindowsXP-x86-DEU.exe [2012.12.12 10:11:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Ahead ========== Files - Modified Within 30 Days ========== [2012.12.19 16:53:03 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.12.19 16:50:04 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.19 16:49:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.19 16:48:21 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.19 16:48:14 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\ebtxeqrmt.job [2012.12.19 16:48:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.19 16:48:10 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys [2012.12.19 16:46:01 | 000,408,480 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.19 16:46:01 | 000,397,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.19 16:46:01 | 000,068,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.19 16:46:01 | 000,057,864 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.19 16:43:57 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job [2012.12.18 09:05:02 | 000,278,161 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\gmer1015.zip [2012.12.18 08:34:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\******\defogger_reenable [2012.12.18 08:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\******\Desktop\OTL.exe [2012.12.18 08:28:22 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\Defogger.exe [2012.12.17 21:21:30 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.12.17 20:16:20 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 19:48:32 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\******\Desktop\gert.exe [2012.12.12 18:46:56 | 000,001,775 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\Google Chrome.lnk [2012.12.12 18:45:37 | 000,763,448 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\ChromeSetup.exe [2012.12.12 17:10:35 | 017,010,016 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\******\Eigene Dateien\IE8-WindowsXP-x86-DEU.exe [2012.12.12 10:09:07 | 000,002,531 | ---- | M] () -- C:\Dokumente und Einstellungen\******\Desktop\Microsoft PowerPoint.lnk [2012.12.12 09:53:09 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.12.18 09:05:46 | 000,278,161 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Desktop\gmer1015.zip [2012.12.18 08:34:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\******\defogger_reenable [2012.12.18 08:34:09 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Desktop\Defogger.exe [2012.12.17 21:21:30 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.12.17 20:16:20 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.12 18:46:56 | 000,001,775 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Desktop\Google Chrome.lnk [2012.12.12 18:45:46 | 000,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.12 18:45:45 | 000,001,108 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.12 17:27:46 | 000,000,442 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8BABF1A8-644A-4852-9460-90FC27F03E2A}.job [2012.12.11 13:17:27 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\ebtxeqrmt.job [2012.02.16 11:43:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.12 08:47:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.03.01 12:24:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\capictrl.INI [2008.07.29 07:42:54 | 000,000,150 | ---- | C] () -- C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.07.29 07:42:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
20.12.2012, 08:18
| #6 |
| | Google links führen auf falsche Seiten Hi, wie verhält sich der Rechner, sind noch Umleitungen da? chris
__________________ --> Google links führen auf falsche Seiten |
|
20.12.2012, 10:39
| #7 |
| | Google links führen auf falsche Seiten Hallo Chris, der Rechner verhält sich wieder völlig normal. Danke für die Hilfe. Ist der Fall damit abgeschlossen? MfG Stephan |
|
20.12.2012, 11:06
| #8 |
| | Google links führen auf falsche Seiten Hi, im Prinzip ja, man könnte noch die Askbar runterschmeissen und wir löschen noch die Backups von OTL (da hängt das kleine Tierchen noch ab... ;o)... Falls der Rechner einwandfrei läuft, können die Backups der Bereinigungstools gelöscht werden (soweit vorhanden):
Schöne Weihnacht&guten Rutsch noch, chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Google links führen auf falsche Seiten |
| adobe, bho, browser, einstellungen, error, firefox, format, ftp, google, helper, homepage, installation, logfile, object, plug-in, problem, realtek, registry, required, rundll, security, seiten, software, temp, win32k.sys, windows, windows xp |
Linear-Darstellung
