| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET OnlinescannerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.12.2012, 18:31
| #1 |
 |  a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner guten Abend, wie schon im Betreff beschrieben, hat der Onlinescanner ESET diesen Trojaner gefunden. Was soll ich bitte tun? MBAM hat im Vollscan nichts gefunden. (vorher geupdated) C:\Dokumente und Einstellungen\********\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23\332017-15b0bdf3 a variant of Java/Exploit.CVE-2012-5076.Q trojan windows xp, java und adobe flash player aktuell |
|
19.12.2012, 18:36
| #2 |
| /// Malware-holic   | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner Hi
__________________gibts einen Grund, warum du die Scanner hast laufen lassen? Öffne Malwarebytes, Logdateien, poste Logs mit Funden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
19.12.2012, 18:42
| #3 |
| | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner nein, nicht direkt. Es ist aber so, wenn ich bei xp das passwort eingegeben habe das es dann 7-8 flakert auf dem Bildschirm. MBAM was als Hintergrundwächter neben security essentials läuft, hat nie angeschlagen.
__________________hier bitte der mbam log von eben. Danach werde ich den Rest abarbeiten. Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 **** :: **** [Administrator] Schutz: Aktiviert 19.12.2012 18:02:51 mbam-log-2012-12-19 (18-02-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243646 Laufzeit: 23 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.12.2012, 18:45
| #4 |
| /// Malware-holic | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner Ich wollte nicht den Log von eben, oben stehts doch eig deutlich da, ich möchte Logs, falls vorhanden, in denen es Funde gab.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 19:14
| #5 |
| | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner ok, Mißverständnis. Logs mit Funden habe ich nur dies hier: C:\Dokumente und Einstellungen\petermarkus\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23\332017-15b0bdf3 a variant of Java/Exploit.CVE-2012-5076.Q trojan hier bitte OTL.txt Code:
ATTFilter OTL logfile created on: 19.12.2012 18:48:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,04 Mb Total Physical Memory | 516,83 Mb Available Physical Memory | 50,97% Memory free 2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,39% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 45,37 Gb Free Space | 81,16% Space Free | Partition Type: NTFS Drive D: | 54,43 Gb Total Space | 54,23 Gb Free Space | 99,64% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.19 18:46:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe PRC - [2012.11.08 20:56:08 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.10.25 23:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.09.13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Programme\UPHClean\uphclean.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.25 17:11:08 | 000,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2007.07.25 16:42:46 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007.04.17 00:06:06 | 000,372,825 | ---- | M] (Atheros Communications, Inc.) -- C:\Programme\Atheros\ACU.exe PRC - [2007.04.17 00:05:46 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe PRC - [2006.10.19 13:03:06 | 000,233,472 | ---- | M] () -- C:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe ========== Modules (No Company Name) ========== MOD - [2009.08.10 08:07:46 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssp7ml3.dll MOD - [2008.04.14 06:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.10.19 13:03:06 | 000,233,472 | ---- | M] () -- C:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (de_serv) SRV - [2012.12.04 15:17:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.08 20:56:08 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2010.09.13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean) SRV - [2007.07.25 17:11:08 | 000,009,216 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.07.25 16:42:46 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2007.04.17 00:05:46 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2006.10.19 13:03:06 | 000,233,472 | ---- | M] () [Auto | Running] -- C:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | System | Stopped] -- C:\DOKUME~1\\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\\LOKALE~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM) DRV - File not found [Kernel | System | Stopped] -- C:\DOKUME~1\\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2008.06.19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2007.07.25 17:18:26 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.07.25 17:17:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.07.25 17:11:08 | 001,161,888 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.07.25 16:42:54 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) DRV - [2007.04.05 06:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2007.03.28 18:52:20 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2007.03.01 11:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser) DRV - [2007.03.01 11:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) DRV - [2006.06.22 15:27:12 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav) DRV - [2005.11.30 09:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.10.03 15:55:30 | 000,020,992 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MtxIicKrnlNT.sys -- (MtxIic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oeral.be/index.php?nav=stations&stationid=55 IE - HKCU\..\SearchScopes,DefaultScope = {1B2DBFCC-C987-464A-8A7C-E5959D8E1251} IE - HKCU\..\SearchScopes\{1B2DBFCC-C987-464A-8A7C-E5959D8E1251}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: %7B1acd747e-8470-11db-96a9-00e08161165f%7D:6.3.7.117 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3 FF - prefs.js..extensions.enabledAddons: %7Bd37dc5d0-431d-44e5-8c91-49419370caa1%7D:3.1.26 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.8 FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:6.2.1.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.7 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.9.35 FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.04 15:17:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.04 15:16:13 | 000,000,000 | ---D | M] [2008.09.10 21:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Extensions [2012.12.05 21:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions [2012.12.05 21:17:24 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2009.07.01 14:07:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2012.04.16 22:09:34 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2009.07.01 14:09:07 | 000,000,000 | ---D | M] ("Split Browser [de]") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}(2) [2009.05.02 14:17:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2009.07.01 14:06:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3) [2010.02.05 18:26:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(4 [2010.05.27 12:25:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(5) [2010.02.05 18:26:08 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2) [2010.12.13 13:11:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2012.12.05 21:17:23 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2009.07.01 14:09:39 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}(2) [2010.05.27 12:25:24 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}(3) [2009.02.27 02:46:06 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2) [2010.01.30 21:45:56 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(3) [2010.05.27 12:25:03 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{dc572301-7619-498c-a57d-39143191b318}(2) [2010.01.30 21:46:08 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\cfxe@Triton(2) [2010.01.30 21:46:07 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\cfxHelper@Triton(3) [2009.07.01 14:06:35 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\chromifox@altmusictv(2).com [2010.05.27 12:25:17 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\optimizegoogle@optimizegoogle(2).com [2009.05.02 14:17:50 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\support@lastpass(2).com [2012.12.18 18:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions [2012.12.12 15:18:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.05.05 10:01:31 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2012.05.05 10:01:29 | 000,000,000 | ---D | M] ("Split Browser [de]") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}(2) [2012.05.05 10:01:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2012.05.05 10:01:28 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3) [2012.05.05 10:01:28 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(4) [2012.05.05 10:01:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(5) [2012.05.05 10:01:27 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2) [2012.05.05 10:01:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2012.09.20 14:38:30 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2012.05.05 10:01:16 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}(2) [2012.05.05 10:01:13 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}(3) [2012.05.05 10:01:12 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2) [2012.05.05 10:01:12 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(3) [2012.05.05 10:01:12 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{dc572301-7619-498c-a57d-39143191b318}(2) [2012.05.05 10:01:34 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\cfxe@Triton(2) [2012.05.05 10:01:33 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\cfxHelper@Triton(3) [2012.05.05 10:01:33 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\chromifox@altmusictv(2).com [2012.05.05 10:01:33 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\optimizegoogle@optimizegoogle(2).com [2012.05.05 10:01:32 | 000,000,000 | ---D | M] (LastPass) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\support@lastpass(2).com [2012.12.05 21:17:24 | 000,163,080 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\status4evar@caligonstudios.com.xpi [2012.12.05 21:02:29 | 000,531,070 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.05 21:17:23 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.21 21:23:05 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.12.05 20:56:14 | 000,710,866 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.07.09 08:44:03 | 000,163,080 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\status4evar@caligonstudios.com.xpi [2012.12.18 18:20:46 | 000,532,971 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.23 17:10:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.21 21:23:05 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.12.01 01:17:17 | 000,710,866 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\vc6ngeyo.Standard-Benutzer\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2009.11.15 17:43:19 | 000,001,755 | ---- | M] () -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Profiles\oi7sp5sf.default\searchplugins\leo-deu-fra.xml [2012.12.04 15:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.04 15:17:12 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.10 08:11:40 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 19:05:13 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\crawlersrch.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.02 17:14:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [ACU] C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.) O4 - HKLM..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.) O4 - HKLM..\Run: [Matrox PowerDesk SE] C:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.) O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA1E623-E2B6-45D3-BEA9-0462F245A2AF}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.08.16 21:02:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "de_serv" MsConfig - Services: "idsvc" MsConfig - Services: "IDriverT" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk - Reg Error: Value error. - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^^Startmenü^Programme^Autostart^Check for TWS Updates.lnk - Reg Error: Value error. - File not found MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () MsConfig - State: "system.ini" - 1 MsConfig - State: "win.ini" - 1 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 15:32:17 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.12.19 00:23:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\\Recent [2012.12.04 15:16:11 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.11.30 20:29:55 | 000,000,000 | ---D | C] -- C:\Programme\UPHClean [2012.11.21 14:34:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\\Eigene Dateien\Bewerbungen alt [2006.12.12 10:13:20 | 000,032,768 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EBLib.dll [2006.07.28 15:25:26 | 000,019,456 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LPCFilter.sys [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.19 13:10:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.19 13:10:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.15 15:19:41 | 000,106,496 | ---- | M] () -- C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.12 12:17:26 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.10 17:40:08 | 001,038,211 | ---- | M] () -- C:\Dokumente und Einstellungen\\Desktop [2012.11.29 21:19:32 | 003,588,420 | ---- | M] () -- C:\Dokumente und Einstellungen\\Desktop\r.pdf [2012.11.29 15:33:36 | 000,021,874 | ---- | M] () -- C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.11.23 14:14:42 | 000,158,891 | ---- | M] () -- C:\Dokumente und Einstellungen\\Desktop\mc_anmeldung.pdf [2012.11.20 21:46:26 | 004,262,819 | ---- | M] () -- C:\Dokumente und Einstellungen\\Desktop\Krxx.pdf [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.10 17:23:22 | 001,038,211 | ---- | C] () -- C:\Dokumente und Einstellungen\\Desktop\ [2012.11.29 21:19:27 | 003,588,420 | ---- | C] () -- C:\Dokumente und Einstellungen\\Desktop\ [2012.11.29 15:33:36 | 000,021,874 | ---- | C] () -- C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.11.23 14:14:41 | 000,158,891 | ---- | C] () -- C:\Dokumente und Einstellungen\\Desktop [2012.11.20 21:46:26 | 004,262,819 | ---- | C] () -- C:\Dokumente und Einstellungen\\Desktop [2012.08.03 14:35:40 | 000,000,110 | ---- | C] () -- C:\Dokumente und Einstellungen\\Anwendungsdaten\kpref [2012.02.16 23:13:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.08.20 10:50:56 | 000,189,543 | ---- | C] () -- C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\census.cache [2011.08.20 10:50:46 | 000,162,455 | ---- | C] () -- C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\ars.cache [2011.05.12 15:25:41 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp7ml3.dll [2011.05.12 14:42:20 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011.01.17 17:04:31 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2008.06.22 17:59:58 | 000,000,008 | RH-- | C] () -- C:\Dokumente und Einstellungen\\hwid [2007.10.25 17:25:00 | 000,106,496 | ---- | C] () -- C:\Dokumente und Einstellungen\\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.16 22:40:10 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ========== ZeroAccess Check ========== [2007.10.25 12:06:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2007.11.28 14:53:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox Graphics Inc [2011.02.15 16:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2010.05.27 12:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI(2) [2008.09.07 19:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2007.08.16 22:44:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vista64 [2010.02.03 22:58:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.01.13 19:13:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009.09.01 15:29:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Auslogics [2012.01.15 17:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwendungsdaten\Belastingdienst [2012.10.11 15:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Foxit Software [2012.07.26 15:02:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Greenshot [2012.10.14 18:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\NetSpeedMonitor [2012.07.10 16:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Oracle [2012.10.20 15:28:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\SumatraPDF [2011.09.21 10:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\Thunderbird [2007.08.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\toshiba [2008.04.08 10:05:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\\Anwendungsdaten\tradesignal ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.02.19 17:56:49 | 000,000,000 | RHSD | M] -- C:\cmdcons [2012.02.19 18:45:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2012.12.19 15:32:17 | 000,000,000 | R--D | M] -- C:\Programme [2011.09.02 17:43:58 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.09.03 12:03:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.17 16:40:48 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 06:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 06:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 06:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 06:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 06:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 06:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 06:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2007.08.16 21:00:07 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2007.08.16 21:08:26 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2010.01.13 19:45:50 | 000,032,572 | ---- | C] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT < MD5 for: AGP440.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.08.16 22:38:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2007.08.16 22:38:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2007.08.16 22:38:04 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2008.06.22 17:59:58 | 000,000,008 | RH-- | M] () -- C:\Dokumente und Einstellungen\\hwid [2012.12.19 00:24:01 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\\ntuser.dat [2012.12.19 18:49:37 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\\ntuser.dat.LOG [2010.01.16 19:57:00 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\\ntuser.dat.tmp.LOG [2010.01.13 19:44:59 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\\NTUSER.DAT_tureg_new.LOG [2012.12.19 00:24:01 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\\ntuser.ini [2009.11.15 18:34:02 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\\ntuser.tmp.LOG < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 < End of report > und extras.txt Code:
ATTFilter OTL Extras logfile created on: 19.12.2012 18:48:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,04 Mb Total Physical Memory | 516,83 Mb Available Physical Memory | 50,97% Memory free
2,39 Gb Paging File | 1,94 Gb Available in Paging File | 81,39% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 45,37 Gb Free Space | 81,16% Space Free | Partition Type: NTFS
Drive D: | 54,43 Gb Total Space | 54,23 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Computer Name: DAN | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" = C:\Programme\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0FD9A6A9-6784-4937-A685-05DB3C6A1EBA}" = Matrox DualHead2Go
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{1D2EBDC8-0A91-4DF7-9730-AC8282A13CDF}" = Matrox PowerDesk-SE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7D15B945-2725-4443-AB3F-D900556612FE}" = User Profile Hive Cleanup Service
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"GIMP-2_is1" = GIMP 2.8.2
"Greenshot_is1" = Greenshot
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung ML-1660 Series" = Wartung Samsung ML-1660 Series
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"xp-AntiSpy" = xp-AntiSpy 3.98-1
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.06.2012 14:05:15 | Computer Name = DAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pdf24-editor.exe, Version 4.6.0.0, fehlgeschlagenes
Modul pdf24-editor.exe, Version 4.6.0.0, Fehleradresse 0x00008f29.
Error - 19.06.2012 03:30:33 | Computer Name = DAN | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 80080005 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 19.06.2012 03:30:33 | Computer Name = DAN | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 26.06.2012 09:40:34 | Computer Name = DAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pdfqr.exe, Version 4.2.4.0, fehlgeschlagenes
Modul pdfqr.exe, Version 4.2.4.0, Fehleradresse 0x00096aa5.
Error - 04.09.2012 09:37:52 | Computer Name = DAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pdf24-editor.exe, Version 4.6.0.0, fehlgeschlagenes
Modul pdf24-editor.exe, Version 4.6.0.0, Fehleradresse 0x0002d735.
Error - 04.10.2012 10:05:56 | Computer Name = DAN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.
Error - 20.10.2012 09:21:53 | Computer Name = DAN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 17.11.2012 14:26:06 | Computer Name = DAN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 08.12.2012 19:16:25 | Computer Name = DAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 4.2.0.187, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 19.12.2012 10:31:15 | Computer Name = DAN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
[ System Events ]
Error - 17.12.2012 11:55:02 | Computer Name = DAN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
Error - 17.12.2012 18:07:26 | Computer Name = DAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.12.2012 18:07:26 | Computer Name = DAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.12.2012 18:07:28 | Computer Name = DAN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
Error - 18.12.2012 07:38:35 | Computer Name = DAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.12.2012 07:38:35 | Computer Name = DAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.12.2012 07:38:37 | Computer Name = DAN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
Error - 19.12.2012 08:10:37 | Computer Name = DAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.12.2012 08:10:37 | Computer Name = DAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.12.2012 08:10:41 | Computer Name = DAN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
< End of report >
Geändert von hansi9999 (19.12.2012 um 19:54 Uhr) |
|
19.12.2012, 19:16
| #6 |
| | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner das mit dem trojan fund habe ich vom Eset Scan Geändert von hansi9999 (19.12.2012 um 19:18 Uhr) Grund: doppelpost |
|
19.12.2012, 19:18
| #7 |
| /// Malware-holic | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner das ist von Eset, meine Frage war,obs Malwarebytes logs mit Funden gibt, n bissel mehr mühe geben beim lesen bitte, so muss man nicht alles 3mal fragen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 19:22
| #8 |
| | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner nein, vom mbam gibt es keine logs mit funden. der einzige, der etwas gefunden hat war Eset heute |
|
19.12.2012, 19:31
| #9 |
| /// Malware-holic | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 20:21
| #10 |
| | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner hallo, ich habe es 2x versucht. Beim letzten Mal 20 Minuten gewartet, aber es ist nichts passiert. Sobald ich auf fix klicke, kommt die Sanduhr und unten von otl auf der taskleiste kommt..killing blabla und irgendwas mit interrupt. |
|
19.12.2012, 20:22
| #11 |
| /// Malware-holic | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner Was heißt irgendwas? Damit kann man nichts anfangen, bitte Meldungen immer genau posten, danke.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 21:10
| #12 | |
| | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET OnlinescannerZitat:
unten auf der otl leiste steht..killing processes. do not interrupt und dann passiert die nächsten 20 Minuten überhaupt nichts. Man kann den Laptop weder runterfahren noch mit strg entf etwas machen..also nur mit dem an aus knopf abwürgen |
|
20.12.2012, 13:41
| #13 |
| /// Malware-holic | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner Ok, dann erst mal folgenes bitte: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.12.2012, 15:19
| #14 |
| | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET OnlinescannerCode:
ATTFilter 15:30:41.0968 3120 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:30:42.0109 3120 ============================================================
15:30:42.0109 3120 Current date / time: 2012/12/20 15:30:42.0109
15:30:42.0109 3120 SystemInfo:
15:30:42.0109 3120
15:30:42.0109 3120 OS Version: 5.1.2600 ServicePack: 3.0
15:30:42.0109 3120 Product type: Workstation
15:30:42.0109 3120 ComputerName: annabk
15:30:42.0109 3120 UserName: anna
15:30:42.0109 3120 Windows directory: C:\WINDOWS
15:30:42.0109 3120 System windows directory: C:\WINDOWS
15:30:42.0109 3120 Processor architecture: Intel x86
15:30:42.0109 3120 Number of processors: 2
15:30:42.0109 3120 Page size: 0x1000
15:30:42.0109 3120 Boot type: Normal boot
15:30:42.0109 3120 ============================================================
15:30:43.0750 3120 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:30:43.0750 3120 ============================================================
15:30:43.0750 3120 \Device\Harddisk0\DR0:
15:30:43.0750 3120 MBR partitions:
15:30:43.0750 3120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6FCA000
15:30:43.0750 3120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72B8800, BlocksNum 0x6CDC000
15:30:43.0750 3120 ============================================================
15:30:43.0796 3120 C: <-> \Device\Harddisk0\DR0\Partition1
15:30:43.0843 3120 D: <-> \Device\Harddisk0\DR0\Partition2
15:30:43.0843 3120 ============================================================
15:30:43.0843 3120 Initialize success
15:30:43.0843 3120 ============================================================
15:30:50.0671 2244 ============================================================
15:30:50.0671 2244 Scan started
15:30:50.0671 2244 Mode: Manual; SigCheck; TDLFS;
15:30:50.0671 2244 ============================================================
15:30:51.0062 2244 ================ Scan system memory ========================
15:30:51.0062 2244 System memory - ok
15:30:51.0062 2244 ================ Scan services =============================
15:30:51.0140 2244 Abiosdsk - ok
15:30:51.0156 2244 abp480n5 - ok
15:30:51.0203 2244 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:30:51.0453 2244 ACPI - ok
15:30:51.0468 2244 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:30:51.0593 2244 ACPIEC - ok
15:30:51.0640 2244 [ A3E3552E9E99E9A690A12A25973EF30A ] ACS C:\WINDOWS\system32\acs.exe
15:30:51.0671 2244 ACS ( UnsignedFile.Multi.Generic ) - warning
15:30:51.0671 2244 ACS - detected UnsignedFile.Multi.Generic (1)
15:30:51.0687 2244 adpu160m - ok
15:30:51.0703 2244 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:30:51.0828 2244 aec - ok
15:30:51.0875 2244 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:30:51.0906 2244 AFD - ok
15:30:51.0937 2244 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
15:30:51.0968 2244 AgereModemAudio - ok
15:30:52.0031 2244 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:30:52.0093 2244 AgereSoftModem - ok
15:30:52.0109 2244 Aha154x - ok
15:30:52.0109 2244 aic78u2 - ok
15:30:52.0125 2244 aic78xx - ok
15:30:52.0140 2244 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:30:52.0265 2244 Alerter - ok
15:30:52.0296 2244 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
15:30:52.0359 2244 ALG - ok
15:30:52.0359 2244 AliIde - ok
15:30:52.0375 2244 amsint - ok
15:30:52.0437 2244 [ 78E15866BEFE8B940046C36BA92F9EB6 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
15:30:52.0468 2244 AR5211 - ok
15:30:52.0500 2244 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:30:52.0625 2244 Arp1394 - ok
15:30:52.0625 2244 asc - ok
15:30:52.0640 2244 asc3350p - ok
15:30:52.0640 2244 asc3550 - ok
15:30:52.0718 2244 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:30:52.0718 2244 aspnet_state - ok
15:30:52.0734 2244 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:30:52.0859 2244 AsyncMac - ok
15:30:52.0890 2244 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:30:53.0000 2244 atapi - ok
15:30:53.0000 2244 Atdisk - ok
15:30:53.0031 2244 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:30:53.0140 2244 Atmarpc - ok
15:30:53.0187 2244 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:30:53.0312 2244 AudioSrv - ok
15:30:53.0328 2244 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:30:53.0453 2244 audstub - ok
15:30:53.0484 2244 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:30:53.0609 2244 Beep - ok
15:30:53.0640 2244 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
15:30:53.0765 2244 BITS - ok
15:30:53.0812 2244 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
15:30:53.0828 2244 Browser - ok
15:30:53.0859 2244 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:30:53.0984 2244 cbidf2k - ok
15:30:54.0000 2244 cd20xrnt - ok
15:30:54.0015 2244 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:30:54.0140 2244 Cdaudio - ok
15:30:54.0171 2244 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:30:54.0312 2244 Cdfs - ok
15:30:54.0343 2244 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:30:54.0468 2244 Cdrom - ok
15:30:54.0531 2244 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
15:30:54.0562 2244 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
15:30:54.0562 2244 CFSvcs - detected UnsignedFile.Multi.Generic (1)
15:30:54.0562 2244 Changer - ok
15:30:54.0593 2244 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:30:54.0718 2244 CiSvc - ok
15:30:54.0734 2244 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:30:54.0843 2244 ClipSrv - ok
15:30:54.0890 2244 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:54.0906 2244 clr_optimization_v2.0.50727_32 - ok
15:30:54.0921 2244 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:30:55.0046 2244 CmBatt - ok
15:30:55.0046 2244 CmdIde - ok
15:30:55.0062 2244 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:30:55.0187 2244 Compbatt - ok
15:30:55.0203 2244 COMSysApp - ok
15:30:55.0203 2244 Cpqarray - ok
15:30:55.0250 2244 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:30:55.0375 2244 CryptSvc - ok
15:30:55.0375 2244 dac2w2k - ok
15:30:55.0390 2244 dac960nt - ok
15:30:55.0437 2244 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:30:55.0500 2244 DcomLaunch - ok
15:30:55.0500 2244 DgiVecp - ok
15:30:55.0546 2244 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:30:55.0671 2244 Dhcp - ok
15:30:55.0671 2244 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:30:55.0796 2244 Disk - ok
15:30:55.0812 2244 dmadmin - ok
15:30:55.0859 2244 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:30:56.0000 2244 dmboot - ok
15:30:56.0015 2244 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:30:56.0140 2244 dmio - ok
15:30:56.0171 2244 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:30:56.0281 2244 dmload - ok
15:30:56.0312 2244 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:30:56.0453 2244 dmserver - ok
15:30:56.0468 2244 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:30:56.0609 2244 DMusic - ok
15:30:56.0640 2244 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:30:56.0671 2244 Dnscache - ok
15:30:56.0687 2244 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:30:56.0812 2244 Dot3svc - ok
15:30:56.0812 2244 dpti2o - ok
15:30:56.0843 2244 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:30:56.0968 2244 drmkaud - ok
15:30:56.0984 2244 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:30:57.0109 2244 EapHost - ok
15:30:57.0125 2244 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:30:57.0265 2244 ERSvc - ok
15:30:57.0281 2244 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
15:30:57.0328 2244 Eventlog - ok
15:30:57.0359 2244 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
15:30:57.0390 2244 EventSystem - ok
15:30:57.0421 2244 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:30:57.0546 2244 Fastfat - ok
15:30:57.0578 2244 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:30:57.0625 2244 FastUserSwitchingCompatibility - ok
15:30:57.0640 2244 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:30:57.0750 2244 Fdc - ok
15:30:57.0765 2244 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:30:57.0890 2244 Fips - ok
15:30:57.0890 2244 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:30:58.0000 2244 Flpydisk - ok
15:30:58.0046 2244 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:30:58.0156 2244 FltMgr - ok
15:30:58.0218 2244 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:30:58.0234 2244 FontCache3.0.0.0 - ok
15:30:58.0234 2244 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:30:58.0359 2244 Fs_Rec - ok
15:30:58.0375 2244 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:30:58.0484 2244 Ftdisk - ok
15:30:58.0531 2244 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:30:58.0640 2244 Gpc - ok
15:30:58.0656 2244 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:30:58.0796 2244 HDAudBus - ok
15:30:58.0859 2244 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:30:58.0968 2244 helpsvc - ok
15:30:59.0000 2244 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
15:30:59.0125 2244 HidServ - ok
15:30:59.0140 2244 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:30:59.0265 2244 HidUsb - ok
15:30:59.0296 2244 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:30:59.0406 2244 hkmsvc - ok
15:30:59.0406 2244 hpn - ok
15:30:59.0453 2244 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:30:59.0484 2244 HTTP - ok
15:30:59.0531 2244 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:30:59.0656 2244 HTTPFilter - ok
15:30:59.0671 2244 i2omgmt - ok
15:30:59.0687 2244 i2omp - ok
15:30:59.0703 2244 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:30:59.0828 2244 i8042prt - ok
15:30:59.0906 2244 [ DA91F5385CFC8BA0F110F2FDE112B563 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:30:59.0984 2244 ialm - ok
15:31:00.0046 2244 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:31:00.0062 2244 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:31:00.0062 2244 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:31:00.0140 2244 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:31:00.0171 2244 idsvc - ok
15:31:00.0187 2244 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:31:00.0328 2244 Imapi - ok
15:31:00.0359 2244 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
15:31:00.0484 2244 ImapiService - ok
15:31:00.0484 2244 ini910u - ok
15:31:00.0671 2244 [ 915CE2A58C6917E3C53BE1E91FA66BA8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:31:00.0890 2244 IntcAzAudAddService - ok
15:31:00.0906 2244 IntelIde - ok
15:31:00.0937 2244 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:31:01.0062 2244 intelppm - ok
15:31:01.0078 2244 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:31:01.0203 2244 Ip6Fw - ok
15:31:01.0265 2244 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:31:01.0375 2244 IpFilterDriver - ok
15:31:01.0406 2244 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:31:01.0531 2244 IpInIp - ok
15:31:01.0546 2244 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:31:01.0671 2244 IpNat - ok
15:31:01.0703 2244 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:31:01.0812 2244 IPSec - ok
15:31:01.0843 2244 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:31:01.0906 2244 IRENUM - ok
15:31:01.0937 2244 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:31:02.0046 2244 isapnp - ok
15:31:02.0203 2244 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
15:31:02.0218 2244 JavaQuickStarterService - ok
15:31:02.0250 2244 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:31:02.0375 2244 Kbdclass - ok
15:31:02.0390 2244 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:31:02.0515 2244 kbdhid - ok
15:31:02.0546 2244 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:31:02.0671 2244 kmixer - ok
15:31:02.0718 2244 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:31:02.0734 2244 KSecDD - ok
15:31:02.0765 2244 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:31:02.0812 2244 lanmanserver - ok
15:31:02.0843 2244 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:31:02.0859 2244 lanmanworkstation - ok
15:31:02.0859 2244 lbrtfdc - ok
15:31:02.0890 2244 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:31:03.0015 2244 LmHosts - ok
15:31:03.0078 2244 [ E883A4F472F95F57E263931F9E4C80F9 ] Matrox Centering Service C:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
15:31:03.0093 2244 Matrox Centering Service ( UnsignedFile.Multi.Generic ) - warning
15:31:03.0093 2244 Matrox Centering Service - detected UnsignedFile.Multi.Generic (1)
15:31:03.0125 2244 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:31:03.0140 2244 MBAMProtector - ok
15:31:03.0187 2244 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:31:03.0203 2244 MBAMScheduler - ok
15:31:03.0281 2244 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:31:03.0312 2244 MBAMService - ok
15:31:03.0359 2244 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:31:03.0500 2244 Messenger - ok
15:31:03.0515 2244 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:31:03.0640 2244 mnmdd - ok
15:31:03.0671 2244 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:31:03.0781 2244 mnmsrvc - ok
15:31:03.0796 2244 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:31:03.0906 2244 Modem - ok
15:31:03.0921 2244 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:31:04.0062 2244 Mouclass - ok
15:31:04.0093 2244 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:31:04.0203 2244 mouhid - ok
15:31:04.0234 2244 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:31:04.0359 2244 MountMgr - ok
15:31:04.0421 2244 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:31:04.0421 2244 MozillaMaintenance - ok
15:31:04.0437 2244 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:31:04.0468 2244 MpFilter - ok
15:31:04.0562 2244 [ A69630D039C38018689190234F866D77 ] MpKsl4ebd4fcd C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{880DB9C6-061D-422E-B912-ACCC6FED69D3}\MpKsl4ebd4fcd.sys
15:31:04.0578 2244 MpKsl4ebd4fcd - ok
15:31:04.0578 2244 mraid35x - ok
15:31:04.0609 2244 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:31:04.0734 2244 MRxDAV - ok
15:31:04.0781 2244 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:31:04.0828 2244 MRxSmb - ok
15:31:04.0859 2244 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:31:04.0984 2244 MSDTC - ok
15:31:05.0000 2244 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:31:05.0109 2244 Msfs - ok
15:31:05.0109 2244 MSIServer - ok
15:31:05.0125 2244 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:31:05.0250 2244 MSKSSRV - ok
15:31:05.0312 2244 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Programme\Microsoft Security Client\MsMpEng.exe
15:31:05.0328 2244 MsMpSvc - ok
15:31:05.0359 2244 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:31:05.0468 2244 MSPCLOCK - ok
15:31:05.0484 2244 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:31:05.0609 2244 MSPQM - ok
15:31:05.0640 2244 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:31:05.0750 2244 mssmbios - ok
15:31:05.0781 2244 [ 151126E703B4A05672DE41FDAF74137E ] MtxIic C:\WINDOWS\system32\drivers\MtxIicKrnlNT.sys
15:31:05.0812 2244 MtxIic ( UnsignedFile.Multi.Generic ) - warning
15:31:05.0812 2244 MtxIic - detected UnsignedFile.Multi.Generic (1)
15:31:05.0843 2244 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:31:05.0843 2244 Mup - ok
15:31:05.0890 2244 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
15:31:06.0000 2244 napagent - ok
15:31:06.0015 2244 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:31:06.0156 2244 NDIS - ok
15:31:06.0187 2244 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:31:06.0218 2244 NdisTapi - ok
15:31:06.0265 2244 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:31:06.0390 2244 Ndisuio - ok
15:31:06.0421 2244 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:31:06.0546 2244 NdisWan - ok
15:31:06.0578 2244 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:31:06.0609 2244 NDProxy - ok
15:31:06.0625 2244 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:31:06.0765 2244 NetBIOS - ok
15:31:06.0796 2244 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:31:06.0921 2244 NetBT - ok
15:31:06.0953 2244 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
15:31:07.0062 2244 NetDDE - ok
15:31:07.0078 2244 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:31:07.0203 2244 NetDDEdsdm - ok
15:31:07.0203 2244 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
15:31:07.0234 2244 Netdevio ( UnsignedFile.Multi.Generic ) - warning
15:31:07.0234 2244 Netdevio - detected UnsignedFile.Multi.Generic (1)
15:31:07.0250 2244 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:31:07.0343 2244 Netlogon - ok
15:31:07.0375 2244 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
15:31:07.0515 2244 Netman - ok
15:31:07.0546 2244 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:31:07.0562 2244 NetTcpPortSharing - ok
15:31:07.0578 2244 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:31:07.0703 2244 NIC1394 - ok
15:31:07.0734 2244 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
15:31:07.0765 2244 Nla - ok
15:31:07.0796 2244 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:31:07.0906 2244 Npfs - ok
15:31:07.0953 2244 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:31:08.0109 2244 Ntfs - ok
15:31:08.0109 2244 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:31:08.0234 2244 NtLmSsp - ok
15:31:08.0281 2244 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:31:08.0406 2244 NtmsSvc - ok
15:31:08.0421 2244 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:31:08.0546 2244 Null - ok
15:31:08.0578 2244 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:31:08.0687 2244 NwlnkFlt - ok
15:31:08.0703 2244 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:31:08.0843 2244 NwlnkFwd - ok
15:31:08.0843 2244 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:31:08.0968 2244 ohci1394 - ok
15:31:09.0000 2244 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:31:09.0109 2244 Parport - ok
15:31:09.0140 2244 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:31:09.0265 2244 PartMgr - ok
15:31:09.0281 2244 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:31:09.0406 2244 ParVdm - ok
15:31:09.0421 2244 [ 210A628A0D7B3F45257850EFBFF27538 ] pavboot C:\WINDOWS\system32\drivers\pavboot.sys
15:31:09.0437 2244 pavboot - ok
15:31:09.0453 2244 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:31:09.0562 2244 PCI - ok
15:31:09.0562 2244 PCIDump - ok
15:31:09.0578 2244 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:31:09.0703 2244 PCIIde - ok
15:31:09.0718 2244 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:31:09.0843 2244 Pcmcia - ok
15:31:09.0843 2244 PDCOMP - ok
15:31:09.0843 2244 PDFRAME - ok
15:31:09.0859 2244 PDRELI - ok
15:31:09.0859 2244 PDRFRAME - ok
15:31:09.0875 2244 perc2 - ok
15:31:09.0875 2244 perc2hib - ok
15:31:09.0906 2244 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
15:31:09.0921 2244 PlugPlay - ok
15:31:09.0937 2244 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:31:10.0046 2244 PolicyAgent - ok
15:31:10.0062 2244 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:31:10.0187 2244 PptpMiniport - ok
15:31:10.0187 2244 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:31:10.0312 2244 ProtectedStorage - ok
15:31:10.0312 2244 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:31:10.0421 2244 PSched - ok
15:31:10.0453 2244 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:31:10.0562 2244 Ptilink - ok
15:31:10.0562 2244 ql1080 - ok
15:31:10.0578 2244 Ql10wnt - ok
15:31:10.0578 2244 ql12160 - ok
15:31:10.0593 2244 ql1240 - ok
15:31:10.0593 2244 ql1280 - ok
15:31:10.0609 2244 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:31:10.0734 2244 RasAcd - ok
15:31:10.0765 2244 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:31:10.0890 2244 RasAuto - ok
15:31:10.0906 2244 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:31:11.0015 2244 Rasl2tp - ok
15:31:11.0046 2244 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:31:11.0156 2244 RasMan - ok
15:31:11.0171 2244 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:31:11.0296 2244 RasPppoe - ok
15:31:11.0296 2244 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:31:11.0406 2244 Raspti - ok
15:31:11.0437 2244 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:31:11.0578 2244 Rdbss - ok
15:31:11.0578 2244 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:31:11.0687 2244 RDPCDD - ok
15:31:11.0734 2244 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:31:11.0765 2244 RDPWD - ok
15:31:11.0796 2244 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:31:11.0921 2244 RDSessMgr - ok
15:31:11.0953 2244 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:31:12.0062 2244 redbook - ok
15:31:12.0093 2244 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:31:12.0203 2244 RemoteAccess - ok
15:31:12.0250 2244 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:31:12.0359 2244 RpcLocator - ok
15:31:12.0390 2244 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:31:12.0421 2244 RpcSs - ok
15:31:12.0468 2244 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:31:12.0578 2244 RSVP - ok
15:31:12.0625 2244 [ BB0AE2171F08129F4F3FF9DF20FFBF89 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:31:12.0656 2244 RTLE8023xp - ok
15:31:12.0671 2244 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
15:31:12.0796 2244 SamSs - ok
15:31:12.0859 2244 SASDIFSV - ok
15:31:12.0859 2244 SASENUM - ok
15:31:12.0875 2244 SASKUTIL - ok
15:31:12.0906 2244 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:31:13.0031 2244 SCardSvr - ok
15:31:13.0078 2244 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:31:13.0218 2244 Schedule - ok
15:31:13.0218 2244 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:31:13.0343 2244 sdbus - ok
15:31:13.0375 2244 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:31:13.0421 2244 Secdrv - ok
15:31:13.0437 2244 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
15:31:13.0578 2244 seclogon - ok
15:31:13.0578 2244 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
15:31:13.0703 2244 SENS - ok
15:31:13.0718 2244 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:31:13.0843 2244 Serial - ok
15:31:13.0875 2244 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:31:14.0000 2244 sffdisk - ok
15:31:14.0015 2244 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:31:14.0140 2244 sffp_sd - ok
15:31:14.0171 2244 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:31:14.0296 2244 Sfloppy - ok
15:31:14.0343 2244 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:31:14.0500 2244 SharedAccess - ok
15:31:14.0515 2244 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:31:14.0531 2244 ShellHWDetection - ok
15:31:14.0531 2244 Simbad - ok
15:31:14.0578 2244 [ 70D7480EBA6E5D2A1687809324237D98 ] slabbus C:\WINDOWS\system32\DRIVERS\slabbus.sys
15:31:14.0593 2244 slabbus ( UnsignedFile.Multi.Generic ) - warning
15:31:14.0593 2244 slabbus - detected UnsignedFile.Multi.Generic (1)
15:31:14.0609 2244 [ 044C01804923A37E771A2B9750406979 ] slabser C:\WINDOWS\system32\DRIVERS\slabser.sys
15:31:14.0625 2244 slabser ( UnsignedFile.Multi.Generic ) - warning
15:31:14.0625 2244 slabser - detected UnsignedFile.Multi.Generic (1)
15:31:14.0640 2244 Sparrow - ok
15:31:14.0671 2244 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:31:14.0796 2244 splitter - ok
15:31:14.0828 2244 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:31:14.0859 2244 Spooler - ok
15:31:14.0890 2244 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:31:14.0953 2244 sr - ok
15:31:14.0984 2244 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
15:31:15.0046 2244 srservice - ok
15:31:15.0093 2244 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:31:15.0125 2244 Srv - ok
15:31:15.0140 2244 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:31:15.0203 2244 SSDPSRV - ok
15:31:15.0203 2244 SSPORT - ok
15:31:15.0281 2244 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:31:15.0406 2244 stisvc - ok
15:31:15.0437 2244 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:31:15.0578 2244 swenum - ok
15:31:15.0593 2244 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:31:15.0718 2244 swmidi - ok
15:31:15.0734 2244 SwPrv - ok
15:31:15.0734 2244 symc810 - ok
15:31:15.0750 2244 symc8xx - ok
15:31:15.0750 2244 sym_hi - ok
15:31:15.0750 2244 sym_u3 - ok
15:31:15.0781 2244 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:31:15.0890 2244 sysaudio - ok
15:31:15.0921 2244 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:31:16.0031 2244 SysmonLog - ok
15:31:16.0062 2244 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:31:16.0187 2244 TapiSrv - ok
15:31:16.0218 2244 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:31:16.0265 2244 Tcpip - ok
15:31:16.0281 2244 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:31:16.0390 2244 TDPIPE - ok
15:31:16.0421 2244 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:31:16.0546 2244 TDTCP - ok
15:31:16.0578 2244 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:31:16.0687 2244 TermDD - ok
15:31:16.0718 2244 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
15:31:16.0843 2244 TermService - ok
15:31:16.0859 2244 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:31:16.0875 2244 Themes - ok
15:31:16.0921 2244 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
15:31:16.0937 2244 tifm21 - ok
15:31:16.0953 2244 TosIde - ok
15:31:16.0968 2244 [ 9FFFFB4C5B06C7B75E8159F1106006AC ] TPwSav C:\WINDOWS\system32\drivers\TPwSav.sys
15:31:16.0984 2244 TPwSav ( UnsignedFile.Multi.Generic ) - warning
15:31:16.0984 2244 TPwSav - detected UnsignedFile.Multi.Generic (1)
15:31:17.0000 2244 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:31:17.0125 2244 TrkWks - ok
15:31:17.0171 2244 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:31:17.0296 2244 Udfs - ok
15:31:17.0296 2244 ultra - ok
15:31:17.0343 2244 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:31:17.0453 2244 Update - ok
15:31:17.0531 2244 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:31:17.0593 2244 upnphost - ok
15:31:17.0609 2244 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
15:31:17.0734 2244 UPS - ok
15:31:17.0765 2244 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:31:17.0875 2244 usbaudio - ok
15:31:17.0890 2244 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:31:18.0015 2244 usbccgp - ok
15:31:18.0031 2244 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:31:18.0156 2244 usbehci - ok
15:31:18.0187 2244 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:31:18.0296 2244 usbhub - ok
15:31:18.0328 2244 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:31:18.0437 2244 usbprint - ok
15:31:18.0453 2244 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:18.0578 2244 USBSTOR - ok
15:31:18.0578 2244 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:31:18.0703 2244 usbuhci - ok
15:31:18.0718 2244 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:31:18.0828 2244 VgaSave - ok
15:31:18.0843 2244 ViaIde - ok
15:31:18.0859 2244 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:31:18.0984 2244 VolSnap - ok
15:31:19.0015 2244 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
15:31:19.0078 2244 VSS - ok
15:31:19.0093 2244 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
15:31:19.0218 2244 W32Time - ok
15:31:19.0250 2244 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:31:19.0359 2244 Wanarp - ok
15:31:19.0375 2244 WDICA - ok
15:31:19.0390 2244 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:31:19.0500 2244 wdmaud - ok
15:31:19.0515 2244 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:31:19.0656 2244 WebClient - ok
15:31:19.0718 2244 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:31:19.0843 2244 winmgmt - ok
15:31:19.0890 2244 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:31:20.0000 2244 WmdmPmSN - ok
15:31:20.0031 2244 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:31:20.0156 2244 WmiApSrv - ok
15:31:20.0187 2244 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:31:20.0328 2244 wscsvc - ok
15:31:20.0343 2244 [ 8FEDE6CF2EB103EF1274CE2C9D8EE0E7 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
15:31:20.0375 2244 WSIMD - ok
15:31:20.0406 2244 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:31:20.0531 2244 wuauserv - ok
15:31:20.0593 2244 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:31:20.0718 2244 WZCSVC - ok
15:31:20.0750 2244 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:31:20.0875 2244 xmlprov - ok
15:31:20.0890 2244 ================ Scan global ===============================
15:31:20.0921 2244 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:31:20.0953 2244 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:31:20.0968 2244 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:31:20.0984 2244 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:31:21.0000 2244 [Global] - ok
15:31:21.0000 2244 ================ Scan MBR ==================================
15:31:21.0015 2244 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:31:21.0343 2244 \Device\Harddisk0\DR0 - ok
15:31:21.0343 2244 ================ Scan VBR ==================================
15:31:21.0343 2244 [ 65F01DEEF7CFFCDF1606E75FEAE473F3 ] \Device\Harddisk0\DR0\Partition1
15:31:21.0343 2244 \Device\Harddisk0\DR0\Partition1 - ok
15:31:21.0375 2244 [ 08D06ABD259A85AC40BE4BFAFA30758B ] \Device\Harddisk0\DR0\Partition2
15:31:21.0375 2244 \Device\Harddisk0\DR0\Partition2 - ok
15:31:21.0375 2244 ============================================================
15:31:21.0375 2244 Scan finished
15:31:21.0375 2244 ============================================================
15:31:21.0484 2308 Detected object count: 9
15:31:21.0484 2308 Actual detected object count: 9
15:31:26.0531 2308 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0531 2308 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0531 2308 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0531 2308 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0531 2308 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0531 2308 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0531 2308 Matrox Centering Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0531 2308 Matrox Centering Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0531 2308 MtxIic ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0531 2308 MtxIic ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0531 2308 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0531 2308 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0546 2308 slabbus ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0546 2308 slabbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0546 2308 slabser ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0546 2308 slabser ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:26.0546 2308 TPwSav ( UnsignedFile.Multi.Generic ) - skipped by user
15:31:26.0546 2308 TPwSav ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:31:28.0953 3984 Deinitialize success
Geändert von hansi9999 (20.12.2012 um 15:36 Uhr) |
|
20.12.2012, 16:18
| #15 | |
| /// Malware-holic | a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu a variant of Java/Exploit.CVE-2012-5076.Q trojan gefunden von ESET Onlinescanner |
| abend, betreff, escan, eset, gefunde, guten, java/exploit.cve-2012-5076.q, nichts, onlinescan, onlinescanner, troja, trojan, trojaner, variant |
Linear-Darstellung
