| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus öffnet selbständig TabsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.01.2013, 19:41
| #1 |
 |  Virus öffnet selbständig Tabs Das Problem wurde ja wohl hier schon erörtert und ich bin darüber überhaupt erst auf dieses Forum gestoßen. Eigentlich wollte ich nur meinen Scan-Bericht hier posten, da ich irgendwo las, daß dies gewünscht wird. Inzwischen sind allerdings noch ein paar Fragen aufgetaucht und ich habe gerade festgestellt, daß ich wohl einen Fehler gemacht habe. Der Reihe nach: Am Wochenende ging es irgendwann beim surfen los, daß sich bei jeder aktivität im Browser ein Tab mit folgender Seite öffnete: hxxp://lp.empire.goodgamestudios.com/?country=de Das ging bis zum nächsten Tag so, dann war es plötzlich vorbei. Da ich aber zwischenzeitlich den Tip mit dem Forum hier bekam und dem Frieden nicht traute, habe ich die hier empfohlene Anti-Malware runtergeladen, den Scan durchgeführt und siehe da: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.08.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Seng :: DGHMVB4J [Administrator] 08.01.2013 18:09:35 mbam-log-2013-01-08 (18-09-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231770 Laufzeit: 5 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\90R7WKPG.exe.part (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\ICReinstall\VideoConverterSetup.exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\5202171.Uninstall\Uninstall.exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wie ich inzwischen gelesen habe, war es ein Fehler, daß ich die Dinger aus der Quarantäne gelöscht habe. Eins von den Teilen ist auch in der Quarantäne meines Sophos vorhanden. (Da kamen eine zeitlang die Updates nicht, sonst wäre das Problem vielleicht gar nicht aufgetreten. Als ich nach erfolgtem Update einen Scan durchgeführt habe, hat er das Ding gefunden, vor dem Update nicht.) Bleiben für mich jetzt vor allem erstmal 2 Fragen. 1. Ist mein PC jetzt clean oder müssen noch andere Maßnahmen durchgeführt werden? 2: Soll ich die Anti-Malware deaktivieren/deinstallieren, damit keine Konflikte mit Sophos entstehen? Und überhaupt: Hallo erstmal und ein frohes Neues.  |
|
08.01.2013, 19:43
| #2 |
| /// Malware-holic   | Virus öffnet selbständig Tabs Hi
__________________gesundes neues. MBAM hintergrundwächter kannst du deaktivieren, Programm behalten, als "zweite Meinung" Was ist denn in der sophos Quarantäne, möglichst mit Pfadangabe + Fundmeldung. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
08.01.2013, 19:51
| #3 |
| | Virus öffnet selbständig Tabs Wow, das war schnell.
__________________Im Sophos wird das gelistet: Adware/Pua Install Core Installer Darin sind anscheinend die folgenden 3 Dateien enthalten: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\5202171.Uninstall\Uninstall.exe C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\ICReinstall\VideoConverterSetup.exe HKCR\exefile\default Edit: Bin gerade ein bißchen verwirrt. Der Link funzt nicht. Hatte jetzt geglaubt schon eine weitere antwort gelesen zu haben "... weiter mit Olt ..", jetzt isse weg. Ist das ein Datei-Konverter? Den hatte ich nämlich zwischenzeitlich schon runtergeladen und wieder rausgeschmissen? Geändert von JJGrabowski (08.01.2013 um 20:09 Uhr) |
|
08.01.2013, 19:52
| #4 |
| /// Malware-holic | Virus öffnet selbständig Tabs also noch nichts weiter tragisches. :-) dann man weiter mit OTL
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 20:45
| #5 |
| | Virus öffnet selbständig Tabs Puh, zum Glück ist mir irgendwann eingefallen, daß es eine Funktion geben könnte, um den Namen zu ersetzen.  Hab dann irgendwo unter den Autos dann doch einen download gefunden. OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.01.2013 20:25:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 77,68% Memory free 7,96 Gb Paging File | 7,28 Gb Available in Paging File | 91,43% Paging File free Paging file location(s): C:\pagefile.sys 4987 5987 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 148,93 Gb Total Space | 113,70 Gb Free Space | 76,35% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DGHMVB4J | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.08 20:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2013.01.07 20:05:46 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALMon.exe PRC - [2013.01.07 20:05:45 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe PRC - [2013.01.07 20:04:44 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2013.01.07 20:04:41 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2013.01.07 20:03:57 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Remote Management System\RouterNT.exe PRC - [2013.01.07 20:03:55 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Remote Management System\ManagementAgentNT.exe PRC - [2012.09.17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.08.15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.07.30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012.07.05 19:27:03 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.06.01 12:09:32 | 002,267,672 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Patch Agent\spa.exe PRC - [2012.05.29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Mes***er\SweetIM.exe PRC - [2012.05.09 16:33:40 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2011.12.27 17:59:40 | 000,150,552 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Client Firewall\SCFManager.exe PRC - [2011.12.27 17:59:40 | 000,089,112 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Client Firewall\SCFService.exe PRC - [2011.09.29 11:16:26 | 000,101,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\LCore.exe PRC - [2009.02.04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.10 10:13:44 | 000,053,248 | ---- | M] (HP) -- C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.08.31 07:59:28 | 000,036,864 | ---- | M] () -- C:\Programme\HP\HP UT\bin\hppusg.exe PRC - [2007.06.20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2013.01.07 20:04:01 | 000,740,416 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_Security.dll MOD - [2013.01.07 20:04:01 | 000,146,496 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\ssleay32.dll MOD - [2013.01.07 20:04:00 | 001,539,136 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO.dll MOD - [2013.01.07 20:03:58 | 000,076,864 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\ACE_SSL.dll MOD - [2013.01.07 20:03:55 | 000,535,616 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_PortableServer.dll MOD - [2013.01.07 20:03:55 | 000,244,800 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_SSLIOP.dll MOD - [2013.01.07 20:03:54 | 000,760,896 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\libeay32.dll MOD - [2013.01.07 20:03:54 | 000,183,360 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_DynamicAny.dll MOD - [2013.01.07 20:03:54 | 000,039,488 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\TAO_Valuetype.dll MOD - [2013.01.07 20:03:53 | 001,055,808 | ---- | M] () -- C:\Programme\Sophos\Remote Management System\ace.dll MOD - [2012.11.16 00:35:02 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 00:34:07 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\709bb78b419d5d5e30f2acfd722abb29\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2012.11.16 00:34:02 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll MOD - [2012.11.16 00:33:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll MOD - [2012.11.16 00:33:50 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll MOD - [2012.11.16 00:33:16 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll MOD - [2012.11.16 00:33:09 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll MOD - [2012.11.16 00:32:59 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012.11.16 00:32:38 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2011.11.30 00:30:22 | 000,026,112 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\PnpGamePanelDevices-8.12.049\PnpGamePanelDevices.dll MOD - [2011.11.30 00:30:20 | 000,070,656 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\SimInput-8.12.068\SimInput.dll MOD - [2011.11.30 00:30:19 | 000,467,456 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\MainUI-8.12.179\MainUI.dll MOD - [2011.11.30 00:30:17 | 000,206,336 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\G19Device-8.12.147\G19Device.dll MOD - [2011.11.30 00:30:17 | 000,189,952 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\G13Device-8.12.155\G13Device.dll MOD - [2011.11.30 00:30:17 | 000,090,112 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\DevBusHid-8.12.078\DevBusHid.dll MOD - [2011.11.30 00:30:17 | 000,088,064 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\DevBusBulk-8.12.076\DevBusBulk.dll MOD - [2011.11.30 00:30:17 | 000,086,016 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\DevMgr-8.12.077\DevMgr.dll MOD - [2010.05.15 17:22:47 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll MOD - [2009.02.27 15:41:25 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.02.27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009.02.27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2008.04.25 16:16:45 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.04.25 16:16:43 | 000,385,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.01.10 10:13:28 | 000,102,400 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPFaxUtilities.dll MOD - [2008.01.10 10:13:26 | 000,552,960 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\Alerts.dll MOD - [2008.01.10 10:12:56 | 000,589,824 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPAppTools.dll MOD - [2008.01.10 10:12:48 | 000,069,632 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\AppConstants.dll MOD - [2008.01.10 10:12:46 | 000,040,960 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\Enumeration.dll MOD - [2008.01.10 10:12:44 | 000,126,976 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPToolkit.dll MOD - [2008.01.10 10:12:40 | 000,016,384 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPStreamsInterface.dll MOD - [2008.01.10 10:12:38 | 000,069,632 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\HPTools.dll MOD - [2008.01.10 10:11:58 | 000,086,016 | ---- | M] () -- C:\Programme\HP\ToolboxFX\bin\NativeUtils.dll MOD - [2007.08.31 07:59:28 | 000,057,344 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPUsageTracking.dll MOD - [2007.08.31 07:59:28 | 000,036,864 | ---- | M] () -- C:\Programme\HP\HP UT\bin\hppusg.exe MOD - [2007.08.31 07:59:26 | 000,114,688 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPToolkit.dll MOD - [2007.08.31 07:59:26 | 000,036,864 | ---- | M] () -- C:\Programme\HP\HP UT\bin\Enumeration.dll MOD - [2007.08.31 07:59:10 | 000,065,536 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPTools.dll MOD - [2007.08.31 07:59:04 | 000,016,384 | ---- | M] () -- C:\Programme\HP\HP UT\bin\HPStreamsInterface.dll MOD - [2007.07.23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ========== Services (SafeList) ========== SRV - [2013.01.07 20:05:45 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2013.01.07 20:04:44 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2013.01.07 20:04:41 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2013.01.07 20:04:31 | 001,459,264 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_update.exe -- (swi_update) SRV - [2013.01.07 20:03:57 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router) SRV - [2013.01.07 20:03:55 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent) SRV - [2012.12.18 19:07:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.11 20:50:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.05 19:27:03 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.06.01 12:09:32 | 002,267,672 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Patch Agent\spa.exe -- (Sophos Patch Agent) SRV - [2012.05.09 16:33:40 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2011.12.27 17:59:40 | 000,150,552 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager) SRV - [2011.12.27 17:59:40 | 000,089,112 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall) SRV - [2009.06.24 08:23:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.07.11 09:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2007.06.20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.05.09 16:33:38 | 000,024,832 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter) DRV - [2012.05.09 16:33:33 | 000,155,392 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl) DRV - [2011.12.27 17:59:34 | 000,057,888 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scfndis.sys -- (scfndis) DRV - [2011.12.27 17:59:30 | 000,088,608 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scfdriver.sys -- (scfdriver) DRV - [2011.12.27 17:59:03 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2011.11.30 00:30:20 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2011.11.30 00:30:20 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2011.11.30 00:30:17 | 000,041,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV - [2011.08.15 14:38:07 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\skmscan.sys -- (SKMScan) DRV - [2009.06.18 16:14:18 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2007.11.29 04:59:14 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2007.09.12 03:23:54 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.07.23 15:05:18 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007.07.23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007.07.23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007.07.23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007.07.23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007.07.23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007.07.23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007.07.23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007.07.23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007.07.23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2007.07.16 22:29:43 | 000,020,504 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX) DRV - [2007.07.16 22:29:33 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2007.06.20 14:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.msn.com/sphome.aspx IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/sphome.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=17162&mntrId=98b43c120000000000000022193403fa IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=17162&mntrId=98b43c120000000000000022193403fa IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "FileConverter 1.3 Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT3241949&SearchSource=13&CUI=SB_CUI" FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {feb5b4fd-a195-48b3-b9c6-b359faf9b3e2}:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&CUI=SB_CUI&q=" FF - prefs.js..network.proxy.ftp: "95.172.68.150" FF - prefs.js..network.proxy.ftp_port: 443 FF - prefs.js..network.proxy.http: "95.172.68.150" FF - prefs.js..network.proxy.http_port: 443 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "95.172.68.150" FF - prefs.js..network.proxy.socks_port: 443 FF - prefs.js..network.proxy.ssl: "95.172.68.150" FF - prefs.js..network.proxy.ssl_port: 443 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.18 19:07:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.18 19:07:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.06.24 09:07:43 | 000,000,000 | ---D | M] [2009.06.22 15:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2013.01.08 19:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\extensions [2010.09.07 17:11:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.20 15:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\extensions\{feb5b4fd-a195-48b3-b9c6-b359faf9b3e2} [2012.10.22 14:47:45 | 000,183,174 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\extensions\stealthyextension@gmail.com.xpi [2012.11.24 04:37:30 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.19 15:24:00 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\searchplugins\11-suche.xml [2011.12.19 15:24:00 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\searchplugins\englische-ergebnisse.xml [2013.01.08 19:57:48 | 000,001,064 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\searchplugins\fileconverter-13-customized-web-search.xml [2011.12.19 15:24:00 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\searchplugins\gmx-suche.xml [2011.12.19 15:24:00 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\searchplugins\lastminute.xml [2012.09.24 04:53:07 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\searchplugins\sweetim.xml [2011.12.19 15:24:00 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\searchplugins\webde-suche.xml [2012.12.18 19:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.18 19:07:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.18 19:07:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.18 19:07:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.06.17 01:19:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.12.18 19:07:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.25 12:12:42 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 03:06:04 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.08.28 20:00:01 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.25 12:12:42 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.25 12:12:42 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.25 12:12:42 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.25 12:12:42 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Bing () CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: hxxp://www.google.com/ O1 HOSTS File: ([2011.10.21 16:00:13 | 000,000,858 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 209.59.135.116 www.playforyourclub.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HPUsageTracking] C:\Programme\HP\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LCore] C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Mes***er\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [ToolBoxFX] C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP) O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84DD3B29-7595-4468-A9F2-1F7CEB98790E}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 16:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 20:15:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013.01.08 18:08:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2013.01.08 18:07:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.08 18:07:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.08 18:07:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.08 18:07:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.08 17:44:38 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.08 17:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Fragmente [2012.12.18 19:07:34 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.11.30 00:26:35 | 053,141,720 | ---- | C] (Logitech Inc.) -- C:\Programme\lgs812.exe [2011.07.24 12:42:08 | 004,236,872 | ---- | C] (Veetle Inc) -- C:\Programme\veetle-0.9.18.exe [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.08 20:27:05 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FF694951-5FD3-44D4-9D17-CA47BA4669FA}.job [2013.01.08 20:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013.01.08 19:50:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.08 18:26:39 | 000,000,276 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Windows Explorer.lnk [2013.01.08 18:23:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.08 18:21:59 | 000,201,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.08 18:21:38 | 000,000,514 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2013.01.08 18:21:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.08 18:21:24 | 3487,158,272 | -HS- | M] () -- C:\hiberfil.sys [2013.01.08 18:07:23 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.08 17:44:38 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.07 19:59:53 | 000,302,450 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\sophos_hs_um.exe [2013.01.07 19:57:35 | 000,000,560 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit VPN RheinMoselCampus.lnk [2012.12.21 14:26:38 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.08 18:07:23 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.07 19:59:53 | 000,302,450 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\sophos_hs_um.exe [2013.01.07 19:57:35 | 000,000,560 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit VPN RheinMoselCampus.lnk [2012.10.04 03:10:46 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.16 03:36:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.04 17:09:37 | 000,000,455 | ---- | C] () -- C:\Programme\WLan1importieren.bin [2011.01.21 00:01:49 | 000,158,230 | ---- | C] () -- C:\Dokumente und Einstellungen\***\euro.mla [2010.10.31 16:40:43 | 000,939,956 | ---- | C] () -- C:\Programme\7z465.exe [2010.07.26 16:20:00 | 018,965,012 | ---- | C] () -- C:\Programme\f4-v31.exe [2009.06.18 14:46:37 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.04.25 16:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.04.29 05:33:23 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.09.03 02:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2010.04.03 03:17:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.05.13 02:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Das Fussball Studio [2010.09.03 01:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCPitstop [2012.06.01 12:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos [2012.09.24 04:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2011.03.02 21:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.05.15 17:22:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zvprt50 [2011.03.02 21:04:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.09.03 02:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Babylon [2011.09.05 00:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BabylonToolbar [2012.05.13 02:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Das Fussball Studio [2011.03.25 16:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GetRightToGo [2010.03.27 23:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.10.05 15:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuickScan [2011.10.12 19:33:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer [2009.06.24 09:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird [2011.03.02 21:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software [2009.05.26 21:53:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2009.06.22 09:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.20 03:13:41 | 000,000,000 | ---D | M] -- C:\049039854d3a0b78dac410a5e9 [2010.04.20 03:13:14 | 000,000,000 | ---D | M] -- C:\447099655545f6a785d0be36aa [2009.11.07 03:02:11 | 000,000,000 | ---D | M] -- C:\a877b78ef2ba92374d [2010.04.20 03:14:11 | 000,000,000 | ---D | M] -- C:\b822ade280ba5c687d [2013.01.07 20:12:30 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.06.19 09:28:19 | 000,000,000 | ---D | M] -- C:\DELL [2009.06.18 14:46:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2009.05.27 10:46:09 | 000,000,000 | ---D | M] -- C:\drivers [2009.05.26 21:51:49 | 000,000,000 | ---D | M] -- C:\I386 [2009.06.18 15:40:48 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.05.26 22:00:02 | 000,000,000 | ---D | M] -- C:\Program Files [2013.01.08 18:07:21 | 000,000,000 | R--D | M] -- C:\Programme [2009.06.22 09:53:29 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2009.06.18 14:46:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.06.22 15:18:40 | 000,000,000 | ---D | M] -- C:\Temp [2013.01.08 02:34:50 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2010.10.31 16:40:43 | 000,939,956 | ---- | M] () -- C:\Programme\7z465.exe [2010.07.26 16:20:06 | 018,965,012 | ---- | M] () -- C:\Programme\f4-v31.exe [2011.11.30 00:28:41 | 053,141,720 | ---- | M] (Logitech Inc.) -- C:\Programme\lgs812.exe [2011.07.24 12:42:08 | 004,236,872 | ---- | M] (Veetle Inc) -- C:\Programme\veetle-0.9.18.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 13:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 13:00:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 13:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 13:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 13:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 13:00:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 13:00:00 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2008.04.25 10:45:52 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2008.04.25 16:03:39 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2011.08.17 01:30:18 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF694951-5FD3-44D4-9D17-CA47BA4669FA}.job [2012.10.06 13:09:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys [2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 13:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys [2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 13:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.12.04 03:40:32 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\drivers\storage\R173412\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.12.04 03:40:32 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.04.25 03:50:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.04.25 03:50:48 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.04.25 03:50:48 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.01.21 00:01:49 | 000,158,230 | ---- | M] () -- C:\Dokumente und Einstellungen\***\euro.mla [2013.01.08 20:28:16 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2013.01.08 20:28:52 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat.LOG [2013.01.08 18:20:31 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:56:52 | 001,875,584 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.01.2013 20:25:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 77,68% Memory free
7,96 Gb Paging File | 7,28 Gb Available in Paging File | 91,43% Paging File free
Paging file location(s): C:\pagefile.sys 4987 5987 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,93 Gb Total Space | 113,70 Gb Free Space | 76,35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DGHMVB4J | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Mes***er\wlcsdk.exe" = C:\Programme\Windows Live\Mes***er\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Mes***er\msnmsgr.exe" = C:\Programme\Windows Live\Mes***er\msnmsgr.exe:*:Enabled:Windows Live Mes***er -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Mes***er\wlcsdk.exe" = C:\Programme\Windows Live\Mes***er\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\HP\hp laserjet m1522\Fax Config utility1.exe" = C:\Programme\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer -- ()
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
"C:\Programme\HP\hp laserjet m1522\hppfaxnc1.exe" = C:\Programme\HP\hp laserjet m1522\hppfaxnc1.exe:*:Enabled:HP Networked Printer Installer -- (Hewlett-Packard Co.)
"C:\Programme\Windows Live\Mes***er\msnmsgr.exe" = C:\Programme\Windows Live\Mes***er\msnmsgr.exe:*:Disabled:Windows Live Mes***er -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{12C00299-B8B4-40D3-9663-66ABEA3198AB}" = Sophos Client Firewall
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F15B51B-0622-486A-A751-6D4EDD56842A}" = hppusgM1522
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{29006785-9EF7-4E84-ABE8-6244D12E7909}" = Sophos Patch Agent
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30B48963-F106-45C1-A34D-BCDEEC3BE0EC}" = hppSendFax
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38847ACF-C102-455C-9E58-57626D495DB1}" = hppFaxUtility
"{41B52574-B88C-4874-A63F-4BBFEC15ADC3}" = hpzTLBXFX
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}" = Opera 9.27
"{515B6FE8-7428-48D5-A39B-3E64A0BCCABE}" = hppscanM1522
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A3B66AC-97DC-4A9F-8F68-4D49C522CB22}" = hppScanTo
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6DD734FE-F0D6-4B15-BD77-A4EADBA04DEA}" = hppLJM1522
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Mes***er 3.7
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Mes***er
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software 8.12
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B00690AD-B4F5-4730-9110-5C495B89E647}" = Scan
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF41B595-62E3-407A-BE1F-267A2AF6CB4C}" = hppTLBXFXM1522
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C8A37F1F-E13B-48ae-93F8-4669264969F9}" = HP LaserJet M1522 MFP Series 4.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E352D262-66C1-4669-9522-8B57AA5AE201}" = hppManualsM1522
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EDC1C4E7-C425-4E45-B8E0-D9ABB4F0D907}" = hppFaxDrvM1522
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.5.1
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CCleaner" = CCleaner
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"f4" = f4 3.1.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"SopCast" = SopCast 3.5.0
"Speed Gear_is1" = Speed Gear v7.1
"TeamViewer 6" = TeamViewer 6
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.01.2013 14:24:35 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 06.01.2013 08:07:39 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 06.01.2013 16:11:39 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 06.01.2013 23:19:32 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 07.01.2013 07:32:34 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 07.01.2013 13:29:10 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 07.01.2013 15:14:55 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 07.01.2013 21:39:29 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 08.01.2013 06:17:01 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
Error - 08.01.2013 13:28:39 | Computer Name = DGHMVB4J | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: SOPHOSAV.%3
[ System Events ]
Error - 08.01.2013 11:53:55 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 08.01.2013 11:53:55 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC80.MFCLOC" konnte nicht gefunden
werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.
Error - 08.01.2013 11:53:55 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.MFCLOC fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 08.01.2013 11:53:55 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 08.01.2013 12:16:11 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC80.MFCLOC" konnte nicht gefunden
werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.
Error - 08.01.2013 12:16:11 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.MFCLOC fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 08.01.2013 12:16:11 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 08.01.2013 12:16:20 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC80.MFCLOC" konnte nicht gefunden
werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.
Error - 08.01.2013 12:16:20 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.MFCLOC fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 08.01.2013 12:16:20 | Computer Name = DGHMVB4J | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
< End of report >
|
|
08.01.2013, 23:52
| #6 |
| /// Malware-holic | Virus öffnet selbständig Tabs hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O1 - Hosts: 209.59.135.116 www.playforyourclub.com
O4 - HKLM..\Run: [] File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ --> Virus öffnet selbständig Tabs |
|
09.01.2013, 14:52
| #7 |
| | Virus öffnet selbständig Tabs Done. All processes killed ========== OTL ========== 209.59.135.116 www.playforyourclub.com removed from HOSTS file successfully Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default User User: LocalService User: NetworkService User: *** ->Flash cache emptied: 4359 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 109447 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 69292 bytes ->Temporary Internet Files folder emptied: 33816 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: *** ->Temp folder emptied: 765157535 bytes ->Temporary Internet Files folder emptied: 3289720 bytes ->Java cache emptied: 6865084 bytes ->FireFox cache emptied: 368333476 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1163143 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 78741570 bytes RecycleBin emptied: 30208 bytes Total Files Cleaned = 1.167,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01092013_141841 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Wenn ich es richtig sehe, funktioniert jetzt aber eine Anwendung nicht mehr. Hatte dafür die hosts damals selbst verändert. Kannst Du eigentlich nachvollziehen, wie der Virus auf meinen PC gekommen ist? |
|
09.01.2013, 15:28
| #8 |
| /// Malware-holic | Virus öffnet selbständig Tabs noch nicht. dann trag mal das wieder in die hosts ein: 209.59.135.116 The Free Online Football Game - Play For Your Club - For All Real Football Fans - Play For Your Club! Danach: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 16:38
| #9 |
| | Virus öffnet selbständig Tabs Das mit der host mach ich besser am Schluß bei den Aufräumarbeiten. War damals ne elende Fummelei und hat auch jetzt nicht gleich geklappt. Killer hab ich laufen lassen, Skip war voreingestellt bei den Ergebnissen. Was soll ich posten? Hab keine post-/kopierfähige Datei gefunden. |
|
09.01.2013, 16:56
| #10 |
| /// Malware-holic | Virus öffnet selbständig Tabs c: öffnen, tdss-Killer-datum-version.txt Inhalt posten, danke.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 16:59
| #11 |
| | Virus öffnet selbständig Tabs Here it is: 16:25:55.0781 2900 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:25:56.0390 2900 ============================================================ 16:25:56.0390 2900 Current date / time: 2013/01/09 16:25:56.0390 16:25:56.0390 2900 SystemInfo: 16:25:56.0390 2900 16:25:56.0390 2900 OS Version: 5.1.2600 ServicePack: 3.0 16:25:56.0390 2900 Product type: Workstation 16:25:56.0390 2900 ComputerName: DGHMVB4J 16:25:56.0390 2900 UserName: *** 16:25:56.0390 2900 Windows directory: C:\WINDOWS 16:25:56.0390 2900 System windows directory: C:\WINDOWS 16:25:56.0390 2900 Processor architecture: Intel x86 16:25:56.0390 2900 Number of processors: 2 16:25:56.0390 2900 Page size: 0x1000 16:25:56.0390 2900 Boot type: Normal boot 16:25:56.0390 2900 ============================================================ 16:25:57.0046 2900 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:25:57.0046 2900 ============================================================ 16:25:57.0046 2900 \Device\Harddisk0\DR0: 16:25:57.0046 2900 MBR partitions: 16:25:57.0046 2900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129D9EB1 16:25:57.0046 2900 ============================================================ 16:25:57.0093 2900 C: <-> \Device\Harddisk0\DR0\Partition1 16:25:57.0093 2900 ============================================================ 16:25:57.0093 2900 Initialize success 16:25:57.0093 2900 ============================================================ 16:27:57.0671 0392 ============================================================ 16:27:57.0671 0392 Scan started 16:27:57.0671 0392 Mode: Manual; SigCheck; TDLFS; 16:27:57.0671 0392 ============================================================ 16:27:58.0062 0392 ================ Scan system memory ======================== 16:27:58.0203 0392 System memory - ok 16:27:58.0203 0392 ================ Scan services ============================= 16:27:58.0359 0392 Abiosdsk - ok 16:27:58.0375 0392 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 16:27:59.0593 0392 abp480n5 - ok 16:27:59.0625 0392 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:27:59.0750 0392 ACPI - ok 16:27:59.0765 0392 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 16:27:59.0859 0392 ACPIEC - ok 16:27:59.0906 0392 [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys 16:27:59.0968 0392 ADIHdAudAddService - ok 16:28:00.0062 0392 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:28:00.0125 0392 AdobeFlashPlayerUpdateSvc - ok 16:28:00.0156 0392 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys 16:28:00.0265 0392 adpu160m - ok 16:28:00.0343 0392 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 16:28:00.0437 0392 aec - ok 16:28:00.0468 0392 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 16:28:00.0531 0392 AFD - ok 16:28:00.0562 0392 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys 16:28:00.0656 0392 agp440 - ok 16:28:00.0656 0392 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 16:28:00.0734 0392 agpCPQ - ok 16:28:00.0734 0392 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys 16:28:00.0796 0392 Aha154x - ok 16:28:00.0796 0392 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys 16:28:00.0906 0392 aic78u2 - ok 16:28:00.0906 0392 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys 16:28:01.0015 0392 aic78xx - ok 16:28:01.0031 0392 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 16:28:01.0125 0392 Alerter - ok 16:28:01.0156 0392 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 16:28:01.0203 0392 ALG - ok 16:28:01.0234 0392 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys 16:28:01.0312 0392 AliIde - ok 16:28:01.0328 0392 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys 16:28:01.0421 0392 alim1541 - ok 16:28:01.0437 0392 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys 16:28:01.0515 0392 amdagp - ok 16:28:01.0531 0392 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys 16:28:01.0609 0392 amsint - ok 16:28:01.0625 0392 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 16:28:01.0703 0392 AppMgmt - ok 16:28:01.0703 0392 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys 16:28:01.0796 0392 asc - ok 16:28:01.0828 0392 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys 16:28:01.0890 0392 asc3350p - ok 16:28:01.0890 0392 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys 16:28:01.0968 0392 asc3550 - ok 16:28:02.0031 0392 ASFIPmon - ok 16:28:02.0093 0392 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 16:28:02.0140 0392 aspnet_state - ok 16:28:02.0156 0392 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:28:02.0250 0392 AsyncMac - ok 16:28:02.0281 0392 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 16:28:02.0375 0392 atapi - ok 16:28:02.0375 0392 Atdisk - ok 16:28:02.0375 0392 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:28:02.0468 0392 Atmarpc - ok 16:28:02.0515 0392 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 16:28:02.0609 0392 AudioSrv - ok 16:28:02.0656 0392 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 16:28:02.0734 0392 audstub - ok 16:28:02.0781 0392 [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys 16:28:02.0828 0392 b57w2k - ok 16:28:02.0843 0392 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Programme\Broadcom\ASFIPMon\BASFND.sys 16:28:02.0890 0392 BASFND ( UnsignedFile.Multi.Generic ) - warning 16:28:02.0890 0392 BASFND - detected UnsignedFile.Multi.Generic (1) 16:28:02.0906 0392 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 16:28:03.0031 0392 Beep - ok 16:28:03.0093 0392 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 16:28:03.0203 0392 BITS - ok 16:28:03.0250 0392 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 16:28:03.0312 0392 Browser - ok 16:28:03.0343 0392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 16:28:03.0421 0392 cbidf - ok 16:28:03.0421 0392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 16:28:03.0484 0392 cbidf2k - ok 16:28:03.0500 0392 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 16:28:03.0562 0392 cd20xrnt - ok 16:28:03.0593 0392 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 16:28:03.0687 0392 Cdaudio - ok 16:28:03.0718 0392 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 16:28:03.0781 0392 Cdfs - ok 16:28:03.0812 0392 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:28:03.0890 0392 Cdrom - ok 16:28:03.0890 0392 Changer - ok 16:28:03.0921 0392 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 16:28:04.0015 0392 CiSvc - ok 16:28:04.0031 0392 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 16:28:04.0109 0392 ClipSrv - ok 16:28:04.0156 0392 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:28:04.0218 0392 clr_optimization_v2.0.50727_32 - ok 16:28:04.0250 0392 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys 16:28:04.0328 0392 CmdIde - ok 16:28:04.0328 0392 COMSysApp - ok 16:28:04.0343 0392 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys 16:28:04.0437 0392 Cpqarray - ok 16:28:04.0484 0392 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 16:28:04.0593 0392 CryptSvc - ok 16:28:04.0593 0392 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 16:28:04.0687 0392 dac2w2k - ok 16:28:04.0703 0392 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys 16:28:04.0796 0392 dac960nt - ok 16:28:04.0843 0392 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 16:28:04.0890 0392 DcomLaunch - ok 16:28:04.0921 0392 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 16:28:04.0984 0392 Dhcp - ok 16:28:05.0031 0392 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 16:28:05.0093 0392 Disk - ok 16:28:05.0125 0392 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 16:28:05.0156 0392 DLABMFSM - ok 16:28:05.0156 0392 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 16:28:05.0171 0392 DLABOIOM - ok 16:28:05.0171 0392 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 16:28:05.0187 0392 DLACDBHM - ok 16:28:05.0187 0392 [ F8B70D38845C4694B28ADC4768676FD0 ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS 16:28:05.0218 0392 DLADResM - ok 16:28:05.0218 0392 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 16:28:05.0250 0392 DLAIFS_M - ok 16:28:05.0250 0392 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 16:28:05.0281 0392 DLAOPIOM - ok 16:28:05.0312 0392 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 16:28:05.0328 0392 DLAPoolM - ok 16:28:05.0343 0392 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 16:28:05.0359 0392 DLARTL_M - ok 16:28:05.0359 0392 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 16:28:05.0390 0392 DLAUDFAM - ok 16:28:05.0390 0392 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 16:28:05.0421 0392 DLAUDF_M - ok 16:28:05.0421 0392 dmadmin - ok 16:28:05.0468 0392 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 16:28:05.0593 0392 dmboot - ok 16:28:05.0593 0392 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 16:28:05.0703 0392 dmio - ok 16:28:05.0718 0392 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 16:28:05.0796 0392 dmload - ok 16:28:05.0828 0392 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 16:28:05.0937 0392 dmserver - ok 16:28:05.0968 0392 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 16:28:06.0078 0392 DMusic - ok 16:28:06.0125 0392 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 16:28:06.0203 0392 Dnscache - ok 16:28:06.0218 0392 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 16:28:06.0312 0392 Dot3svc - ok 16:28:06.0328 0392 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys 16:28:06.0421 0392 dpti2o - ok 16:28:06.0453 0392 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 16:28:06.0531 0392 drmkaud - ok 16:28:06.0578 0392 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 16:28:06.0593 0392 DRVMCDB - ok 16:28:06.0609 0392 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 16:28:06.0640 0392 DRVNDDM - ok 16:28:06.0671 0392 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 16:28:06.0765 0392 EapHost - ok 16:28:06.0796 0392 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 16:28:06.0875 0392 ERSvc - ok 16:28:06.0906 0392 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 16:28:06.0968 0392 Eventlog - ok 16:28:07.0015 0392 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 16:28:07.0062 0392 EventSystem - ok 16:28:07.0078 0392 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 16:28:07.0156 0392 Fastfat - ok 16:28:07.0203 0392 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 16:28:07.0265 0392 FastUserSwitchingCompatibility - ok 16:28:07.0296 0392 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe 16:28:07.0406 0392 Fax - ok 16:28:07.0453 0392 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 16:28:07.0531 0392 Fdc - ok 16:28:07.0546 0392 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 16:28:07.0625 0392 Fips - ok 16:28:07.0734 0392 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:28:07.0828 0392 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 16:28:07.0828 0392 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 16:28:07.0875 0392 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 16:28:07.0984 0392 Flpydisk - ok 16:28:08.0015 0392 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 16:28:08.0093 0392 FltMgr - ok 16:28:08.0187 0392 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 16:28:08.0234 0392 FontCache3.0.0.0 - ok 16:28:08.0265 0392 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:28:08.0375 0392 Fs_Rec - ok 16:28:08.0421 0392 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:28:08.0531 0392 Ftdisk - ok 16:28:08.0562 0392 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:28:08.0671 0392 Gpc - ok 16:28:08.0703 0392 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 16:28:08.0796 0392 HDAudBus - ok 16:28:08.0890 0392 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 16:28:08.0984 0392 helpsvc - ok 16:28:09.0031 0392 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 16:28:09.0109 0392 HidServ - ok 16:28:09.0125 0392 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:28:09.0234 0392 hidusb - ok 16:28:09.0250 0392 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 16:28:09.0328 0392 hkmsvc - ok 16:28:09.0359 0392 [ 299683D4C8AAA3F6F5D5D226A1782A6E ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys 16:28:09.0375 0392 HPFXBULK - ok 16:28:09.0390 0392 [ F728DB73A87231E27B6BA34D71CE2EDB ] HPFXFAX C:\WINDOWS\system32\drivers\hpfxfax.sys 16:28:09.0406 0392 HPFXFAX - ok 16:28:09.0437 0392 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys 16:28:09.0515 0392 hpn - ok 16:28:09.0640 0392 [ A0FA5AC8B360780524D7A68376BAF4E0 ] hpqcxs08 C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll 16:28:09.0687 0392 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 16:28:09.0687 0392 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 16:28:09.0734 0392 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll 16:28:09.0765 0392 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 16:28:09.0765 0392 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 16:28:09.0812 0392 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 16:28:09.0859 0392 HTTP - ok 16:28:09.0890 0392 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 16:28:09.0984 0392 HTTPFilter - ok 16:28:10.0000 0392 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys 16:28:10.0078 0392 i2omgmt - ok 16:28:10.0109 0392 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys 16:28:10.0203 0392 i2omp - ok 16:28:10.0250 0392 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:28:10.0343 0392 i8042prt - ok 16:28:10.0437 0392 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe 16:28:10.0484 0392 IAANTMON - ok 16:28:10.0531 0392 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys 16:28:10.0546 0392 iaStor - ok 16:28:10.0625 0392 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:28:10.0734 0392 idsvc - ok 16:28:10.0765 0392 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 16:28:10.0875 0392 Imapi - ok 16:28:10.0906 0392 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 16:28:11.0000 0392 ImapiService - ok 16:28:11.0015 0392 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys 16:28:11.0125 0392 ini910u - ok 16:28:11.0140 0392 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 16:28:11.0234 0392 IntelIde - ok 16:28:11.0265 0392 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 16:28:11.0343 0392 intelppm - ok 16:28:11.0375 0392 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 16:28:11.0453 0392 Ip6Fw - ok 16:28:11.0468 0392 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:28:11.0578 0392 IpFilterDriver - ok 16:28:11.0578 0392 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:28:11.0656 0392 IpInIp - ok 16:28:11.0687 0392 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:28:11.0796 0392 IpNat - ok 16:28:11.0843 0392 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:28:11.0921 0392 IPSec - ok 16:28:11.0937 0392 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 16:28:11.0984 0392 IRENUM - ok 16:28:12.0000 0392 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:28:12.0109 0392 isapnp - ok 16:28:12.0250 0392 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 16:28:12.0312 0392 JavaQuickStarterService - ok 16:28:12.0359 0392 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:28:12.0468 0392 Kbdclass - ok 16:28:12.0515 0392 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:28:12.0593 0392 kbdhid - ok 16:28:12.0609 0392 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 16:28:12.0703 0392 kmixer - ok 16:28:12.0734 0392 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 16:28:12.0812 0392 KSecDD - ok 16:28:12.0859 0392 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 16:28:12.0921 0392 LanmanServer - ok 16:28:12.0968 0392 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 16:28:13.0031 0392 lanmanworkstation - ok 16:28:13.0031 0392 lbrtfdc - ok 16:28:13.0062 0392 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys 16:28:13.0093 0392 LGBusEnum - ok 16:28:13.0109 0392 [ 8BC8FC5A6E1F818FD63C67218289C9ED ] LGSHidFilt C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys 16:28:13.0125 0392 LGSHidFilt - ok 16:28:13.0187 0392 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys 16:28:13.0203 0392 LGVirHid - ok 16:28:13.0250 0392 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 16:28:13.0359 0392 LmHosts - ok 16:28:13.0437 0392 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE 16:28:13.0531 0392 MDM - ok 16:28:13.0562 0392 [ B7550A7107281D170CE85524B1488C98 ] Mes***er C:\WINDOWS\System32\msgsvc.dll 16:28:13.0656 0392 Mes***er - ok 16:28:13.0687 0392 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 16:28:13.0781 0392 mnmdd - ok 16:28:13.0796 0392 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 16:28:13.0890 0392 mnmsrvc - ok 16:28:13.0890 0392 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 16:28:13.0984 0392 Modem - ok 16:28:14.0015 0392 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:28:14.0093 0392 Mouclass - ok 16:28:14.0125 0392 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:28:14.0218 0392 mouhid - ok 16:28:14.0265 0392 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 16:28:14.0343 0392 MountMgr - ok 16:28:14.0437 0392 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 16:28:14.0468 0392 MozillaMaintenance - ok 16:28:14.0500 0392 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys 16:28:14.0609 0392 mraid35x - ok 16:28:14.0625 0392 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:28:14.0718 0392 MRxDAV - ok 16:28:14.0765 0392 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:28:14.0843 0392 MRxSmb - ok 16:28:14.0875 0392 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 16:28:14.0984 0392 MSDTC - ok 16:28:14.0984 0392 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 16:28:15.0062 0392 Msfs - ok 16:28:15.0062 0392 MSIServer - ok 16:28:15.0093 0392 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:28:15.0187 0392 MSKSSRV - ok 16:28:15.0203 0392 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:28:15.0281 0392 MSPCLOCK - ok 16:28:15.0281 0392 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 16:28:15.0375 0392 MSPQM - ok 16:28:15.0390 0392 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:28:15.0468 0392 mssmbios - ok 16:28:15.0531 0392 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 16:28:15.0562 0392 Mup - ok 16:28:15.0640 0392 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 16:28:15.0734 0392 napagent - ok 16:28:15.0781 0392 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 16:28:15.0875 0392 NDIS - ok 16:28:15.0906 0392 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:28:15.0937 0392 NdisTapi - ok 16:28:15.0953 0392 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:28:16.0031 0392 Ndisuio - ok 16:28:16.0046 0392 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:28:16.0140 0392 NdisWan - ok 16:28:16.0187 0392 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 16:28:16.0218 0392 NDProxy - ok 16:28:16.0265 0392 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll 16:28:16.0296 0392 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 16:28:16.0296 0392 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 16:28:16.0343 0392 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 16:28:16.0421 0392 NetBIOS - ok 16:28:16.0453 0392 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 16:28:16.0562 0392 NetBT - ok 16:28:16.0578 0392 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 16:28:16.0687 0392 NetDDE - ok 16:28:16.0687 0392 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 16:28:16.0750 0392 NetDDEdsdm - ok 16:28:16.0781 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 16:28:16.0890 0392 Netlogon - ok 16:28:16.0937 0392 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 16:28:17.0015 0392 Netman - ok 16:28:17.0031 0392 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:28:17.0125 0392 NetTcpPortSharing - ok 16:28:17.0171 0392 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 16:28:17.0203 0392 Nla - ok 16:28:17.0250 0392 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 16:28:17.0328 0392 Npfs - ok 16:28:17.0359 0392 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 16:28:17.0484 0392 Ntfs - ok 16:28:17.0500 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 16:28:17.0562 0392 NtLmSsp - ok 16:28:17.0609 0392 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 16:28:17.0703 0392 NtmsSvc - ok 16:28:17.0734 0392 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 16:28:17.0812 0392 Null - ok 16:28:18.0031 0392 [ B7EF2303B118B0994B37B6ABDEFB2B99 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:28:18.0375 0392 nv - ok 16:28:18.0406 0392 [ B9C89204C262A50FD35E9F56A24C36D9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 16:28:18.0609 0392 NVSvc - ok 16:28:18.0640 0392 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:28:18.0734 0392 NwlnkFlt - ok 16:28:18.0734 0392 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:28:18.0828 0392 NwlnkFwd - ok 16:28:18.0859 0392 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 16:28:18.0890 0392 ose - ok 16:28:18.0937 0392 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 16:28:19.0046 0392 Parport - ok 16:28:19.0078 0392 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 16:28:19.0156 0392 PartMgr - ok 16:28:19.0171 0392 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 16:28:19.0265 0392 ParVdm - ok 16:28:19.0296 0392 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 16:28:19.0390 0392 PCI - ok 16:28:19.0390 0392 PCIDump - ok 16:28:19.0406 0392 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 16:28:19.0515 0392 PCIIde - ok 16:28:19.0562 0392 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 16:28:19.0640 0392 Pcmcia - ok 16:28:19.0640 0392 PDCOMP - ok 16:28:19.0656 0392 PDFRAME - ok 16:28:19.0656 0392 PDRELI - ok 16:28:19.0656 0392 PDRFRAME - ok 16:28:19.0687 0392 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys 16:28:19.0781 0392 perc2 - ok 16:28:19.0781 0392 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys 16:28:19.0859 0392 perc2hib - ok 16:28:19.0890 0392 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 16:28:19.0921 0392 PlugPlay - ok 16:28:19.0953 0392 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll 16:28:19.0984 0392 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 16:28:19.0984 0392 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 16:28:20.0015 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 16:28:20.0078 0392 PolicyAgent - ok 16:28:20.0140 0392 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:28:20.0234 0392 PptpMiniport - ok 16:28:20.0265 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 16:28:20.0328 0392 ProtectedStorage - ok 16:28:20.0328 0392 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 16:28:20.0437 0392 PSched - ok 16:28:20.0468 0392 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:28:20.0562 0392 Ptilink - ok 16:28:20.0609 0392 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:28:20.0640 0392 PxHelp20 - ok 16:28:20.0671 0392 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys 16:28:20.0750 0392 ql1080 - ok 16:28:20.0765 0392 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 16:28:20.0859 0392 Ql10wnt - ok 16:28:20.0875 0392 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys 16:28:20.0968 0392 ql12160 - ok 16:28:20.0984 0392 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys 16:28:21.0078 0392 ql1240 - ok 16:28:21.0109 0392 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys 16:28:21.0187 0392 ql1280 - ok 16:28:21.0218 0392 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:28:21.0312 0392 RasAcd - ok 16:28:21.0343 0392 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 16:28:21.0421 0392 RasAuto - ok 16:28:21.0453 0392 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:28:21.0562 0392 Rasl2tp - ok 16:28:21.0593 0392 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 16:28:21.0687 0392 RasMan - ok 16:28:21.0703 0392 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:28:21.0812 0392 RasPppoe - ok 16:28:21.0812 0392 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 16:28:21.0921 0392 Raspti - ok 16:28:21.0953 0392 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:28:22.0046 0392 Rdbss - ok 16:28:22.0046 0392 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:28:22.0156 0392 RDPCDD - ok 16:28:22.0187 0392 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 16:28:22.0281 0392 rdpdr - ok 16:28:22.0312 0392 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 16:28:22.0390 0392 RDPWD - ok 16:28:22.0421 0392 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 16:28:22.0515 0392 RDSessMgr - ok 16:28:22.0546 0392 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 16:28:22.0640 0392 redbook - ok 16:28:22.0656 0392 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 16:28:22.0750 0392 RemoteAccess - ok 16:28:22.0781 0392 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 16:28:22.0875 0392 RemoteRegistry - ok 16:28:22.0890 0392 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 16:28:22.0984 0392 RpcLocator - ok 16:28:23.0031 0392 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 16:28:23.0062 0392 RpcSs - ok 16:28:23.0078 0392 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 16:28:23.0203 0392 RSVP - ok 16:28:23.0218 0392 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 16:28:23.0296 0392 SamSs - ok 16:28:23.0484 0392 [ 26A05F8833938BD989199E8681B53B86 ] SAVAdminService C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe 16:28:23.0531 0392 SAVAdminService - ok 16:28:23.0562 0392 [ 8BCF84AEC77AEB4567116502D105162F ] SAVOnAccessControl C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys 16:28:23.0625 0392 SAVOnAccessControl - ok 16:28:23.0625 0392 [ 8DFE54F1965C3B49C599CBB186C1EE8F ] SAVOnAccessFilter C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys 16:28:23.0671 0392 SAVOnAccessFilter - ok 16:28:23.0718 0392 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe 16:28:23.0750 0392 SAVService - ok 16:28:23.0781 0392 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 16:28:23.0875 0392 SCardSvr - ok 16:28:23.0921 0392 [ 8FE383C8003234563F18569EE40E004F ] scfdriver C:\WINDOWS\system32\Drivers\scfdriver.sys 16:28:24.0156 0392 scfdriver - ok 16:28:24.0218 0392 [ 1431E8DBD7F30D21CE4A5531543C6015 ] scfndis C:\WINDOWS\system32\DRIVERS\scfndis.sys 16:28:24.0328 0392 scfndis - ok 16:28:24.0375 0392 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 16:28:24.0484 0392 Schedule - ok 16:28:24.0515 0392 [ 4F21774E1259A546B992D9EAACDFD778 ] sdcfilter C:\WINDOWS\system32\DRIVERS\sdcfilter.sys 16:28:24.0546 0392 sdcfilter - ok 16:28:24.0640 0392 [ 58DC20EB15F071804C56FCCC796417A2 ] SeaPort C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 16:28:24.0671 0392 SeaPort - ok 16:28:24.0718 0392 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:28:24.0750 0392 Secdrv - ok 16:28:24.0796 0392 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 16:28:24.0890 0392 seclogon - ok 16:28:24.0937 0392 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys 16:28:24.0984 0392 SenFiltService - ok 16:28:25.0031 0392 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 16:28:25.0125 0392 SENS - ok 16:28:25.0171 0392 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 16:28:25.0250 0392 Serenum - ok 16:28:25.0265 0392 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 16:28:25.0359 0392 Serial - ok 16:28:25.0390 0392 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 16:28:25.0468 0392 Sfloppy - ok 16:28:25.0515 0392 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 16:28:25.0593 0392 SharedAccess - ok 16:28:25.0625 0392 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 16:28:25.0640 0392 ShellHWDetection - ok 16:28:25.0640 0392 Simbad - ok 16:28:25.0656 0392 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys 16:28:25.0750 0392 sisagp - ok 16:28:25.0796 0392 [ E407A8EEA2FD4BF560C05C0EBF1793B3 ] SKMScan C:\WINDOWS\system32\DRIVERS\skmscan.sys 16:28:25.0812 0392 SKMScan - ok 16:28:25.0890 0392 [ 3068CF091B4334B998380E9C877F5549 ] Sophos Agent C:\Programme\Sophos\Remote Management System\ManagementAgentNT.exe 16:28:25.0953 0392 Sophos Agent - ok 16:28:26.0000 0392 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Programme\Sophos\AutoUpdate\ALsvc.exe 16:28:26.0031 0392 Sophos AutoUpdate Service - ok 16:28:26.0109 0392 [ A0CA043F435BC603BCFD543D9B9A755C ] Sophos Client Firewall C:\Programme\Sophos\Sophos Client Firewall\SCFService.exe 16:28:26.0156 0392 Sophos Client Firewall - ok 16:28:26.0171 0392 [ FBCB7769AD007618049FBCA8F96CDB51 ] Sophos Client Firewall Manager C:\Programme\Sophos\Sophos Client Firewall\SCFManager.exe 16:28:26.0187 0392 Sophos Client Firewall Manager - ok 16:28:26.0281 0392 [ 1C3D8A4B93A97E3C46B3D01F6F321DC4 ] Sophos Message Router C:\Programme\Sophos\Remote Management System\RouterNT.exe 16:28:26.0343 0392 Sophos Message Router - ok 16:28:26.0484 0392 [ 8289F6F547C28D41EA974D834AD7465A ] Sophos Patch Agent C:\Programme\Sophos\Sophos Patch Agent\spa.exe 16:28:26.0578 0392 Sophos Patch Agent - ok 16:28:26.0640 0392 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe 16:28:26.0656 0392 Sophos Web Control Service - ok 16:28:26.0687 0392 [ 3BDF94E0827D13E44249A646F6C0EB7C ] SophosBootDriver C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys 16:28:26.0734 0392 SophosBootDriver - ok 16:28:26.0750 0392 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys 16:28:26.0812 0392 Sparrow - ok 16:28:26.0859 0392 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 16:28:26.0953 0392 splitter - ok 16:28:26.0984 0392 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 16:28:27.0062 0392 Spooler - ok 16:28:27.0109 0392 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 16:28:27.0187 0392 sr - ok 16:28:27.0234 0392 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 16:28:27.0281 0392 srservice - ok 16:28:27.0343 0392 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 16:28:27.0375 0392 Srv - ok 16:28:27.0421 0392 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 16:28:27.0500 0392 SSDPSRV - ok 16:28:27.0546 0392 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 16:28:27.0625 0392 stisvc - ok 16:28:27.0656 0392 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe 16:28:27.0703 0392 stllssvr ( UnsignedFile.Multi.Generic ) - warning 16:28:27.0703 0392 stllssvr - detected UnsignedFile.Multi.Generic (1) 16:28:27.0734 0392 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 16:28:27.0828 0392 swenum - ok 16:28:28.0031 0392 [ B3379659D773BFDD3B631F5FEE2FF2B3 ] swi_service C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 16:28:28.0109 0392 swi_service - ok 16:28:28.0375 0392 [ BD8684D96EB9436EB145A6E03D693A45 ] swi_update C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_update.exe 16:28:28.0437 0392 swi_update - ok 16:28:28.0468 0392 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 16:28:28.0562 0392 swmidi - ok 16:28:28.0562 0392 SwPrv - ok 16:28:28.0578 0392 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys 16:28:28.0671 0392 symc810 - ok 16:28:28.0687 0392 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys 16:28:28.0765 0392 symc8xx - ok 16:28:28.0765 0392 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys 16:28:28.0875 0392 sym_hi - ok 16:28:28.0875 0392 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys 16:28:28.0953 0392 sym_u3 - ok 16:28:28.0984 0392 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 16:28:29.0078 0392 sysaudio - ok 16:28:29.0109 0392 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 16:28:29.0187 0392 SysmonLog - ok 16:28:29.0234 0392 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 16:28:29.0343 0392 TapiSrv - ok 16:28:29.0390 0392 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:28:29.0437 0392 Tcpip - ok 16:28:29.0468 0392 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 16:28:29.0546 0392 TDPIPE - ok 16:28:29.0546 0392 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 16:28:29.0640 0392 TDTCP - ok 16:28:29.0671 0392 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 16:28:29.0734 0392 TermDD - ok 16:28:29.0843 0392 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 16:28:29.0953 0392 TermService - ok 16:28:29.0984 0392 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 16:28:30.0000 0392 Themes - ok 16:28:30.0015 0392 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 16:28:30.0125 0392 TlntSvr - ok 16:28:30.0140 0392 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys 16:28:30.0218 0392 TosIde - ok 16:28:30.0265 0392 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 16:28:30.0359 0392 TrkWks - ok 16:28:30.0375 0392 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 16:28:30.0468 0392 Udfs - ok 16:28:30.0500 0392 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys 16:28:30.0578 0392 ultra - ok 16:28:30.0640 0392 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 16:28:30.0734 0392 Update - ok 16:28:30.0781 0392 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 16:28:30.0859 0392 upnphost - ok 16:28:30.0875 0392 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 16:28:30.0953 0392 UPS - ok 16:28:30.0984 0392 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:28:31.0093 0392 usbccgp - ok 16:28:31.0109 0392 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:28:31.0187 0392 usbehci - ok 16:28:31.0234 0392 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:28:31.0328 0392 usbhub - ok 16:28:31.0375 0392 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:28:31.0484 0392 usbprint - ok 16:28:31.0515 0392 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:28:31.0640 0392 usbscan - ok 16:28:31.0671 0392 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:28:31.0750 0392 USBSTOR - ok 16:28:31.0796 0392 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 16:28:31.0859 0392 usbuhci - ok 16:28:31.0906 0392 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 16:28:31.0984 0392 VgaSave - ok 16:28:32.0015 0392 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys 16:28:32.0093 0392 viaagp - ok 16:28:32.0109 0392 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 16:28:32.0203 0392 ViaIde - ok 16:28:32.0218 0392 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 16:28:32.0296 0392 VolSnap - ok 16:28:32.0328 0392 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 16:28:32.0390 0392 VSS - ok 16:28:32.0421 0392 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll 16:28:32.0531 0392 w32time - ok 16:28:32.0578 0392 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:28:32.0687 0392 Wanarp - ok 16:28:32.0734 0392 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 16:28:32.0765 0392 Wdf01000 - ok 16:28:32.0765 0392 WDICA - ok 16:28:32.0812 0392 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 16:28:32.0906 0392 wdmaud - ok 16:28:32.0937 0392 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 16:28:33.0031 0392 WebClient - ok 16:28:33.0125 0392 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 16:28:33.0203 0392 winmgmt - ok 16:28:33.0234 0392 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 16:28:33.0296 0392 WmdmPmSN - ok 16:28:33.0343 0392 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 16:28:33.0390 0392 Wmi - ok 16:28:33.0453 0392 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 16:28:33.0546 0392 WmiApSrv - ok 16:28:33.0625 0392 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 16:28:33.0687 0392 WMPNetworkSvc - ok 16:28:33.0750 0392 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 16:28:33.0843 0392 wscsvc - ok 16:28:33.0859 0392 WSearch - ok 16:28:33.0875 0392 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 16:28:33.0953 0392 wuauserv - ok 16:28:34.0000 0392 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:28:34.0046 0392 WudfPf - ok 16:28:34.0062 0392 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:28:34.0109 0392 WudfRd - ok 16:28:34.0125 0392 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 16:28:34.0156 0392 WudfSvc - ok 16:28:34.0218 0392 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 16:28:34.0312 0392 WZCSVC - ok 16:28:34.0328 0392 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 16:28:34.0421 0392 xmlprov - ok 16:28:34.0421 0392 ================ Scan global =============================== 16:28:34.0468 0392 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 16:28:34.0531 0392 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 16:28:34.0546 0392 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 16:28:34.0562 0392 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 16:28:34.0562 0392 [Global] - ok 16:28:34.0562 0392 ================ Scan MBR ================================== 16:28:34.0578 0392 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 16:28:34.0859 0392 \Device\Harddisk0\DR0 - ok 16:28:34.0859 0392 ================ Scan VBR ================================== 16:28:34.0859 0392 [ 150F041585BC4474C93274CF9199048F ] \Device\Harddisk0\DR0\Partition1 16:28:34.0859 0392 \Device\Harddisk0\DR0\Partition1 - ok 16:28:34.0859 0392 ============================================================ 16:28:34.0859 0392 Scan finished 16:28:34.0859 0392 ============================================================ 16:28:34.0984 0968 Detected object count: 7 16:28:34.0984 0968 Actual detected object count: 7 16:33:21.0625 0968 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user 16:33:21.0625 0968 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:33:21.0625 0968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 16:33:21.0625 0968 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:33:21.0625 0968 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 16:33:21.0625 0968 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:33:21.0625 0968 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 16:33:21.0625 0968 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:33:21.0640 0968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 16:33:21.0640 0968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:33:21.0640 0968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 16:33:21.0640 0968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:33:21.0640 0968 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 16:33:21.0640 0968 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:36:03.0375 3604 Deinitialize success |
|
09.01.2013, 17:01
| #12 | |
| /// Malware-holic | Virus öffnet selbständig Tabs Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:04
| #13 |
| | Virus öffnet selbständig Tabs Ich habe bei der Anti-Malware nix zum deaktivieren gefunden. Soll ichs doch entfernen? Geändert von JJGrabowski (09.01.2013 um 17:20 Uhr) |
|
09.01.2013, 17:30
| #14 |
| /// Malware-holic | Virus öffnet selbständig Tabs Kannst du. wenn du Malwarebytes meinst
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:57
| #15 |
| | Virus öffnet selbständig Tabs Wieder was zu lesen: ;-) Combofix Logfile: Code:
ATTFilter ComboFix 13-01-08.01 - *** 09.01.2013 17:44:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3326.2328 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: Sophos Client Firewall *Disabled* {0786E95E-326A-4524-9691-41EF88FB52EA}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-09 bis 2013-01-09 ))))))))))))))))))))))))))))))
.
.
2013-01-08 19:55 . 2013-01-08 19:55 -------- d-----w- C:\_OTL
2013-01-08 17:08 . 2013-01-08 17:08 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2013-01-08 17:07 . 2013-01-08 17:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-01-08 17:07 . 2013-01-08 17:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2013-01-08 17:07 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-25 09:45 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 19:50 . 2012-04-12 01:01 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 19:50 . 2011-05-18 03:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:56 . 2008-04-25 09:46 1875584 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2008-04-25 09:45 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-25 09:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-25 09:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-25 09:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-25 09:45 385024 ----a-w- c:\windows\system32\html.iec
2011-12-04 16:09 . 2011-12-04 16:09 455 ----a-w- c:\programme\WLan1importieren.bin
2011-11-29 23:28 . 2011-11-29 23:26 53141720 ----a-w- c:\programme\lgs812.exe
2011-07-24 11:42 . 2011-07-24 11:42 4236872 ----a-w- c:\programme\veetle-0.9.18.exe
2010-10-31 15:40 . 2010-10-31 15:40 939956 ----a-w- c:\programme\7z465.exe
2010-07-26 15:20 . 2010-07-26 15:20 18965012 ----a-w- c:\programme\f4-v31.exe
2012-12-18 18:07 . 2012-12-18 18:07 262112 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-11-29 1036288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-28 13578240]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"ToolBoxFX"="c:\programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-01-10 53248]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HPUsageTracking"="c:\programme\HP\HP UT\bin\hppusg.exe" [2007-08-31 36864]
"Sophos AutoUpdate Monitor"="c:\programme\Sophos\AutoUpdate\almon.exe" [2013-01-07 900160]
"Launch LCore"="c:\programme\Logitech Gaming Software\LCore.exe" [2011-09-29 101144]
"SweetIM"="c:\programme\SweetIM\Mes***er\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Mes***er\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\HP\\hp laserjet m1522\\Fax Config utility1.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Programme\\HP\\hp laserjet m1522\\hppfaxnc1.exe"=
"c:\\Programme\\Windows Live\\Mes***er\\msnmsgr.exe"=
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [18.06.2009 16:14 155392]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [18.06.2009 16:14 24832]
R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [18.06.2009 16:15 88608]
R1 scfndis;Sophos Client Firewall NDIS packet filter;c:\windows\system32\drivers\scfndis.sys [15.08.2011 14:39 57888]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [15.08.2011 14:38 31736]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\programme\Broadcom\ASFIPMon\AsfIpMon.exe -service --> c:\programme\Broadcom\ASFIPMon\AsfIpMon.exe -service [?]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [07.01.2013 20:04 216640]
R2 SAVService;Sophos Anti-Virus;c:\programme\Sophos\Sophos Anti-Virus\SavService.exe [05.07.2012 19:27 139840]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\programme\Sophos\Sophos Client Firewall\SCFManager.exe [27.12.2011 17:59 150552]
R2 Sophos Client Firewall;Sophos Client Firewall;c:\programme\Sophos\Sophos Client Firewall\SCFService.exe [27.12.2011 17:59 89112]
R2 Sophos Patch Agent;Sophos Patch Agent;c:\programme\Sophos\Sophos Patch Agent\spa.exe [01.06.2012 12:09 2267672]
R2 Sophos Web Control Service;Sophos Web Control Service;c:\programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [09.05.2012 16:33 357400]
R2 swi_service;Sophos Web Intelligence Service;c:\programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [07.01.2013 20:04 2869824]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [30.11.2011 00:30 19720]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\drivers\LGSHidFilt.Sys [30.11.2011 00:30 41880]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [30.11.2011 00:30 14856]
S2 swi_update;Sophos Web Intelligence Update;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_update.exe [27.12.2011 18:02 1459264]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [15.05.2010 17:20 20504]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [15.08.2011 14:38 33696]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [18.06.2009 16:14 14976]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SWI_UPDATE
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:50]
.
2013-01-09 c:\windows\Tasks\User_Feed_Synchronization-{FF694951-5FD3-44D4-9D17-CA47BA4669FA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=17162&mntrId=98b43c120000000000000022193403fa
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\lwf5om5t.default\
FF - prefs.js: browser.search.selectedEngine - FileConverter 1.3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.pfycadler.de/pfycdata/sge/sgeframedarkdyn.html?xxx
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&CUI=SB_CUI&q=
FF - prefs.js: network.proxy.ftp - 95.172.68.150
FF - prefs.js: network.proxy.ftp_port - 443
FF - prefs.js: network.proxy.http - 95.172.68.150
FF - prefs.js: network.proxy.http_port - 443
FF - prefs.js: network.proxy.socks - 95.172.68.150
FF - prefs.js: network.proxy.socks_port - 443
FF - prefs.js: network.proxy.ssl - 95.172.68.150
FF - prefs.js: network.proxy.ssl_port - 443
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-11-08 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxps://olat.vcrp.de
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-09 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\programme\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2684)
c:\programme\SweetIM\Mes***er\mgAdaptersProxy.dll
c:\programme\Windows Desktop Search\deskbar.dll
c:\programme\Windows Desktop Search\de-de\dbres.dll.mui
c:\programme\Windows Desktop Search\dbres.dll
c:\programme\Windows Desktop Search\wordwheel.dll
c:\programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui
c:\programme\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Roxio\Drag-to-Disc\Shellex.dll
c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\programme\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Broadcom\ASFIPMon\AsfIpMon.exe
c:\programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programme\Sophos\Remote Management System\ManagementAgentNT.exe
c:\programme\Sophos\AutoUpdate\ALsvc.exe
c:\programme\Sophos\Remote Management System\RouterNT.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-09 17:53:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-09 16:53
.
Vor Suchlauf: 14 Verzeichnis(se), 122.197.352.448 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 122.175.979.520 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AEA05C3A894C8239778C344C49DC8759
|
|
| Themen zu Virus öffnet selbständig Tabs |
| administrator, anti-malware, autostart, browser, clean, dateien, explorer, fehler, festgestellt, folge, forum, frage, gelöscht, icreinstall, install.exe, problem, seite, selbständig, service pack 3, sophos, speicher, surfen, tab, temp, updates, virus, öffnet |
Hybrid-Darstellung
