| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner beim Systemscan gefunden: TR/Rogue.8553036Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.01.2013, 23:02
| #1 |
 |  Trojaner beim Systemscan gefunden: TR/Rogue.8553036 Hallo ich habe heute mit Avira Free Antivirus mein System durchsuchen lassen (wird jede woche automatisch einmal gemacht mit Systemscanner). Dabei wurde mir diese Meldung angezeigt: System Scanner: Malware gefunden: Die Datei 'D:\System Volume Information\_restore{33A339A4-6F17-44DA-9265-EDCCA800F6B7}\RP400\A0056496.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.8553036' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5253bbf8.qua' verschoben! Ich bin nun total ratlos was ich dagegen machen kann und muss um schlimmeres zu vermeiden! Ich bitte euch um Hilfe da ich echt keine Ahnung habe was ich tun soll.  ich habe auch bei google.de geschaut ob etwas über diesen Trojaner drin steht, doch leider keine angaben dazu gefunden. Vielen lieben dank Liebe grüße Sabine |
|
13.01.2013, 23:24
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
13.01.2013, 23:33
| #3 |
| | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 hallo und danke
__________________das ist der einzige Fund den ich habe. LG |
|
13.01.2013, 23:44
| #4 |
| | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 hier die OTL und Extras dateien im anhang |
|
13.01.2013, 23:47
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner beim Systemscan gefunden: TR/Rogue.8553036Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.01.2013, 23:55
| #6 |
| | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.01.2013 23:07:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Bine\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 37,65% Memory free 3,73 Gb Paging File | 2,61 Gb Available in Paging File | 70,10% Paging File free Paging file location(s): C:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 35,00 Gb Total Space | 12,56 Gb Free Space | 35,87% Space Free | Partition Type: NTFS Drive D: | 197,88 Gb Total Space | 95,61 Gb Free Space | 48,32% Space Free | Partition Type: NTFS Computer Name: BIENCHEN | User Name: Bine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 23:06:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Bine\Desktop\OTL.exe PRC - [2013.01.11 13:43:00 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.10.17 19:43:21 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.08 17:19:38 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.08.05 11:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneBusEnum.exe PRC - [2010.06.22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2013.01.11 13:42:59 | 003,021,872 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.01.08 22:15:07 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2012.04.16 22:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.07.07 22:52:44 | 000,555,624 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll MOD - [2010.07.07 22:52:42 | 002,307,688 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nView.dll MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.02.27 15:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.01.11 13:42:59 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 22:15:08 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.17 19:43:21 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.07.13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.08.05 11:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Zune\ZuneBusEnum.exe -- (ZuneBusEnum) SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2005.06.22 15:13:42 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TSMSvc.exe -- (TSMService) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.03.11 16:10:11 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2011.03.11 16:10:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.02.26 15:01:00 | 004,737,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.05.21 09:43:00 | 000,046,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.05.21 09:43:00 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 00:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.11.02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006.10.18 07:31:00 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006.07.01 22:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.08.13 09:56:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.03.11 16:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket) DRV - [2004.03.02 16:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv) DRV - [2004.03.02 16:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv) DRV - [2000.10.15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&u=1036326299945553871 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=111316&tt=120912_ccp_3912_7&babsrc=HP_ss&mntrId=e88ef97e000000000000001d60a53336 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie8_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.gmx.net/br/ie8_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=111316&tt=120912_ccp_3912_7&babsrc=HP_ss&mntrId=e88ef97e000000000000001d60a53336 IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {41A04542-1251-4EFB-B34C-AAEF4A21EF43} IE - HKCU\..\SearchScopes\{0DE933DE-83C6-43C3-AA77-6A6DF3ECA272}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111316&tt=120912_ccp_3912_7&babsrc=SP_ss&mntrId=e88ef97e000000000000001d60a53336 IE - HKCU\..\SearchScopes\{3EDF55BB-A32B-4CA1-9374-D4331AB68621}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=e94156c5-3741-4f2f-8c8c-cc7ba26367e9&apn_sauid=14A8DA84-06CC-472D-881A-1BC531181497 IE - HKCU\..\SearchScopes\{41A04542-1251-4EFB-B34C-AAEF4A21EF43}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&u=1036326299945553871 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0 FF - prefs.js..extensions.enabledItems: mail@gutscheinrausch.de:2.6 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.10.02 20:38:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.11 13:43:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.11 13:42:50 | 000,000,000 | ---D | M] [2010.09.18 13:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Extensions [2012.11.23 19:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\extensions [2012.09.25 10:11:28 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\extensions\bbrs_002@blabbers.com [2012.10.13 18:05:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.12.07 06:54:58 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\extensions\en-GB@dictionaries.addons.mozilla.org [2012.09.25 10:15:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\extensions\ffxtlbr@babylon.com [2011.12.07 06:54:58 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\extensions\fr-classique@dictionaries.addons.mozilla.org [2012.11.23 19:41:46 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.05.15 21:20:03 | 000,002,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\searchplugins\aol-web-search.xml [2011.08.23 18:29:45 | 000,002,396 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\searchplugins\askcom.xml [2012.09.25 10:12:49 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\searchplugins\BabylonMngr.xml [2011.10.21 21:33:38 | 000,002,179 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\searchplugins\MyStart Search.xml [2011.08.23 18:29:16 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Mozilla\Firefox\Profiles\4sw24ka7.default\searchplugins\SearchResults.xml [2013.01.11 13:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.17 21:49:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.01.11 13:43:00 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2009.10.26 16:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.04.28 09:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.25 10:11:36 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.09.09 12:24:30 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.28 09:29:35 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.28 09:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.23 18:29:16 | 000,002,503 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\SearchResults.xml [2012.04.28 09:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.28 09:29:35 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: (Enabled) = C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Browser Companion Helper = C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2010.10.12 10:26:12 | 000,000,851 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.2.100 bine-home.dyndns-ip.com O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\install\Svchost.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Zune Launcher] C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [HKCU] C:\WINDOWS\system32\install\Svchost.exe (Microsoft Corporation) O4 - HKCU..\Run: [Windows Live] C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Temp\winini.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\$McRebootA5E6DEAA56$.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\Svchost.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\Svchost.exe (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284753728156 (WUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE9FF07-5B68-4F3A-9467-B369CC05BFB5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.16 19:21:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{81d191e0-e71c-11df-8565-001d60a53336}\Shell - "" = AutoRun O33 - MountPoints2\{81d191e0-e71c-11df-8565-001d60a53336}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{81d191e0-e71c-11df-8565-001d60a53336}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{8b5ec79b-d294-11e1-8b05-001d60a53336}\Shell - "" = AutoRun O33 - MountPoints2\{8b5ec79b-d294-11e1-8b05-001d60a53336}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8b5ec79b-d294-11e1-8b05-001d60a53336}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe O33 - MountPoints2\{c5adcf50-cfca-11df-84ec-001d60a53336}\Shell - "" = AutoRun O33 - MountPoints2\{c5adcf50-cfca-11df-84ec-001d60a53336}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5adcf50-cfca-11df-84ec-001d60a53336}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c5adcf53-cfca-11df-84ec-001d60a53336}\Shell - "" = AutoRun O33 - MountPoints2\{c5adcf53-cfca-11df-84ec-001d60a53336}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5adcf53-cfca-11df-84ec-001d60a53336}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c5adcf55-cfca-11df-84ec-001d60a53336}\Shell - "" = AutoRun O33 - MountPoints2\{c5adcf55-cfca-11df-84ec-001d60a53336}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5adcf55-cfca-11df-84ec-001d60a53336}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c5adcf56-cfca-11df-84ec-001d60a53336}\Shell - "" = AutoRun O33 - MountPoints2\{c5adcf56-cfca-11df-84ec-001d60a53336}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5adcf56-cfca-11df-84ec-001d60a53336}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 23:07:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Bine\Desktop\OTL.exe [2013.01.11 13:42:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.12.24 12:54:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 23:08:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.13 23:08:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 23:06:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Bine\Desktop\OTL.exe [2013.01.13 22:35:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\defogger_reenable [2013.01.13 22:34:17 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Desktop\Defogger.exe [2013.01.13 20:51:32 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 20:51:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.10 20:29:33 | 000,371,988 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Desktop\Bescheid.pdf [2013.01.10 02:13:08 | 000,516,870 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.10 02:13:08 | 000,493,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.10 02:13:08 | 000,101,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.10 02:13:08 | 000,084,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.06 00:03:00 | 000,007,097 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Desktop\klobo-er-sofa__52446_PE153318_S4.jpg [2013.01.06 00:02:44 | 000,450,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Bine\Desktop\klobo-er-sofa__AA-155389-3_pub.pdf [2012.12.23 11:45:09 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.23 00:40:20 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.13 22:35:22 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Bine\defogger_reenable [2013.01.13 22:34:37 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Bine\Desktop\Defogger.exe [2013.01.10 20:29:32 | 000,371,988 | ---- | C] () -- C:\Dokumente und Einstellungen\Bine\Desktop\Bescheid.pdf [2013.01.06 00:03:00 | 000,007,097 | ---- | C] () -- C:\Dokumente und Einstellungen\Bine\Desktop\klobo-er-sofa__52446_PE153318_S4.jpg [2013.01.06 00:02:44 | 000,450,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Bine\Desktop\klobo-er-sofa__AA-155389-3_pub.pdf [2012.09.25 10:09:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012.09.23 22:16:38 | 000,213,522 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.05.30 09:52:00 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.02.15 17:00:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.08.09 17:39:43 | 000,002,486 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2011.08.07 12:03:09 | 000,000,992 | ---- | C] () -- C:\WINDOWS\eReg.dat [2011.06.07 18:23:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.03.19 12:25:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\ZX9EQJT7_{EC140083-A966-48F6-9A8F-803EDFACA068}.dat [2011.03.11 16:10:11 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2011.03.11 16:10:11 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.09.21 17:45:49 | 000,108,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Bine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.07.17 13:46:22 | 000,001,911 | -H-- | C] () -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Binelog.dat ========== ZeroAccess Check ========== [2010.09.17 21:32:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.06.24 13:10:50 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.13 00:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2012.09.30 16:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask [2012.09.25 10:11:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2011.08.23 18:31:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2012.09.25 10:12:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.09.25 10:10:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.09.25 10:12:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2011.03.19 12:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons [2011.04.25 11:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2011.10.21 22:50:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2012.07.20 18:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.12.24 12:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate [2011.02.22 22:12:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MPK [2010.10.03 16:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo [2010.10.02 22:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.10.02 22:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2010.10.02 20:38:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.04.25 11:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Photo Notifier and Animation Creator [2010.09.18 13:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager [2011.07.04 12:12:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2011.03.22 18:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.09.25 10:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.12.21 16:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2012.09.25 10:31:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2012.09.25 10:31:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.09.25 10:31:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} [2012.09.25 10:31:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.09.25 10:31:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.25 10:31:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2011.03.22 18:45:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\AnvSoft [2012.09.25 10:11:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Babylon [2012.09.25 10:11:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\BrowserCompanion [2012.09.25 10:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Canneverbe Limited [2010.10.13 09:29:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\FileZilla [2011.08.23 18:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\FreeFLVConverter [2010.10.03 16:25:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\GameHouse [2011.03.12 23:35:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Glory of the Roman Empire [2011.05.29 01:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Nokia [2011.01.15 14:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Nokia Ovi Suite [2012.09.25 10:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\OpenCandy [2011.11.28 19:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Opera [2011.01.15 14:41:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\PC Suite [2011.08.23 18:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\searchqutoolbar [2012.10.11 06:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Systweak [2011.07.19 20:50:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\T-DSL SpeedManager [2010.10.11 09:59:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\TeamViewer [2011.08.23 18:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Toolbar4 [2012.09.25 10:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\TuneUp Software [2011.08.23 18:14:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Uniblue [2012.09.25 10:10:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\ZalmanInstaller_otshot [2010.12.21 16:59:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Bine\Anwendungsdaten\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:661DFA1C < End of report > [/CODE] OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 23:07:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Bine\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 37,65% Memory free
3,73 Gb Paging File | 2,61 Gb Available in Paging File | 70,10% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,00 Gb Total Space | 12,56 Gb Free Space | 35,87% Space Free | Partition Type: NTFS
Drive D: | 197,88 Gb Total Space | 95,61 Gb Free Space | 48,32% Space Free | Partition Type: NTFS
Computer Name: BIENCHEN | User Name: Bine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Enabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Enabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator -- (Hewlett-Packard Co.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Nero\KM\KwikMedia.exe" = C:\Programme\Nero\KM\KwikMedia.exe:*:Enabled:Nero Kwik Media -- (Nero AG)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}" = Steuer-Sparer 2012
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{957F91DB-A999-4207-A780-828C857370F4}" = Nero Kwik Media
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C30FA2C9-6740-4485-A164-858D2884E154}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrowserCompanion" = BrowserCompanion
"Catsan Screensaver 1280x1024_is1" = Catsan Screensaver 1280x1024
"DivX Setup.divx.com" = DivX-Setup
"Glory of the Roman Empire" = Die Römer
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"Karu" = Karu
"Luxor 3" = Luxor 3
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MonKey Kassenbuch 2012_is1" = MonKey Kassenbuch 2012, Version 9.1.0
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 12.02.1578" = Opera 12.02
"Pearl Poppers" = Pearl Poppers
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Secret Of Six Seas" = Secret Of Six Seas
"TDSLSM" = T-DSL SpeedManager
"TeamViewer 5" = TeamViewer 5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zune" = Zune
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2012 06:59:44 | Computer Name = BIENCHEN | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60310.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D256
(79150000) with exit code 8013150a.
Error - 12.05.2012 07:00:45 | Computer Name = BIENCHEN | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60310.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D256
(79150000) with exit code 8013150a.
Error - 15.06.2012 13:53:35 | Computer Name = BIENCHEN | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 29.07.2012 07:15:10 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:15:43 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:19:35 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:20:06 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:22:46 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 25.09.2012 05:10:08 | Computer Name = BIENCHEN | Source = otshot | ID = 1
Description =
Error - 25.09.2012 05:41:37 | Computer Name = BIENCHEN | Source = otshot | ID = 1
Description =
< End of report >
[/CODE] OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 23:07:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Bine\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 37,65% Memory free
3,73 Gb Paging File | 2,61 Gb Available in Paging File | 70,10% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,00 Gb Total Space | 12,56 Gb Free Space | 35,87% Space Free | Partition Type: NTFS
Drive D: | 197,88 Gb Total Space | 95,61 Gb Free Space | 48,32% Space Free | Partition Type: NTFS
Computer Name: BIENCHEN | User Name: Bine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Enabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Enabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator -- (Hewlett-Packard Co.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Nero\KM\KwikMedia.exe" = C:\Programme\Nero\KM\KwikMedia.exe:*:Enabled:Nero Kwik Media -- (Nero AG)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}" = Steuer-Sparer 2012
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{957F91DB-A999-4207-A780-828C857370F4}" = Nero Kwik Media
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C30FA2C9-6740-4485-A164-858D2884E154}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrowserCompanion" = BrowserCompanion
"Catsan Screensaver 1280x1024_is1" = Catsan Screensaver 1280x1024
"DivX Setup.divx.com" = DivX-Setup
"Glory of the Roman Empire" = Die Römer
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"Karu" = Karu
"Luxor 3" = Luxor 3
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MonKey Kassenbuch 2012_is1" = MonKey Kassenbuch 2012, Version 9.1.0
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 12.02.1578" = Opera 12.02
"Pearl Poppers" = Pearl Poppers
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Secret Of Six Seas" = Secret Of Six Seas
"TDSLSM" = T-DSL SpeedManager
"TeamViewer 5" = TeamViewer 5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zune" = Zune
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2012 06:59:44 | Computer Name = BIENCHEN | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60310.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D256
(79150000) with exit code 8013150a.
Error - 12.05.2012 07:00:45 | Computer Name = BIENCHEN | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60310.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D256
(79150000) with exit code 8013150a.
Error - 15.06.2012 13:53:35 | Computer Name = BIENCHEN | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 29.07.2012 07:15:10 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:15:43 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:19:35 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:20:06 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 29.07.2012 07:22:46 | Computer Name = BIENCHEN | Source = ZuneDriver | ID = 80837
Description =
Error - 25.09.2012 05:10:08 | Computer Name = BIENCHEN | Source = otshot | ID = 1
Description =
Error - 25.09.2012 05:41:37 | Computer Name = BIENCHEN | Source = otshot | ID = 1
Description =
< End of report >
[/CODE] entschuldige, ich muss mich erstmal in die ganze sache reinfuchsen, hab davon echt keine ahnung, sonst hab ich das immer von anderen machen lassen die sich mit viren usw auskennen, und in schritt 2 steht das man das als anhang senden soll nun hab ich auch dieses hier was in schritt 3 beschrieben wurde Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 01:07:16
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000067 MAXTOR_STM3250310AS rev.4.AAA 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\Bine\LOKALE~1\Temp\pfdoqpob.sys
---- System - GMER 2.0 ----
SSDT B86EF44E ZwCreateKey
SSDT B86EF444 ZwCreateThread
SSDT B86EF453 ZwDeleteKey
SSDT B86EF45D ZwDeleteValueKey
SSDT B86EF462 ZwLoadKey
SSDT B86EF430 ZwOpenProcess
SSDT B86EF435 ZwOpenThread
SSDT B86EF46C ZwReplaceKey
SSDT B86EF467 ZwRestoreKey
SSDT B86EF458 ZwSetValueKey
---- Kernel code sections - GMER 2.0 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB71CF3A0, 0x59FFE5, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB347F300, 0x22020, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8450300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 2.0 ----
.text C:\Programme\Mozilla Firefox\plugin-container.exe[3136] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 107F464A C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[3136] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 107F45D9 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[3136] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1044A642 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[3136] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1044AC18 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[4060] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0150ED80 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[4060] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01855505 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[4060] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018554E2 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[4060] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015253B7 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[4060] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 01855463 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- EOF - GMER 2.0 ----
|
|
14.01.2013, 08:27
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner beim Systemscan gefunden: TR/Rogue.8553036Code:
ATTFilter O1 - Hosts: 192.168.2.100 bine-home.dyndns-ip.com
dyndns für eine lokale IP-Adresse macht ja irgendwie keinen Sinn! Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 14:47
| #8 |
| | Trojaner beim Systemscan gefunden: TR/Rogue.8553036Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bine :: BIENCHEN [administrator]
14.01.2013 14:42:36
mbar-log-2013-01-14 (14-42-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26033
Time elapsed: 9 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.01.2013, 15:05
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 Kannst du auch was zu diesem Hosts-Eintrag sagen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 15:09
| #10 |
| | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 das wurde vor ca 2 jahren erstellt um eine verbindung zwischen 2 netzwerken herzustellen, die allerdings schon seit 1,5 jahren nicht mehr besteht, mehr kann ich dazu nicht sagen weil ich nicht mehr darüber weiß |
|
14.01.2013, 15:45
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 17:03
| #12 |
| | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 hier nun die aswMBR, ich leg nun mit dem zweiten schritt los Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 16:28:58
-----------------------------
16:28:58.125 OS Version: Windows 5.1.2600 Service Pack 3
16:28:58.125 Number of processors: 2 586 0x6B02
16:28:58.125 ComputerName: BIENCHEN UserName: Bine
16:28:58.421 Initialize success
16:33:17.718 AVAST engine defs: 13011400
16:41:10.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
16:41:10.562 Disk 0 Vendor: MAXTOR_STM3250310AS 4.AAA Size: 238475MB BusType: 3
16:41:10.578 Disk 0 MBR read successfully
16:41:10.578 Disk 0 MBR scan
16:41:10.640 Disk 0 Windows XP default MBR code
16:41:10.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35840 MB offset 63
16:41:10.640 Disk 0 Partition - 00 0F Extended LBA 202624 MB offset 73400985
16:41:10.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 202624 MB offset 73401048
16:41:10.640 Disk 0 scanning sectors +488376000
16:41:10.718 Disk 0 scanning C:\WINDOWS\system32\drivers
16:41:17.218 Service scanning
16:41:31.687 Modules scanning
16:41:36.937 Disk 0 trace - called modules:
16:41:36.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
16:41:36.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a472030]
16:41:36.953 3 CLASSPNP.SYS[b80a8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a479f18]
16:41:36.953 5 ACPI.sys[b7f37620] -> nt!IofCallDriver -> \Device\00000068[0x8a478030]
16:41:37.421 AVAST engine scan C:\WINDOWS
16:41:42.890 AVAST engine scan C:\WINDOWS\system32
16:44:34.046 AVAST engine scan C:\WINDOWS\system32\drivers
16:44:47.875 AVAST engine scan C:\Dokumente und Einstellungen\Bine
16:48:16.625 AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:58:05.796 Scan finished successfully
16:58:37.656 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Bine\Desktop\MBR.dat"
16:58:37.656 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Bine\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 16:28:58
-----------------------------
16:28:58.125 OS Version: Windows 5.1.2600 Service Pack 3
16:28:58.125 Number of processors: 2 586 0x6B02
16:28:58.125 ComputerName: BIENCHEN UserName: Bine
16:28:58.421 Initialize success
16:33:17.718 AVAST engine defs: 13011400
16:41:10.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
16:41:10.562 Disk 0 Vendor: MAXTOR_STM3250310AS 4.AAA Size: 238475MB BusType: 3
16:41:10.578 Disk 0 MBR read successfully
16:41:10.578 Disk 0 MBR scan
16:41:10.640 Disk 0 Windows XP default MBR code
16:41:10.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35840 MB offset 63
16:41:10.640 Disk 0 Partition - 00 0F Extended LBA 202624 MB offset 73400985
16:41:10.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 202624 MB offset 73401048
16:41:10.640 Disk 0 scanning sectors +488376000
16:41:10.718 Disk 0 scanning C:\WINDOWS\system32\drivers
16:41:17.218 Service scanning
16:41:31.687 Modules scanning
16:41:36.937 Disk 0 trace - called modules:
16:41:36.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
16:41:36.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a472030]
16:41:36.953 3 CLASSPNP.SYS[b80a8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a479f18]
16:41:36.953 5 ACPI.sys[b7f37620] -> nt!IofCallDriver -> \Device\00000068[0x8a478030]
16:41:37.421 AVAST engine scan C:\WINDOWS
16:41:42.890 AVAST engine scan C:\WINDOWS\system32
16:44:34.046 AVAST engine scan C:\WINDOWS\system32\drivers
16:44:47.875 AVAST engine scan C:\Dokumente und Einstellungen\Bine
16:48:16.625 AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:58:05.796 Scan finished successfully
16:58:37.656 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Bine\Desktop\MBR.dat"
16:58:37.656 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Bine\Desktop\aswMBR.txt"
16:59:49.984 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Bine\Desktop\MBR.dat"
16:59:49.984 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Bine\Desktop\aswMBR.txt"
Code:
ATTFilter
17:05:06.0968 1000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:05:07.0296 1000 ============================================================
17:05:07.0296 1000 Current date / time: 2013/01/14 17:05:07.0296
17:05:07.0296 1000 SystemInfo:
17:05:07.0296 1000
17:05:07.0296 1000 OS Version: 5.1.2600 ServicePack: 3.0
17:05:07.0296 1000 Product type: Workstation
17:05:07.0296 1000 ComputerName: BIENCHEN
17:05:07.0312 1000 UserName: Bine
17:05:07.0312 1000 Windows directory: C:\WINDOWS
17:05:07.0312 1000 System windows directory: C:\WINDOWS
17:05:07.0312 1000 Processor architecture: Intel x86
17:05:07.0312 1000 Number of processors: 2
17:05:07.0312 1000 Page size: 0x1000
17:05:07.0312 1000 Boot type: Normal boot
17:05:07.0312 1000 ============================================================
17:05:07.0703 1000 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:05:07.0718 1000 ============================================================
17:05:07.0718 1000 \Device\Harddisk0\DR0:
17:05:07.0718 1000 MBR partitions:
17:05:07.0718 1000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x460025A
17:05:07.0718 1000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x46002D8, BlocksNum 0x18BC03E8
17:05:07.0718 1000 ============================================================
17:05:07.0750 1000 C: <-> \Device\Harddisk0\DR0\Partition1
17:05:07.0781 1000 D: <-> \Device\Harddisk0\DR0\Partition2
17:05:07.0781 1000 ============================================================
17:05:07.0781 1000 Initialize success
17:05:07.0781 1000 ============================================================
17:06:35.0546 3828 ============================================================
17:06:35.0546 3828 Scan started
17:06:35.0546 3828 Mode: Manual; SigCheck; TDLFS;
17:06:35.0546 3828 ============================================================
17:06:35.0812 3828 ================ Scan system memory ========================
17:06:35.0828 3828 System memory - ok
17:06:35.0828 3828 ================ Scan services =============================
17:06:35.0937 3828 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\AAVUpdateManager\aavus.exe
17:06:36.0078 3828 AAV UpdateService - ok
17:06:36.0156 3828 Abiosdsk - ok
17:06:36.0156 3828 abp480n5 - ok
17:06:36.0187 3828 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:06:36.0796 3828 ACPI - ok
17:06:36.0812 3828 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:06:36.0968 3828 ACPIEC - ok
17:06:37.0031 3828 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:06:37.0046 3828 AdobeFlashPlayerUpdateSvc - ok
17:06:37.0062 3828 adpu160m - ok
17:06:37.0093 3828 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:06:37.0250 3828 aec - ok
17:06:37.0265 3828 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:06:37.0328 3828 AFD - ok
17:06:37.0328 3828 Aha154x - ok
17:06:37.0343 3828 aic78u2 - ok
17:06:37.0343 3828 aic78xx - ok
17:06:37.0375 3828 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:06:37.0484 3828 Alerter - ok
17:06:37.0500 3828 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:06:37.0578 3828 ALG - ok
17:06:37.0578 3828 AliIde - ok
17:06:37.0609 3828 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:06:37.0640 3828 AmdK8 - ok
17:06:37.0640 3828 amsint - ok
17:06:37.0687 3828 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:06:37.0703 3828 AntiVirSchedulerService - ok
17:06:37.0750 3828 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:06:37.0765 3828 AntiVirService - ok
17:06:37.0765 3828 AppMgmt - ok
17:06:37.0796 3828 asc - ok
17:06:37.0796 3828 asc3350p - ok
17:06:37.0812 3828 asc3550 - ok
17:06:37.0906 3828 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:06:37.0921 3828 aspnet_state - ok
17:06:37.0937 3828 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:06:38.0062 3828 AsyncMac - ok
17:06:38.0078 3828 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:06:38.0187 3828 atapi - ok
17:06:38.0203 3828 Atdisk - ok
17:06:38.0234 3828 [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:06:38.0250 3828 atksgt ( UnsignedFile.Multi.Generic ) - warning
17:06:38.0250 3828 atksgt - detected UnsignedFile.Multi.Generic (1)
17:06:38.0281 3828 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:06:38.0390 3828 Atmarpc - ok
17:06:38.0421 3828 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:06:38.0531 3828 AudioSrv - ok
17:06:38.0562 3828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:06:38.0671 3828 audstub - ok
17:06:38.0687 3828 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:06:38.0703 3828 avgntflt - ok
17:06:38.0734 3828 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:06:38.0750 3828 avipbb - ok
17:06:38.0750 3828 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:06:38.0765 3828 avkmgr - ok
17:06:38.0796 3828 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys
17:06:38.0812 3828 avmeject ( UnsignedFile.Multi.Generic ) - warning
17:06:38.0812 3828 avmeject - detected UnsignedFile.Multi.Generic (1)
17:06:38.0843 3828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:06:38.0968 3828 Beep - ok
17:06:39.0015 3828 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:06:39.0125 3828 BITS - ok
17:06:39.0156 3828 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:06:39.0218 3828 Browser - ok
17:06:39.0234 3828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:06:39.0359 3828 cbidf2k - ok
17:06:39.0359 3828 cd20xrnt - ok
17:06:39.0390 3828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:06:39.0484 3828 Cdaudio - ok
17:06:39.0531 3828 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:06:39.0656 3828 Cdfs - ok
17:06:39.0687 3828 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:06:39.0718 3828 Cdrom - ok
17:06:39.0734 3828 Changer - ok
17:06:39.0750 3828 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:06:39.0875 3828 CiSvc - ok
17:06:39.0890 3828 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:06:40.0015 3828 ClipSrv - ok
17:06:40.0062 3828 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:06:40.0078 3828 clr_optimization_v2.0.50727_32 - ok
17:06:40.0109 3828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:06:40.0140 3828 clr_optimization_v4.0.30319_32 - ok
17:06:40.0140 3828 CmdIde - ok
17:06:40.0156 3828 COMSysApp - ok
17:06:40.0171 3828 Cpqarray - ok
17:06:40.0203 3828 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:06:40.0328 3828 CryptSvc - ok
17:06:40.0343 3828 dac2w2k - ok
17:06:40.0343 3828 dac960nt - ok
17:06:40.0390 3828 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:06:40.0453 3828 DcomLaunch - ok
17:06:40.0468 3828 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:06:40.0593 3828 Dhcp - ok
17:06:40.0593 3828 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:06:40.0734 3828 Disk - ok
17:06:40.0734 3828 dmadmin - ok
17:06:40.0781 3828 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:06:40.0937 3828 dmboot - ok
17:06:40.0953 3828 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:06:41.0078 3828 dmio - ok
17:06:41.0093 3828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:06:41.0203 3828 dmload - ok
17:06:41.0218 3828 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:06:41.0359 3828 dmserver - ok
17:06:41.0390 3828 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:06:41.0515 3828 DMusic - ok
17:06:41.0546 3828 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:06:41.0578 3828 Dnscache - ok
17:06:41.0609 3828 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:06:41.0734 3828 Dot3svc - ok
17:06:41.0734 3828 dpti2o - ok
17:06:41.0765 3828 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:06:41.0875 3828 drmkaud - ok
17:06:41.0906 3828 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:06:42.0031 3828 EapHost - ok
17:06:42.0062 3828 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:06:42.0187 3828 ERSvc - ok
17:06:42.0218 3828 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:06:42.0234 3828 Eventlog - ok
17:06:42.0265 3828 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:06:42.0296 3828 EventSystem - ok
17:06:42.0328 3828 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:06:42.0437 3828 Fastfat - ok
17:06:42.0468 3828 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:06:42.0515 3828 FastUserSwitchingCompatibility - ok
17:06:42.0531 3828 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:06:42.0671 3828 Fdc - ok
17:06:42.0671 3828 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:06:42.0796 3828 Fips - ok
17:06:42.0812 3828 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:06:42.0921 3828 Flpydisk - ok
17:06:42.0953 3828 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:06:43.0093 3828 FltMgr - ok
17:06:43.0125 3828 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:06:43.0140 3828 FontCache3.0.0.0 - ok
17:06:43.0156 3828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:43.0281 3828 Fs_Rec - ok
17:06:43.0296 3828 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:43.0406 3828 Ftdisk - ok
17:06:43.0437 3828 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
17:06:43.0468 3828 FWLANUSB - ok
17:06:43.0500 3828 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:43.0625 3828 Gpc - ok
17:06:43.0687 3828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
17:06:43.0703 3828 gupdate - ok
17:06:43.0703 3828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
17:06:43.0718 3828 gupdatem - ok
17:06:43.0750 3828 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:43.0875 3828 HDAudBus - ok
17:06:43.0937 3828 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:06:44.0078 3828 helpsvc - ok
17:06:44.0093 3828 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:06:44.0203 3828 HidServ - ok
17:06:44.0218 3828 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:44.0343 3828 hidusb - ok
17:06:44.0359 3828 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:06:44.0484 3828 hkmsvc - ok
17:06:44.0484 3828 hpn - ok
17:06:44.0515 3828 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:44.0546 3828 HTTP - ok
17:06:44.0578 3828 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:06:44.0687 3828 HTTPFilter - ok
17:06:44.0703 3828 hwdatacard - ok
17:06:44.0718 3828 i2omgmt - ok
17:06:44.0718 3828 i2omp - ok
17:06:44.0750 3828 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:44.0875 3828 i8042prt - ok
17:06:44.0921 3828 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:06:44.0984 3828 idsvc - ok
17:06:45.0015 3828 [ 0A7C49B48C772591A2D362DAA00246C8 ] imagedrv C:\WINDOWS\system32\Drivers\imagedrv.sys
17:06:45.0031 3828 imagedrv ( UnsignedFile.Multi.Generic ) - warning
17:06:45.0031 3828 imagedrv - detected UnsignedFile.Multi.Generic (1)
17:06:45.0046 3828 [ 549BA4F539E7B8D8129500B96DD7B27A ] imagesrv C:\WINDOWS\system32\DRIVERS\imagesrv.sys
17:06:45.0062 3828 imagesrv ( UnsignedFile.Multi.Generic ) - warning
17:06:45.0062 3828 imagesrv - detected UnsignedFile.Multi.Generic (1)
17:06:45.0093 3828 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:45.0203 3828 Imapi - ok
17:06:45.0234 3828 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:06:45.0343 3828 ImapiService - ok
17:06:45.0359 3828 ini910u - ok
17:06:45.0484 3828 [ 8998A1E6F899F790E5EFF9CD2C431A23 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:45.0734 3828 IntcAzAudAddService - ok
17:06:45.0750 3828 IntelIde - ok
17:06:45.0781 3828 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:06:45.0921 3828 Ip6Fw - ok
17:06:45.0937 3828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:46.0078 3828 IpFilterDriver - ok
17:06:46.0093 3828 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:46.0218 3828 IpInIp - ok
17:06:46.0250 3828 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:46.0375 3828 IpNat - ok
17:06:46.0406 3828 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:46.0515 3828 IPSec - ok
17:06:46.0546 3828 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:46.0593 3828 IRENUM - ok
17:06:46.0625 3828 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:46.0734 3828 isapnp - ok
17:06:46.0812 3828 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
17:06:46.0843 3828 JavaQuickStarterService - ok
17:06:46.0875 3828 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:46.0984 3828 Kbdclass - ok
17:06:47.0015 3828 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:06:47.0140 3828 kbdhid - ok
17:06:47.0171 3828 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:06:47.0281 3828 kmixer - ok
17:06:47.0312 3828 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:47.0359 3828 KSecDD - ok
17:06:47.0390 3828 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:06:47.0421 3828 LanmanServer - ok
17:06:47.0453 3828 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:06:47.0500 3828 lanmanworkstation - ok
17:06:47.0500 3828 lbrtfdc - ok
17:06:47.0531 3828 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:06:47.0531 3828 lirsgt ( UnsignedFile.Multi.Generic ) - warning
17:06:47.0531 3828 lirsgt - detected UnsignedFile.Multi.Generic (1)
17:06:47.0562 3828 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:06:47.0687 3828 LmHosts - ok
17:06:47.0718 3828 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
17:06:47.0734 3828 mbamchameleon - ok
17:06:47.0750 3828 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:06:47.0765 3828 MBAMProtector - ok
17:06:47.0812 3828 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:06:47.0843 3828 MBAMScheduler - ok
17:06:47.0859 3828 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:06:47.0906 3828 MBAMService - ok
17:06:47.0953 3828 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
17:06:47.0984 3828 MDM - ok
17:06:48.0000 3828 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:06:48.0125 3828 Messenger - ok
17:06:48.0156 3828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:48.0281 3828 mnmdd - ok
17:06:48.0312 3828 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:06:48.0437 3828 mnmsrvc - ok
17:06:48.0453 3828 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:06:48.0593 3828 Modem - ok
17:06:48.0593 3828 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:48.0734 3828 Mouclass - ok
17:06:48.0750 3828 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:48.0890 3828 mouhid - ok
17:06:48.0921 3828 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:49.0078 3828 MountMgr - ok
17:06:49.0109 3828 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:06:49.0140 3828 MozillaMaintenance - ok
17:06:49.0140 3828 mraid35x - ok
17:06:49.0156 3828 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:49.0296 3828 MRxDAV - ok
17:06:49.0328 3828 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:49.0375 3828 MRxSmb - ok
17:06:49.0406 3828 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:06:49.0531 3828 MSDTC - ok
17:06:49.0562 3828 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:06:49.0703 3828 Msfs - ok
17:06:49.0718 3828 MSIServer - ok
17:06:49.0734 3828 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:49.0890 3828 MSKSSRV - ok
17:06:49.0921 3828 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:50.0031 3828 MSPCLOCK - ok
17:06:50.0046 3828 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:50.0187 3828 MSPQM - ok
17:06:50.0218 3828 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:50.0359 3828 mssmbios - ok
17:06:50.0390 3828 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:06:50.0421 3828 MTsensor - ok
17:06:50.0437 3828 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:06:50.0484 3828 Mup - ok
17:06:50.0515 3828 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:06:50.0656 3828 napagent - ok
17:06:50.0734 3828 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Programme\Nero\Update\NASvc.exe
17:06:50.0781 3828 NAUpdate - ok
17:06:50.0812 3828 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:06:50.0937 3828 NDIS - ok
17:06:50.0968 3828 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:51.0000 3828 NdisTapi - ok
17:06:51.0046 3828 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:51.0171 3828 Ndisuio - ok
17:06:51.0187 3828 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:51.0312 3828 NdisWan - ok
17:06:51.0343 3828 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:51.0375 3828 NDProxy - ok
17:06:51.0390 3828 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:51.0515 3828 NetBIOS - ok
17:06:51.0531 3828 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:51.0640 3828 NetBT - ok
17:06:51.0671 3828 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:06:51.0765 3828 NetDDE - ok
17:06:51.0781 3828 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:06:51.0921 3828 NetDDEdsdm - ok
17:06:51.0953 3828 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:06:52.0062 3828 Netlogon - ok
17:06:52.0093 3828 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:06:52.0203 3828 Netman - ok
17:06:52.0234 3828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:06:52.0250 3828 NetTcpPortSharing - ok
17:06:52.0296 3828 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:06:52.0312 3828 Nla - ok
17:06:52.0359 3828 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
17:06:52.0375 3828 NMSAccess - ok
17:06:52.0421 3828 [ C3963D85B721A7F80D8A55F4E2867A3A ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
17:06:52.0609 3828 nmwcd - ok
17:06:52.0625 3828 [ 3859C69A77793180548802DAC9F34A38 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
17:06:52.0703 3828 nmwcdc - ok
17:06:52.0718 3828 [ 338F83EE9CB9E15EEACF0CBB90218CBF ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
17:06:52.0796 3828 nmwcdnsu - ok
17:06:52.0812 3828 [ D15BAC979144FB69ED28F97B2DD84D48 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
17:06:52.0875 3828 nmwcdnsuc - ok
17:06:52.0890 3828 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:06:53.0015 3828 Npfs - ok
17:06:53.0046 3828 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:53.0187 3828 Ntfs - ok
17:06:53.0203 3828 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:06:53.0328 3828 NtLmSsp - ok
17:06:53.0375 3828 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:06:53.0515 3828 NtmsSvc - ok
17:06:53.0531 3828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:06:53.0656 3828 Null - ok
17:06:53.0890 3828 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:06:54.0328 3828 nv - ok
17:06:54.0359 3828 [ EF9941593B2E9B436F64A87DDB570D1A ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
17:06:54.0390 3828 nvata - ok
17:06:54.0421 3828 [ 24336267DF2A52E2785D50F41B9CF9B8 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:06:54.0437 3828 NVENETFD - ok
17:06:54.0453 3828 [ FEA32E16BD1DDA896A647A6E19216FCA ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:06:54.0484 3828 nvnetbus - ok
17:06:54.0500 3828 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:06:54.0515 3828 NVSvc - ok
17:06:54.0546 3828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:54.0671 3828 NwlnkFlt - ok
17:06:54.0687 3828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:54.0812 3828 NwlnkFwd - ok
17:06:54.0843 3828 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:06:54.0859 3828 ose - ok
17:06:54.0875 3828 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:06:55.0000 3828 Parport - ok
17:06:55.0015 3828 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:55.0156 3828 PartMgr - ok
17:06:55.0187 3828 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:55.0312 3828 ParVdm - ok
17:06:55.0343 3828 [ D0084A9ADE989FE703E4F22171F4E4DC ] PCANDIS5 C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS
17:06:55.0359 3828 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
17:06:55.0359 3828 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
17:06:55.0375 3828 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:06:55.0406 3828 pccsmcfd - ok
17:06:55.0437 3828 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:55.0562 3828 PCI - ok
17:06:55.0578 3828 PCIDump - ok
17:06:55.0578 3828 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:06:55.0687 3828 PCIIde - ok
17:06:55.0703 3828 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:55.0859 3828 Pcmcia - ok
17:06:55.0875 3828 PDCOMP - ok
17:06:55.0875 3828 PDFRAME - ok
17:06:55.0890 3828 PDRELI - ok
17:06:55.0890 3828 PDRFRAME - ok
17:06:55.0906 3828 perc2 - ok
17:06:55.0906 3828 perc2hib - ok
17:06:55.0953 3828 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:06:55.0968 3828 PlugPlay - ok
17:06:55.0984 3828 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:06:56.0109 3828 PolicyAgent - ok
17:06:56.0125 3828 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:56.0265 3828 PptpMiniport - ok
17:06:56.0296 3828 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:06:56.0390 3828 Processor - ok
17:06:56.0406 3828 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:06:56.0531 3828 ProtectedStorage - ok
17:06:56.0546 3828 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:56.0656 3828 PSched - ok
17:06:56.0671 3828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:56.0812 3828 Ptilink - ok
17:06:56.0843 3828 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:06:56.0859 3828 PxHelp20 - ok
17:06:56.0875 3828 ql1080 - ok
17:06:56.0890 3828 Ql10wnt - ok
17:06:56.0890 3828 ql12160 - ok
17:06:56.0906 3828 ql1240 - ok
17:06:56.0906 3828 ql1280 - ok
17:06:56.0937 3828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:57.0046 3828 RasAcd - ok
17:06:57.0078 3828 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:06:57.0218 3828 RasAuto - ok
17:06:57.0234 3828 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:57.0328 3828 Rasl2tp - ok
17:06:57.0359 3828 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:06:57.0484 3828 RasMan - ok
17:06:57.0500 3828 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:57.0625 3828 RasPppoe - ok
17:06:57.0625 3828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:57.0750 3828 Raspti - ok
17:06:57.0765 3828 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:57.0875 3828 Rdbss - ok
17:06:57.0890 3828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:58.0031 3828 RDPCDD - ok
17:06:58.0062 3828 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:58.0093 3828 RDPWD - ok
17:06:58.0125 3828 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:06:58.0234 3828 RDSessMgr - ok
17:06:58.0250 3828 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:58.0375 3828 redbook - ok
17:06:58.0390 3828 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:06:58.0531 3828 RemoteAccess - ok
17:06:58.0546 3828 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:06:58.0656 3828 RpcLocator - ok
17:06:58.0687 3828 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:06:58.0718 3828 RpcSs - ok
17:06:58.0750 3828 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:06:58.0890 3828 RSVP - ok
17:06:58.0890 3828 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:06:59.0015 3828 SamSs - ok
17:06:59.0031 3828 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:06:59.0140 3828 SCardSvr - ok
17:06:59.0171 3828 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:06:59.0296 3828 Schedule - ok
17:06:59.0312 3828 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:59.0375 3828 Secdrv - ok
17:06:59.0406 3828 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:06:59.0515 3828 seclogon - ok
17:06:59.0531 3828 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:06:59.0656 3828 SENS - ok
17:06:59.0671 3828 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:06:59.0765 3828 serenum - ok
17:06:59.0781 3828 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:06:59.0906 3828 Serial - ok
17:06:59.0953 3828 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
17:07:00.0000 3828 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:07:00.0000 3828 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:07:00.0062 3828 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:07:00.0156 3828 Sfloppy - ok
17:07:00.0171 3828 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:07:00.0312 3828 SharedAccess - ok
17:07:00.0328 3828 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:07:00.0343 3828 ShellHWDetection - ok
17:07:00.0343 3828 Simbad - ok
17:07:00.0359 3828 Sparrow - ok
17:07:00.0390 3828 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:07:00.0500 3828 splitter - ok
17:07:00.0515 3828 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:07:00.0562 3828 Spooler - ok
17:07:00.0593 3828 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:07:00.0656 3828 sr - ok
17:07:00.0671 3828 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:07:00.0718 3828 srservice - ok
17:07:00.0765 3828 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:07:00.0796 3828 Srv - ok
17:07:00.0843 3828 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:07:00.0906 3828 SSDPSRV - ok
17:07:00.0921 3828 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:07:00.0937 3828 ssmdrv - ok
17:07:00.0968 3828 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
17:07:00.0984 3828 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:07:00.0984 3828 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:07:01.0015 3828 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:07:01.0125 3828 stisvc - ok
17:07:01.0140 3828 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:07:01.0265 3828 swenum - ok
17:07:01.0296 3828 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:07:01.0437 3828 swmidi - ok
17:07:01.0453 3828 SwPrv - ok
17:07:01.0453 3828 symc810 - ok
17:07:01.0468 3828 symc8xx - ok
17:07:01.0468 3828 sym_hi - ok
17:07:01.0484 3828 sym_u3 - ok
17:07:01.0515 3828 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:07:01.0640 3828 sysaudio - ok
17:07:01.0687 3828 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:07:01.0812 3828 SysmonLog - ok
17:07:01.0875 3828 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:07:02.0031 3828 TapiSrv - ok
17:07:02.0062 3828 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:07:02.0125 3828 Tcpip - ok
17:07:02.0156 3828 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:07:02.0281 3828 TDPIPE - ok
17:07:02.0281 3828 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:07:02.0406 3828 TDTCP - ok
17:07:02.0421 3828 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:07:02.0531 3828 TermDD - ok
17:07:02.0546 3828 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:07:02.0656 3828 TermService - ok
17:07:02.0687 3828 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:07:02.0703 3828 Themes - ok
17:07:02.0734 3828 [ 52AB2F2B0D2FD7CC2FDB489C449FEB8E ] TNPacket C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
17:07:02.0750 3828 TNPacket ( UnsignedFile.Multi.Generic ) - warning
17:07:02.0750 3828 TNPacket - detected UnsignedFile.Multi.Generic (1)
17:07:02.0750 3828 TosIde - ok
17:07:02.0796 3828 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:07:02.0906 3828 TrkWks - ok
17:07:02.0937 3828 [ 7F7C635F03A0B3FA4C5E9071E2C5008D ] TSMService C:\Programme\T-DSL SpeedManager\tsmsvc.exe
17:07:02.0937 3828 TSMService ( UnsignedFile.Multi.Generic ) - warning
17:07:02.0937 3828 TSMService - detected UnsignedFile.Multi.Generic (1)
17:07:02.0968 3828 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:07:03.0078 3828 Udfs - ok
17:07:03.0078 3828 ultra - ok
17:07:03.0109 3828 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:07:03.0218 3828 Update - ok
17:07:03.0234 3828 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:07:03.0296 3828 upnphost - ok
17:07:03.0328 3828 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
17:07:03.0390 3828 upperdev - ok
17:07:03.0390 3828 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:07:03.0500 3828 UPS - ok
17:07:03.0531 3828 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:07:03.0671 3828 usbccgp - ok
17:07:03.0687 3828 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:07:03.0781 3828 usbehci - ok
17:07:03.0796 3828 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:07:03.0890 3828 usbhub - ok
17:07:03.0921 3828 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:07:04.0031 3828 usbohci - ok
17:07:04.0062 3828 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:07:04.0171 3828 usbprint - ok
17:07:04.0187 3828 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:07:04.0312 3828 usbscan - ok
17:07:04.0328 3828 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
17:07:04.0421 3828 usbser - ok
17:07:04.0453 3828 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
17:07:04.0515 3828 UsbserFilt - ok
17:07:04.0546 3828 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:07:04.0671 3828 USBSTOR - ok
17:07:04.0687 3828 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:07:04.0796 3828 VgaSave - ok
17:07:04.0812 3828 ViaIde - ok
17:07:04.0828 3828 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:07:04.0921 3828 VolSnap - ok
17:07:04.0953 3828 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:07:05.0015 3828 VSS - ok
17:07:05.0046 3828 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:07:05.0156 3828 W32Time - ok
17:07:05.0171 3828 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:07:05.0281 3828 Wanarp - ok
17:07:05.0296 3828 [ 2E8BA025D65DD49D15EA66973E2A15DF ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:07:05.0421 3828 wceusbsh - ok
17:07:05.0453 3828 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:07:05.0484 3828 Wdf01000 - ok
17:07:05.0484 3828 WDICA - ok
17:07:05.0531 3828 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:07:05.0625 3828 wdmaud - ok
17:07:05.0640 3828 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:07:05.0765 3828 WebClient - ok
17:07:05.0828 3828 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:07:05.0921 3828 winmgmt - ok
17:07:05.0968 3828 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:07:06.0078 3828 WinRM - ok
17:07:06.0109 3828 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:07:06.0125 3828 WinUSB - ok
17:07:06.0140 3828 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:07:06.0218 3828 WmdmPmSN - ok
17:07:06.0250 3828 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:07:06.0375 3828 WmiApSrv - ok
17:07:06.0437 3828 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:07:06.0484 3828 WMPNetworkSvc - ok
17:07:06.0562 3828 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm C:\Programme\Zune\WMZuneComm.exe
17:07:06.0578 3828 WMZuneComm - ok
17:07:06.0593 3828 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:07:06.0625 3828 WpdUsb - ok
17:07:06.0687 3828 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:07:06.0734 3828 WPFFontCache_v0400 - ok
17:07:06.0765 3828 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:07:06.0875 3828 wscsvc - ok
17:07:06.0906 3828 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:07:07.0031 3828 wuauserv - ok
17:07:07.0046 3828 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:07:07.0078 3828 WudfPf - ok
17:07:07.0109 3828 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:07:07.0125 3828 WudfRd - ok
17:07:07.0156 3828 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:07:07.0171 3828 WudfSvc - ok
17:07:07.0218 3828 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:07:07.0328 3828 WZCSVC - ok
17:07:07.0359 3828 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:07:07.0453 3828 xmlprov - ok
17:07:07.0484 3828 [ AE279CD76B38FC079EEC3CA6D65A5926 ] zumbus C:\WINDOWS\system32\DRIVERS\zumbus.sys
17:07:07.0515 3828 zumbus - ok
17:07:07.0546 3828 [ 37F339B64F19E2775284ED7161B96683 ] ZuneBusEnum C:\Programme\Zune\ZuneBusEnum.exe
17:07:07.0562 3828 ZuneBusEnum - ok
17:07:07.0703 3828 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc C:\Programme\Zune\ZuneNss.exe
17:07:08.0015 3828 ZuneNetworkSvc - ok
17:07:08.0046 3828 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc C:\Programme\Zune\ZuneWlanCfgSvc.exe
17:07:08.0078 3828 ZuneWlanCfgSvc - ok
17:07:08.0093 3828 ================ Scan global ===============================
17:07:08.0109 3828 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:07:08.0156 3828 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:07:08.0171 3828 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:07:08.0187 3828 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:07:08.0187 3828 [Global] - ok
17:07:08.0187 3828 ================ Scan MBR ==================================
17:07:08.0203 3828 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:07:08.0421 3828 \Device\Harddisk0\DR0 - ok
17:07:08.0421 3828 ================ Scan VBR ==================================
17:07:08.0421 3828 [ ACB515D46C5F448214700709760C9446 ] \Device\Harddisk0\DR0\Partition1
17:07:08.0421 3828 \Device\Harddisk0\DR0\Partition1 - ok
17:07:08.0453 3828 [ 922AAA40D901E9E3864C073EE1E6AED0 ] \Device\Harddisk0\DR0\Partition2
17:07:08.0453 3828 \Device\Harddisk0\DR0\Partition2 - ok
17:07:08.0453 3828 ============================================================
17:07:08.0453 3828 Scan finished
17:07:08.0453 3828 ============================================================
17:07:08.0562 0252 Detected object count: 10
17:07:08.0562 0252 Actual detected object count: 10
17:08:15.0484 0252 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0484 0252 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0484 0252 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0484 0252 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0500 0252 imagedrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0500 0252 imagedrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0500 0252 imagesrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0500 0252 imagesrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0500 0252 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0500 0252 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0500 0252 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0500 0252 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0500 0252 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0500 0252 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0500 0252 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0500 0252 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0515 0252 TNPacket ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0515 0252 TNPacket ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:15.0515 0252 TSMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:15.0515 0252 TSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.01.2013, 21:39
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 21:43
| #14 |
| | Trojaner beim Systemscan gefunden: TR/Rogue.8553036 bevor ich anfange: wie wird windows manuell neu gestartet? wie kann man hintergrundwächter schließen? Wiederherstellungskonsole!? brauche ich die oder gibt mir dies das programm vor? |
|
14.01.2013, 22:55
| #15 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner beim Systemscan gefunden: TR/Rogue.8553036Zitat:
 Zitat:
Avira => Echtzeitschutz beenden/deaktivieren? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner beim Systemscan gefunden: TR/Rogue.8553036 |
| ahnung, aktion, angezeigt, antivirus, automatisch, avira, datei, free, heute, information, malware, malware gefunden, meldung, namen, programm, ratlos, system, system volume information, total, trojan, trojaner, unerwünschtes programm, verschoben, woche, _restore |
Linear-Darstellung
