|
Log-Analyse und Auswertung: Avira meldet Trojaner, Malwarebytes findet nichtsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.01.2013, 19:01 | #1 |
| Avira meldet Trojaner, Malwarebytes findet nichts Betriebssystem XP Prof SP3, Browser: IE8 Ich arbeite i.d.R. als User, nicht als Admin. Am 7.1. meldete Avira einen TR/Rogue.kdv.816675. Ab in die Quarantäne! Danach kam ich nicht mehr auf bestimmte Seiten, z.B. auf die Online-Banking-Seite meiner Bank hxxp://https://internetbanking.gad.de/ptlweb/WebPortal?bankid=5103. Vom Admin aus läuft noch alles. Am 13.1. meldete Avira einen TR/Crypt.ZPACK.Gen2, am 17.1. einen TR/Kryptik.VN. Ich machte darauf am 17.1. mit Avira einen Suchlauf über die das gesamte System, der vier Treffer brachte (s. Log). Der 18. brachte wieder Meldungen über einen TR/Crypt.ZPACK.Gen2 und danach über einen TR/Agent. (Beide Logs liegen bei.) Ich habe dann vom Admin aus den kompletten Scan mit Malwarebytes bei ausgeschaltetem Avira gemacht. Der findet aber nur einen infizierten Registrierungsschlüssel. (s. Log) Heute habe ich noch bemerkt, dass vom User aus die Adresse Antivirus Software für mehr Virenschutz im Internet unter Windows und Unix - Avira AntiVir nicht geht, vom Admin hingegen schon. Vielleicht könnt Ihr mir ja helfen. Hans-Friedrich |
18.01.2013, 19:11 | #2 |
/// Malware-holic | Avira meldet Trojaner, Malwarebytes findet nichts hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
19.01.2013, 09:04 | #3 |
| Avira meldet Trojaner, Malwarebytes findet nichts Hallo Markus,
__________________vielen Dank für die rasche Antwort. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 19.01.2013 08:38:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Dumrese\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,23% Memory free 3,35 Gb Paging File | 2,76 Gb Available in Paging File | 82,48% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 164,14 Gb Free Space | 70,48% Space Free | Partition Type: NTFS Computer Name: DUMRESE-PC1 | User Name: Dumrese | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.19 08:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dumrese\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.11 19:36:42 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 19:36:12 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.12.11 19:36:08 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 19:36:07 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.18 07:46:01 | 001,989,120 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe PRC - [2009.12.06 10:22:52 | 000,066,048 | ---- | M] (Blue Onion Software) -- C:\Programme\Desk Drive\DeskDrive.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.29 20:45:08 | 000,815,104 | ---- | M] (DOSPRN) -- C:\Programme\DOSPRN\DOSprn.exe PRC - [2005.11.05 13:10:06 | 000,480,256 | ---- | M] (Excode Software) -- C:\Programme\Analog Clock\AnalogClock.exe PRC - [2005.06.02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2005.05.27 09:24:52 | 000,147,456 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2003.06.17 08:44:56 | 000,045,056 | ---- | M] (EllSoft Software Development & Design ) -- C:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe PRC - [2003.04.07 17:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE PRC - [2003.01.03 09:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) -- C:\Programme\Dantz\Retrospect\retrorun.exe PRC - [1999.06.27 20:38:02 | 000,794,112 | R--- | M] (Fred's Software) -- C:\Programme\Printkey 2000\PRINTKEY2000.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.05.18 07:46:01 | 001,989,120 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe MOD - [2010.04.02 04:01:27 | 000,569,344 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\ssb3mdu.dll MOD - [2009.11.19 13:10:25 | 001,384,520 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\SCX3200\SSOle.dll MOD - [2009.11.19 10:17:59 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssb3ml3.dll MOD - [2005.01.06 16:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2001.08.07 14:17:18 | 000,024,576 | ---- | M] () -- C:\Programme\Hewlett-Packard\Precisionscan Pro 3.1\hpgihps.dll MOD - [2000.04.14 15:50:02 | 000,343,040 | ---- | M] () -- C:\WINDOWS\system32\Lffpx7.dll MOD - [1998.06.11 13:08:06 | 000,095,232 | ---- | M] () -- C:\WINDOWS\system32\Lfkodak.dll ========== Services (SafeList) ========== SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.11 19:36:42 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 19:36:08 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.06.02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2005.04.27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean) SRV - [2004.10.26 08:11:10 | 000,327,680 | ---- | M] (Siemens) [On_Demand | Stopped] -- C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe -- (xControlCOM) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2003.01.03 09:20:48 | 000,057,344 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Programme\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper) SRV - [2003.01.03 09:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Programme\Dantz\Retrospect\retrorun.exe -- (RetroLauncher) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- -- (DXSOFTIO) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.12.11 19:36:52 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.11 19:36:52 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.18 09:28:22 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.10.04 12:10:40 | 000,188,160 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2011.10.04 12:10:40 | 000,033,536 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2011.08.13 17:53:31 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface) DRV - [2011.08.11 06:46:46 | 000,606,440 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010.11.23 12:40:40 | 000,091,728 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8) DRV - [2010.11.23 12:40:30 | 000,131,664 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2009.10.29 09:45:35 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006.01.12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2005.02.23 03:36:04 | 000,986,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.11.17 12:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004.10.26 08:12:14 | 000,053,632 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Gigusb.sys -- (Gigusb) DRV - [2004.10.26 08:03:52 | 000,008,448 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DectEnum.sys -- (DectEnum) DRV - [2004.10.26 08:02:14 | 000,113,408 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\siellif.sys -- (siellif) DRV - [2004.09.08 15:22:04 | 000,050,759 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys -- (IUAPIWDM) DRV - [2004.09.08 15:22:02 | 000,263,751 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hrcmpa.sys -- (HRCMPA) DRV - [2004.09.08 15:21:58 | 000,041,037 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ndiscapi.sys -- (NDISCAPI) DRV - [2004.09.08 15:21:54 | 000,028,740 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\capi.sys -- (CAPI) DRV - [2003.12.23 05:32:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp) DRV - [2003.08.21 16:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm) DRV - [2003.04.14 15:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) DRV - [1999.09.10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {794B1FED-3A3B-4308-B326-FB64D9D29373} IE - HKCU\..\SearchScopes\{2126646D-2AA2-4F2D-B51F-0F5455629CC9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{794B1FED-3A3B-4308-B326-FB64D9D29373}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{89140C6F-A6F8-4A59-B101-8976C2D3368B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Programme\Mozilla Firefox\Components [2007.11.23 15:24:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Programme\Mozilla Firefox\Plugins [2011.07.02 16:00:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Programme\Mobile Master\ext\1\ [2012.12.22 16:15:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Programme\Mozilla Firefox\Components [2007.11.23 15:24:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Programme\Mozilla Firefox\Plugins [2011.07.02 16:00:35 | 000,000,000 | ---D | M] [2011.01.18 21:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Extensions [2011.01.18 21:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de [2012.04.30 14:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions [2012.04.30 14:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.04.01 15:48:17 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573} [2012.04.30 14:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\staged-xpis [2009.03.18 13:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi [2012.04.30 14:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.29 04:53:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.29 04:53:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2006.10.12 06:31:01 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll [2006.10.12 06:31:02 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll [2006.10.12 06:31:01 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll [2012.04.29 04:53:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2004.06.09 16:03:02 | 000,832,728 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NPSWF32.dll [2006.10.12 06:31:05 | 000,000,680 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-de.png [2006.10.12 06:31:05 | 000,000,804 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-de.src [2006.10.12 06:31:05 | 000,000,210 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.gif [2006.10.12 06:31:05 | 000,001,075 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.src [2006.10.12 06:31:05 | 000,001,076 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-de.gif [2006.10.12 06:31:05 | 000,000,879 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-de.src [2006.10.12 06:31:05 | 000,000,232 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.png [2006.10.12 06:31:05 | 000,001,157 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.src [2006.10.12 06:31:05 | 000,000,088 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.gif [2006.10.12 06:31:05 | 000,001,147 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.src O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (WRShell.BHO) - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll () O3 - HKLM\..\Toolbar: (Web-Recherche-Bearbeitungsleiste) - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O3 - HKLM\..\Toolbar: (Web-Recherche-Symbolleiste) - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [3200 Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe () O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Samsung PanelMgr] d:\Application\SPanel\PanelMgr\SSMMgr.exe /autorun File not found O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found O4 - HKCU..\Run: [AnalogClock] C:\Programme\Analog Clock\AnalogClock.exe (Excode Software) O4 - HKCU..\Run: [DeskDriveStartup] C:\Programme\Desk Drive\DeskDrive.exe (Blue Onion Software) O4 - Startup: C:\Dokumente und Einstellungen\Dumrese\Startmenü\Programme\Autostart\CAPI - Monitor.lnk = C:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe (EllSoft Software Development & Design ) O4 - Startup: C:\Dokumente und Einstellungen\Dumrese\Startmenü\Programme\Autostart\DOSPRN.lnk = C:\Programme\DOSPRN\DOSprn.exe (DOSPRN) O4 - Startup: C:\Dokumente und Einstellungen\Dumrese\Startmenü\Programme\Autostart\PRINTKEY2000.lnk = C:\Programme\Printkey 2000\PRINTKEY2000.EXE (Fred's Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Web-Recherche: Bild speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Bild speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Link-Adresse speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Markierte Ziele speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Markierung speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Markierung speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Ziel speichern - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O8 - Extra context menu item: Web-Recherche: Ziel speichern unter... - C:\Programme\Web-Recherche\WRShell.dll (macropool GmbH) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.) O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll () O15 - HKCU\..Trusted Domains: dumrese-pc1 ([]file in Vertrauenswürdige Sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147504594645 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218482213968 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{257DA1AF-4336-48B3-8040-D63390A71D88}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25C1761-DA32-400B-9A41-E0482D923924}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.03 10:42:47 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{b3db3db9-1601-11e1-be2d-000fea387047}\Shell - "" = AutoRun O33 - MountPoints2\{b3db3db9-1601-11e1-be2d-000fea387047}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b3db3db9-1601-11e1-be2d-000fea387047}\Shell\AutoRun\command - "" = F:\SafeStick.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Dumrese^Startmenü^Programme^Autostart^CAPI - Monitor.lnk - C:\Programme\Gigaset DECT\capi\Tools\CALLTRAY.exe - (EllSoft Software Development & Design ) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2013.01.19 08:36:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dumrese\Desktop\OTL.exe [2013.01.18 14:19:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Malwarebytes [2013.01.18 14:19:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.18 14:19:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.18 14:19:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.12.28 13:00:54 | 000,000,000 | ---D | C] -- C:\Programme\dvd43 [2012.12.28 12:17:36 | 000,246,784 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\ActiveSkin.ocx [2012.12.22 18:40:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\GetRightToGo [2012.12.22 18:40:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dumrese\Eigene Dateien\Downloads [2012.12.22 16:15:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Jumping Bytes [2012.12.20 11:21:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MHST [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.19 08:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dumrese\Desktop\OTL.exe [2013.01.19 08:22:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.19 08:17:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.19 08:17:37 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys [2013.01.18 20:54:05 | 000,009,271 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2013.01.18 14:19:25 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 07:32:37 | 000,002,349 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\Desktop\Retrospect 6.0.lnk [2013.01.09 07:45:10 | 000,467,608 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 07:45:10 | 000,448,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 07:45:10 | 000,088,464 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 07:45:10 | 000,074,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.21 11:36:47 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.20 11:18:42 | 000,131,948 | -H-- | M] () -- C:\treeinfo.wc [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.18 14:19:25 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 12:17:36 | 000,162,304 | ---- | C] () -- C:\UNWISE.EXE [2012.12.28 12:17:36 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2012.11.18 18:45:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2012.11.18 18:45:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2012.11.18 18:44:53 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\$_hpcst$.hpc [2012.11.08 15:06:07 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2012.09.15 15:07:52 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2012.09.15 15:07:52 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll [2012.09.15 15:07:52 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin [2012.09.13 06:04:41 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys [2012.09.12 20:04:37 | 000,000,022 | -HS- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Sys6925.Config Collection.sys [2012.09.12 19:32:51 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin [2012.07.13 06:04:00 | 000,000,022 | -HS- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Windows1569_SettingsRepository.bin [2012.02.16 09:53:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.10 12:35:28 | 000,012,617 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\SmarThruOptions.xml [2012.01.10 12:34:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2012.01.10 12:34:54 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2012.01.10 12:30:43 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2012.01.10 12:30:03 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2012.01.07 11:41:09 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssb3ml3.dll [2012.01.07 11:37:20 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2012.01.07 11:37:20 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2012.01.07 11:37:20 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2012.01.07 11:37:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2012.01.07 11:37:19 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2012.01.05 17:03:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012.01.04 06:27:56 | 000,000,471 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.07.02 15:44:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011.07.02 15:44:02 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011.07.02 15:44:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011.07.02 15:44:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011.07.02 15:44:02 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011.07.02 15:44:02 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011.07.02 15:44:02 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011.07.02 15:44:02 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011.07.02 15:44:02 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011.07.02 15:44:02 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011.07.02 15:44:02 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011.07.02 15:44:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011.07.02 15:44:02 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011.07.02 15:44:02 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011.07.02 15:44:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011.07.02 15:44:02 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011.07.02 15:44:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011.07.02 15:44:02 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011.07.02 15:44:02 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011.04.15 04:30:00 | 000,079,296 | ---- | C] () -- C:\WINDOWS\System32\wr4zlib.dll [2009.06.29 05:38:12 | 000,007,264 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2008.04.09 16:17:33 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.06 07:42:53 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.09 17:21:21 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\.java.policy [2006.06.02 17:46:24 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\cntp.ini [2006.05.13 08:40:11 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Dumrese\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2006.05.13 08:23:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2007.01.03 07:52:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2012.04.04 19:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2007.12.09 21:31:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay [2011.05.07 15:29:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FilerFrog [2012.02.11 17:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage [2009.02.22 12:19:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.12.20 11:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MHST [2012.11.18 18:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Master [2013.01.18 07:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Retrospect [2012.11.18 18:45:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2007.07.30 18:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2006.06.03 11:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sokoban++ [2012.09.12 19:26:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.09.12 19:26:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{527EE0A6-618B-4814-8449-DB8C2DBEE577} [2012.02.11 17:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Buhl Data Service [2012.01.03 10:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\eM Client for SoftMaker [2012.12.22 18:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\GetRightToGo [2012.12.22 16:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Jumping Bytes [2006.05.26 14:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Leadertech [2008.12.31 10:29:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Lexware [2012.11.30 11:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\ML [2012.12.22 16:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Mobile Master [2009.05.21 12:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\NoteTab Pro [2006.10.15 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Ordner HP Share-to-Web [2008.07.29 09:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\PC Suite [2012.11.18 18:44:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Samsung [2007.07.30 18:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\ScanSoft [2009.07.18 14:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\SmartTools [2012.09.12 19:24:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\SoftMaker [2006.06.03 11:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Sokoban++ [2012.01.04 06:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\TeamViewer [2011.02.13 14:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\TotalRecorder [2009.12.06 10:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\TweakNow PowerPack 2009 [2011.11.12 15:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dumrese\Anwendungsdaten\Web-Recherche ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.01.09 07:45:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.09.16 17:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.09.21 21:11:47 | 000,000,000 | ---D | M] -- C:\PMAIL [2012.01.10 12:31:55 | 000,000,000 | ---D | M] -- C:\Program Files [2013.01.18 14:19:22 | 000,000,000 | R--D | M] -- C:\Programme [2012.06.09 08:21:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013.01.17 21:32:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.18 07:30:34 | 000,000,000 | ---D | M] -- C:\Temp [2013.01.18 13:02:43 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 06:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 06:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2004.10.26 08:11:42 | 000,122,880 | ---- | M] (Siemens AG) -- C:\Windows\system32\homertsp.tsp [2008.04.14 06:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 06:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 06:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 06:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 06:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [13 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.05.13 07:57:24 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2006.05.13 08:06:13 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.05.13 09:47:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.05.13 09:47:41 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.05.13 09:47:41 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [1 C:\WINDOWS\System32\config\*.tmp files -> C:\WINDOWS\System32\config\*.tmp -> ] < %systemroot%\system32\*.dll /lockedfiles > [13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2006.06.09 17:21:21 | 000,000,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\.java.policy [2013.01.18 20:54:16 | 003,670,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\ntuser.dat [2012.02.03 07:34:09 | 003,670,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\NTUSER.DAT.bak_jv16pt [2013.01.19 08:38:40 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Dumrese\ntuser.dat.LOG [2009.07.30 21:17:21 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Dumrese\NTUSER.DAT.tmp.LOG [2013.01.18 20:54:16 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Dumrese\ntuser.ini [2012.11.08 15:19:38 | 000,000,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Dumrese\results.txt < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.01.2013 08:38:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Dumrese\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,23% Memory free 3,35 Gb Paging File | 2,76 Gb Available in Paging File | 82,48% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 164,14 Gb Free Space | 70,48% Space Free | Partition Type: NTFS Computer Name: DUMRESE-PC1 | User Name: Dumrese | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found .txt [@ = ntpfile] -- C:\Programme\NoteTab Pro 6\NotePro.exe (Fookes Holding Ltd) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "D:\FAZ\xsearch\XWeb.exe" = D:\FAZ\xsearch\XWeb.exe:*:Enabled:X-Web WWW Server "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics) "C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe:*:Enabled:ScanToPC -- () "C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe:*:Enabled:SScanToIO -- () "C:\Programme\Steuer 2011\on4u3\bdmsc.exe" = C:\Programme\Steuer 2011\on4u3\bdmsc.exe:*:Enabled:bdmsc.exe -- (Buhl Data Service GmbH) "C:\Programme\Steuer 2011\stman2012.exe" = C:\Programme\Steuer 2011\stman2012.exe:*:Enabled:Steuermanager -- () "C:\Programme\Steuer 2011\on4u3\bdrm.dll" = C:\Programme\Steuer 2011\on4u3\bdrm.dll:*:Enabled:bdrm.dll -- (Buhl Data Service GmbH) "C:\Programme\Steuer 2011\wmain12.dll" = C:\Programme\Steuer 2011\wmain12.dll:*:Enabled:wmain12.dll -- () "C:\Programme\Wireless LAN Utility\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Programme\Wireless LAN Utility\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan "C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Programme\Audacity\audacity.exe" = C:\Programme\Audacity\audacity.exe:*:Enabled:Audacity -- () "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{06C265CF-F924-491E-8E6C-288460CB5E30}" = Desk Drive "{0821727B-B0EF-4F2A-AD52-4998BC0CAEE4}" = Mobile Master "{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE "{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10 "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{210E1E65-8A23-43ED-8043-D51C655B97D3}" = MP3-Tag-Editor "{23236FC2-648D-4ACF-AD16-68492D0F0AC9}" = FileBox eXtender "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3AAFCB5F-5166-46EC-A521-E363C6950A94}" = Steuer Update 15.01 "{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007 "{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010 "{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch "{4160BDED-8EB9-47E1-8348-750F58C5E351}" = Intel® Integrated Performance Primitives RTI 4.1 for Windows* on Intel® Pentium® processors "{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010 "{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task "{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5D05BF5C-C548-4901-81B8-E2BDDCA39D0B}" = talk&surf 6.0 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1 "{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87001C85-FF5F-42F9-B78A-114A7ED373BE}" = ScanSoft PDF Converter "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012 "{8F3AA869-0769-4336-A1C1-3832D764EE29}" = ScanSoft OmniPage Pro 14.0 "{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 "{93973C6B-F862-4C16-84D1-7B675D650103}" = CANON iMAGE GATEWAY Task "{99E67091-D392-4031-AD2A-E9547F3615F8}" = Minolta DiMAGE Webcam Treiber "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E1BC481-AE76-49D3-913C-D901D8CFDFCA}" = ScanSoft PDF Printer "{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library "{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A30B27FF-8C79-424A-89B4-43AD712A41ED}" = Steuer 2005 "{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service "{AC76BA86-7AD7-1031-7B44-A70700000002}" = Adobe Reader 7.0.7 - Deutsch "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2 "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord "{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant "{C081C7BF-86B9-453D-A91B-1DDC8204E9FA}" = Web-Recherche 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (G) "{C4354214-B919-4C8F-84EB-4F9B84ACC02C}" = Retrospect 6.0 "{C9246F7F-0BA3-45C7-8B49-A69F0273FA69}" = NOXON DAB MediaPlayer "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{E443A61D-26C7-43AA-A2C1-36CAE266B883}" = eM Client "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter "{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service "{ECA1A439-7CED-4F32-8551-AD7999306C4A}" = talk&surf CAPI "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F1ACA630-D5A9-45BC-961F-0CFF5CE3DBD0}" = Gigaset SX2x5isdn / 417x / 307x "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "Analog Clock_is1" = Analog Clock 2.2 FREEWARE "ANNO1602" = Anno 1602 "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "CDex" = CDex extraction audio "CUEcards 2000" = CUEcards 2000 "Cyber-D's Autodelete" = Cyber-D's Autodelete 1.01 "Defraggler" = Defraggler (remove only) "DOSPRN_is1" = DOSPRN 1.79 "DVD Shrink_is1" = DVD Shrink 3.2 "DVD43_is1" = DVD43 v4.6.0 "Euro-Wörterbuch 2001" = Euro-Wörterbuch 2001 "FileBox eXtender" = FileBox eXtender "FixFoto Erweiterungen_is1" = FixFoto Erweiterungen 2.79 "FixFoto Masken_is1" = FixFoto Masken 3.00 "FixFoto Objektiv-Korrekturdaten_is1" = FixFoto Objektiv-Korrekturdaten 2.79 "FixFoto Power Modul_is1" = FixFoto Power Modul 2.79 "FixFoto_is1" = FixFoto 3.00 "FixFoto-CD_is1" = FixFoto 3.00 "FreePDF_XP" = FreePDF XP (Remove only) "GEKKO Mahjongg" = Gekko Mahjongg "Horlands Scan2Pdf_is1" = Horland's Scan2Pdf "HoverIP_is1" = HoverIP v1.0 beta "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE "InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX "InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX "InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX "InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library "InstallShield_{93973C6B-F862-4C16-84D1-7B675D650103}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library "InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX "InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "IPIX ActiveX Viewer" = IPIX ActiveX Viewer "IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer "IPIX Viewer" = IPIX Viewer "IrfanView" = IrfanView (remove only) "jv16 PowerTools 2011" = jv16 PowerTools 2012 "Kalua Cocktails 98" = Kalua Cocktails 98 "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mobile Master" = Mobile Master 8.5.9 "Mozilla Firefox (1.5)" = Mozilla Firefox (1.5) "MRW!UninstallKey" = Ahead InCD EasyWrite Reader "MXOFX" = USB Storage Adapter FX (MXO) "Nero - Burning Rom!UninstallKey" = Nero 6 "NeroVision!UninstallKey" = NeroVision Express 2 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NMPUninstallKey" = Nero Media Player "NoteTab Pro 6_is1" = NoteTab Pro 6 (Remove only) "NOXON DAB Stick" = NOXON DAB Stick V86.001.0930.2011 "Passage 3" = PASSAGE 3 "PDFrizator_is1" = PDFrizator 0.5.0.3 "pdfsam" = pdfsam "PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer "Pegasus Mail" = Pegasus Mail "Picasa 3" = Picasa 3 "PrintFile" = PrintFile "ProgDVB" = ProgDVB "QIP2005" = QIP 2005 Uninstall "Redirection Port Monitor" = RedMon - Redirection Port Monitor "RegScanner" = RegScanner "s25atonce_is1" = s25atonce 3.0.1 "Samsung SCX-3200 Series" = Samsung SCX-3200 Series "Shockwave" = Shockwave "Shutdown Element 2007_is1" = Shutdown Element 2007 "SokobanPP" = Sokoban++ (remove only) "Spectrum Lab_is1" = Spectrum Lab V2.76 "Sprüche- und Zitate-Lexikon 4.0" = Sprüche- und Zitate-Lexikon 4.0 "Streamripper.Plugin" = Streamripper Plugin 1.61.27 (Remove only) "Totalcmd" = Total Commander (Remove or Repair) "TotalRecorder" = Total Recorder 8.2 "Tweak UI 2.10" = Tweak UI "TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy "TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "Xaldon WebSpider 2" = Xaldon WebSpider 2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011 "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "QUICKMEDIACONVERTER" = Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.01.2013 08:55:08 | Computer Name = DUMRESE-PC1 | Source = SecurityCenter | ID = 1802 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen. Error - 18.01.2013 09:18:32 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090 Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt. Error - 18.01.2013 10:54:33 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090 Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt. Error - 18.01.2013 12:29:33 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090 Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt. Error - 18.01.2013 14:42:42 | Computer Name = DUMRESE-PC1 | Source = WinMgmt | ID = 28 Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler oder nicht genügend Speicherplatz oder Arbeitsspeicher sein. Error - 18.01.2013 14:42:42 | Computer Name = DUMRESE-PC1 | Source = SecurityCenter | ID = 1802 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen. Error - 18.01.2013 15:31:37 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090 Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt. Error - 19.01.2013 03:18:31 | Computer Name = DUMRESE-PC1 | Source = WinMgmt | ID = 28 Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler oder nicht genügend Speicherplatz oder Arbeitsspeicher sein. Error - 19.01.2013 03:18:31 | Computer Name = DUMRESE-PC1 | Source = SecurityCenter | ID = 1802 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen. Error - 19.01.2013 03:22:13 | Computer Name = DUMRESE-PC1 | Source = Userenv | ID = 1090 Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt. [ System Events ] Error - 08.01.2013 17:54:11 | Computer Name = DUMRESE-PC1 | Source = DCOM | ID = 10010 Description = Der Server "{B801CA65-A1FC-11D0-85AD-444553540000}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 14.01.2013 09:11:30 | Computer Name = DUMRESE-PC1 | Source = Wechselmediendienst | ID = 262255 Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der Bibliothek USB 2.0 USB Flash Drive USB Device nicht laden. Error - 14.01.2013 09:11:31 | Computer Name = DUMRESE-PC1 | Source = Wechselmediendienst | ID = 262255 Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der Bibliothek USB 2.0 USB Flash Drive USB Device nicht laden. < End of report > Hans-Friedrich |
19.01.2013, 20:23 | #4 |
/// Malware-holic | Avira meldet Trojaner, Malwarebytes findet nichts download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.01.2013, 10:49 | #5 |
| Avira meldet Trojaner, Malwarebytes findet nichts Markus, zwei Bemerkungen vorab: 1. Der Virus steckt im User-Konto. Ich führe die von Dir genannten Programme immer als Admin aus. Ich hoffe, das ist ok. 2. Eben habe ich mit Regseeker meine Autostart-Einträge auf dem User-Konto untersicht. Regseeker meldet im Schlüssel "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" einen Eintrag namens "Avektum" mit dem Wert "C:\Dokumente und Einstellungen\Hans-Friedrich\Anwendungsdaten\Cizime\ucgyt.exe". Das Verzeichnis ...\Anwendungsdaten\Cizime ist vom 7.1.2013 17:28. Avira meldete den ersten Trojaner lt. Logdatei um 17:29! "ucgyt.exe" hat eine Größe von 262.656 und das Datum 07.03.2011 00:45. Daneben befinden sich in Verzeichnis "Anwendungsdaten" noch zwei andere verdächtige Verzeichnisse
und eine Datei $_hpcst$.hpc 2.528 18.11.2012 20:36. Jetzt aber zur TDSSKiller.2.8.15.0_20.01.2013_10.19.36_log.txt: 10:19:36.0546 0552 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 10:19:38.0546 0552 ============================================================ 10:19:38.0546 0552 Current date / time: 2013/01/20 10:19:38.0546 10:19:38.0546 0552 SystemInfo: 10:19:38.0546 0552 10:19:38.0546 0552 OS Version: 5.1.2600 ServicePack: 3.0 10:19:38.0546 0552 Product type: Workstation 10:19:38.0546 0552 ComputerName: DUMRESE-PC1 10:19:38.0546 0552 UserName: Dumrese 10:19:38.0546 0552 Windows directory: C:\WINDOWS 10:19:38.0546 0552 System windows directory: C:\WINDOWS 10:19:38.0546 0552 Processor architecture: Intel x86 10:19:38.0546 0552 Number of processors: 2 10:19:38.0546 0552 Page size: 0x1000 10:19:38.0546 0552 Boot type: Normal boot 10:19:38.0546 0552 ============================================================ 10:19:39.0171 0552 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:19:39.0171 0552 ============================================================ 10:19:39.0171 0552 \Device\Harddisk0\DR0: 10:19:39.0171 0552 MBR partitions: 10:19:39.0171 0552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681 10:19:39.0171 0552 ============================================================ 10:19:39.0218 0552 C: <-> \Device\Harddisk0\DR0\Partition1 10:19:39.0218 0552 ============================================================ 10:19:39.0218 0552 Initialize success 10:19:39.0218 0552 ============================================================ 10:19:58.0703 3996 ============================================================ 10:19:58.0703 3996 Scan started 10:19:58.0703 3996 Mode: Manual; SigCheck; TDLFS; 10:19:58.0703 3996 ============================================================ 10:19:58.0968 3996 ================ Scan system memory ======================== 10:19:58.0984 3996 System memory - ok 10:19:58.0984 3996 ================ Scan services ============================= 10:19:59.0171 3996 Abiosdsk - ok 10:19:59.0187 3996 abp480n5 - ok 10:19:59.0218 3996 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:20:01.0843 3996 ACPI - ok 10:20:01.0890 3996 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 10:20:02.0093 3996 ACPIEC - ok 10:20:02.0093 3996 adpu160m - ok 10:20:02.0125 3996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 10:20:02.0312 3996 aec - ok 10:20:02.0359 3996 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys 10:20:02.0390 3996 AegisP ( UnsignedFile.Multi.Generic ) - warning 10:20:02.0390 3996 AegisP - detected UnsignedFile.Multi.Generic (1) 10:20:02.0437 3996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 10:20:02.0531 3996 AFD - ok 10:20:02.0578 3996 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys 10:20:02.0718 3996 agp440 - ok 10:20:02.0718 3996 Aha154x - ok 10:20:02.0734 3996 aic78u2 - ok 10:20:02.0734 3996 aic78xx - ok 10:20:02.0859 3996 [ 933933288DF5ED26D1928215C97D05C7 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS 10:20:03.0078 3996 ALCXWDM - ok 10:20:03.0125 3996 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 10:20:03.0281 3996 Alerter - ok 10:20:03.0312 3996 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 10:20:03.0406 3996 ALG - ok 10:20:03.0406 3996 AliIde - ok 10:20:03.0421 3996 amsint - ok 10:20:03.0562 3996 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 10:20:03.0625 3996 AntiVirSchedulerService - ok 10:20:03.0656 3996 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 10:20:03.0671 3996 AntiVirService - ok 10:20:03.0734 3996 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 10:20:03.0843 3996 AppMgmt - ok 10:20:03.0843 3996 asc - ok 10:20:03.0859 3996 asc3350p - ok 10:20:03.0859 3996 asc3550 - ok 10:20:03.0890 3996 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys 10:20:03.0921 3996 Aspi32 ( UnsignedFile.Multi.Generic ) - warning 10:20:03.0921 3996 Aspi32 - detected UnsignedFile.Multi.Generic (1) 10:20:04.0046 3996 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:20:04.0093 3996 aspnet_state - ok 10:20:04.0125 3996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:20:04.0281 3996 AsyncMac - ok 10:20:04.0328 3996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 10:20:04.0484 3996 atapi - ok 10:20:04.0484 3996 Atdisk - ok 10:20:04.0546 3996 [ D6C058E35B19F2999966E85433AFD760 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 10:20:04.0625 3996 Ati HotKey Poller - ok 10:20:04.0671 3996 [ 451D52EB47EBD597DB35B9AE2DB9BD3D ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe 10:20:04.0734 3996 ATI Smart ( UnsignedFile.Multi.Generic ) - warning 10:20:04.0734 3996 ATI Smart - detected UnsignedFile.Multi.Generic (1) 10:20:04.0781 3996 [ 56C198EC46B4AD3153AA748C89178E86 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:20:04.0859 3996 ati2mtag - ok 10:20:04.0921 3996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:20:05.0093 3996 Atmarpc - ok 10:20:05.0140 3996 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 10:20:05.0281 3996 AudioSrv - ok 10:20:05.0328 3996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 10:20:05.0453 3996 audstub - ok 10:20:05.0515 3996 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 10:20:05.0609 3996 avgntflt - ok 10:20:05.0656 3996 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 10:20:05.0703 3996 avipbb - ok 10:20:05.0718 3996 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 10:20:05.0750 3996 avkmgr - ok 10:20:05.0812 3996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 10:20:05.0968 3996 Beep - ok 10:20:06.0015 3996 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 10:20:06.0203 3996 BITS - ok 10:20:06.0250 3996 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 10:20:06.0343 3996 Browser - ok 10:20:06.0390 3996 [ C915AC58E7B49AE3CBFD88D544AC8BA1 ] CAPI C:\WINDOWS\system32\DRIVERS\capi.sys 10:20:06.0421 3996 CAPI ( UnsignedFile.Multi.Generic ) - warning 10:20:06.0421 3996 CAPI - detected UnsignedFile.Multi.Generic (1) 10:20:06.0468 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 10:20:06.0625 3996 cbidf2k - ok 10:20:06.0703 3996 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Programme\Canon\CAL\CALMAIN.exe 10:20:06.0734 3996 CCALib8 ( UnsignedFile.Multi.Generic ) - warning 10:20:06.0734 3996 CCALib8 - detected UnsignedFile.Multi.Generic (1) 10:20:06.0750 3996 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 10:20:06.0890 3996 CCDECODE - ok 10:20:06.0906 3996 cd20xrnt - ok 10:20:06.0937 3996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 10:20:07.0109 3996 Cdaudio - ok 10:20:07.0156 3996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 10:20:07.0312 3996 Cdfs - ok 10:20:07.0343 3996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:20:07.0500 3996 Cdrom - ok 10:20:07.0515 3996 Changer - ok 10:20:07.0546 3996 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 10:20:07.0718 3996 CiSvc - ok 10:20:07.0734 3996 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 10:20:07.0906 3996 ClipSrv - ok 10:20:07.0937 3996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:20:08.0031 3996 clr_optimization_v2.0.50727_32 - ok 10:20:08.0031 3996 CmdIde - ok 10:20:08.0046 3996 COMSysApp - ok 10:20:08.0062 3996 Cpqarray - ok 10:20:08.0093 3996 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 10:20:08.0250 3996 CryptSvc - ok 10:20:08.0265 3996 dac2w2k - ok 10:20:08.0265 3996 dac960nt - ok 10:20:08.0328 3996 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 10:20:08.0390 3996 DcomLaunch - ok 10:20:08.0437 3996 [ 98658CDA02BCA0EB31097BC2858E747C ] DectEnum C:\WINDOWS\system32\Drivers\DectEnum.sys 10:20:08.0453 3996 DectEnum ( UnsignedFile.Multi.Generic ) - warning 10:20:08.0453 3996 DectEnum - detected UnsignedFile.Multi.Generic (1) 10:20:08.0515 3996 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys 10:20:08.0546 3996 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 10:20:08.0546 3996 DgiVecp - detected UnsignedFile.Multi.Generic (1) 10:20:08.0593 3996 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 10:20:08.0750 3996 Dhcp - ok 10:20:08.0796 3996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 10:20:08.0968 3996 Disk - ok 10:20:08.0968 3996 dmadmin - ok 10:20:09.0015 3996 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 10:20:09.0218 3996 dmboot - ok 10:20:09.0234 3996 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 10:20:09.0375 3996 dmio - ok 10:20:09.0390 3996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 10:20:09.0546 3996 dmload - ok 10:20:09.0593 3996 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 10:20:09.0734 3996 dmserver - ok 10:20:09.0765 3996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 10:20:09.0937 3996 DMusic - ok 10:20:09.0984 3996 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 10:20:10.0109 3996 Dnscache - ok 10:20:10.0140 3996 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 10:20:10.0328 3996 Dot3svc - ok 10:20:10.0343 3996 dpti2o - ok 10:20:10.0375 3996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 10:20:10.0515 3996 drmkaud - ok 10:20:10.0515 3996 DXSOFTIO - ok 10:20:10.0546 3996 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 10:20:10.0718 3996 EapHost - ok 10:20:10.0765 3996 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 10:20:10.0906 3996 ERSvc - ok 10:20:10.0968 3996 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 10:20:11.0000 3996 Eventlog - ok 10:20:11.0062 3996 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 10:20:11.0140 3996 EventSystem - ok 10:20:11.0187 3996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 10:20:11.0343 3996 Fastfat - ok 10:20:11.0390 3996 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 10:20:11.0500 3996 FastUserSwitchingCompatibility - ok 10:20:11.0531 3996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 10:20:11.0671 3996 Fdc - ok 10:20:11.0687 3996 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 10:20:11.0843 3996 Fips - ok 10:20:11.0859 3996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:20:12.0015 3996 Flpydisk - ok 10:20:12.0062 3996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 10:20:12.0250 3996 FltMgr - ok 10:20:12.0312 3996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:20:12.0343 3996 FontCache3.0.0.0 - ok 10:20:12.0390 3996 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS 10:20:12.0421 3996 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 10:20:12.0421 3996 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 10:20:12.0453 3996 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe 10:20:12.0468 3996 FsUsbExService - ok 10:20:12.0468 3996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:20:12.0625 3996 Fs_Rec - ok 10:20:12.0640 3996 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:20:12.0781 3996 Ftdisk - ok 10:20:12.0812 3996 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys 10:20:12.0953 3996 gameenum - ok 10:20:13.0015 3996 [ 3166D34B1CC23BE75D5A9BD09775EE7B ] Gigusb C:\WINDOWS\system32\Drivers\Gigusb.sys 10:20:13.0046 3996 Gigusb ( UnsignedFile.Multi.Generic ) - warning 10:20:13.0046 3996 Gigusb - detected UnsignedFile.Multi.Generic (1) 10:20:13.0093 3996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:20:13.0265 3996 Gpc - ok 10:20:13.0312 3996 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe 10:20:13.0343 3996 gusvc - ok 10:20:13.0437 3996 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:20:13.0578 3996 helpsvc - ok 10:20:13.0625 3996 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 10:20:13.0765 3996 HidServ - ok 10:20:13.0812 3996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:20:13.0953 3996 HidUsb - ok 10:20:14.0000 3996 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 10:20:14.0156 3996 hkmsvc - ok 10:20:14.0171 3996 hpn - ok 10:20:14.0218 3996 [ 3CA6111453436CAF0681F343D5F0000C ] HRCMPA C:\WINDOWS\system32\DRIVERS\hrcmpa.sys 10:20:14.0265 3996 HRCMPA ( UnsignedFile.Multi.Generic ) - warning 10:20:14.0265 3996 HRCMPA - detected UnsignedFile.Multi.Generic (1) 10:20:14.0312 3996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 10:20:14.0375 3996 HTTP - ok 10:20:14.0390 3996 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 10:20:14.0546 3996 HTTPFilter - ok 10:20:14.0578 3996 [ 448BB2FE30F1DDE9EAA4F0E87B52B687 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys 10:20:14.0609 3996 hwinterface ( UnsignedFile.Multi.Generic ) - warning 10:20:14.0609 3996 hwinterface - detected UnsignedFile.Multi.Generic (1) 10:20:14.0625 3996 i2omgmt - ok 10:20:14.0625 3996 i2omp - ok 10:20:14.0656 3996 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:20:14.0812 3996 i8042prt - ok 10:20:14.0921 3996 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe 10:20:14.0953 3996 IDriverT ( UnsignedFile.Multi.Generic ) - warning 10:20:14.0953 3996 IDriverT - detected UnsignedFile.Multi.Generic (1) 10:20:15.0031 3996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:20:15.0125 3996 idsvc - ok 10:20:15.0203 3996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 10:20:15.0343 3996 Imapi - ok 10:20:15.0390 3996 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 10:20:15.0546 3996 ImapiService - ok 10:20:15.0593 3996 [ C46E8CF2BF9688D5332DD14CF42ACD61 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys 10:20:15.0640 3996 incdrm ( UnsignedFile.Multi.Generic ) - warning 10:20:15.0640 3996 incdrm - detected UnsignedFile.Multi.Generic (1) 10:20:15.0640 3996 ini910u - ok 10:20:15.0671 3996 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 10:20:15.0828 3996 IntelIde - ok 10:20:15.0875 3996 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:20:16.0015 3996 intelppm - ok 10:20:16.0046 3996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 10:20:16.0234 3996 Ip6Fw - ok 10:20:16.0265 3996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:20:16.0406 3996 IpFilterDriver - ok 10:20:16.0421 3996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:20:16.0578 3996 IpInIp - ok 10:20:16.0609 3996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:20:16.0765 3996 IpNat - ok 10:20:16.0796 3996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:20:16.0937 3996 IPSec - ok 10:20:16.0968 3996 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 10:20:17.0062 3996 IRENUM - ok 10:20:17.0093 3996 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:20:17.0265 3996 isapnp - ok 10:20:17.0312 3996 [ BA82938F02E7DEFFD2B33C8E56348F68 ] IUAPIWDM C:\WINDOWS\system32\DRIVERS\IUAPIWDM.sys 10:20:17.0343 3996 IUAPIWDM ( UnsignedFile.Multi.Generic ) - warning 10:20:17.0343 3996 IUAPIWDM - detected UnsignedFile.Multi.Generic (1) 10:20:17.0484 3996 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 10:20:17.0500 3996 JavaQuickStarterService - ok 10:20:17.0546 3996 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:20:17.0703 3996 Kbdclass - ok 10:20:17.0734 3996 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:20:17.0890 3996 kbdhid - ok 10:20:17.0921 3996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 10:20:18.0093 3996 kmixer - ok 10:20:18.0156 3996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 10:20:18.0281 3996 KSecDD - ok 10:20:18.0312 3996 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 10:20:18.0359 3996 lanmanserver - ok 10:20:18.0421 3996 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 10:20:18.0468 3996 lanmanworkstation - ok 10:20:18.0484 3996 lbrtfdc - ok 10:20:18.0531 3996 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 10:20:18.0687 3996 LmHosts - ok 10:20:18.0718 3996 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 10:20:18.0734 3996 MBAMProtector - ok 10:20:18.0796 3996 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe 10:20:18.0812 3996 MBAMScheduler - ok 10:20:18.0875 3996 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 10:20:18.0906 3996 MBAMService - ok 10:20:19.0000 3996 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe 10:20:19.0031 3996 MDM - ok 10:20:19.0062 3996 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 10:20:19.0234 3996 Messenger - ok 10:20:19.0281 3996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 10:20:19.0421 3996 mnmdd - ok 10:20:19.0453 3996 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 10:20:19.0609 3996 mnmsrvc - ok 10:20:19.0656 3996 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 10:20:19.0812 3996 Modem - ok 10:20:19.0843 3996 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:20:20.0000 3996 Mouclass - ok 10:20:20.0015 3996 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:20:20.0171 3996 mouhid - ok 10:20:20.0218 3996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 10:20:20.0375 3996 MountMgr - ok 10:20:20.0406 3996 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys 10:20:20.0562 3996 MPE - ok 10:20:20.0578 3996 mraid35x - ok 10:20:20.0593 3996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:20:20.0734 3996 MRxDAV - ok 10:20:20.0796 3996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:20:20.0875 3996 MRxSmb - ok 10:20:20.0906 3996 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 10:20:21.0062 3996 MSDTC - ok 10:20:21.0078 3996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 10:20:21.0234 3996 Msfs - ok 10:20:21.0250 3996 MSIServer - ok 10:20:21.0281 3996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:20:21.0437 3996 MSKSSRV - ok 10:20:21.0453 3996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:20:21.0593 3996 MSPCLOCK - ok 10:20:21.0625 3996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 10:20:21.0781 3996 MSPQM - ok 10:20:21.0796 3996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:20:21.0937 3996 mssmbios - ok 10:20:21.0984 3996 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 10:20:22.0140 3996 MSTEE - ok 10:20:22.0203 3996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 10:20:22.0265 3996 Mup - ok 10:20:22.0312 3996 [ 799A99D21E72023EE5ADB28AE424EFC8 ] MXOFX C:\WINDOWS\system32\DRIVERS\MXOFX.SYS 10:20:22.0359 3996 MXOFX - ok 10:20:22.0406 3996 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 10:20:22.0578 3996 NABTSFEC - ok 10:20:22.0625 3996 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 10:20:22.0796 3996 napagent - ok 10:20:22.0828 3996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 10:20:22.0984 3996 NDIS - ok 10:20:23.0046 3996 [ 3D751F96289BD24B93A7388BD64D9682 ] NDISCAPI C:\WINDOWS\system32\DRIVERS\ndiscapi.sys 10:20:23.0062 3996 NDISCAPI ( UnsignedFile.Multi.Generic ) - warning 10:20:23.0062 3996 NDISCAPI - detected UnsignedFile.Multi.Generic (1) 10:20:23.0109 3996 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 10:20:23.0265 3996 NdisIP - ok 10:20:23.0312 3996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:20:23.0390 3996 NdisTapi - ok 10:20:23.0437 3996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:20:23.0609 3996 Ndisuio - ok 10:20:23.0625 3996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:20:23.0765 3996 NdisWan - ok 10:20:23.0812 3996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 10:20:23.0875 3996 NDProxy - ok 10:20:23.0890 3996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 10:20:24.0109 3996 NetBIOS - ok 10:20:24.0171 3996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 10:20:24.0343 3996 NetBT - ok 10:20:24.0390 3996 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 10:20:24.0546 3996 NetDDE - ok 10:20:24.0546 3996 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 10:20:24.0703 3996 NetDDEdsdm - ok 10:20:24.0750 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 10:20:24.0906 3996 Netlogon - ok 10:20:24.0937 3996 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 10:20:25.0078 3996 Netman - ok 10:20:25.0093 3996 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:20:25.0140 3996 NetTcpPortSharing - ok 10:20:25.0187 3996 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 10:20:25.0234 3996 Nla - ok 10:20:25.0281 3996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 10:20:25.0421 3996 Npfs - ok 10:20:25.0437 3996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 10:20:25.0625 3996 Ntfs - ok 10:20:25.0640 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 10:20:25.0781 3996 NtLmSsp - ok 10:20:25.0843 3996 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 10:20:26.0000 3996 NtmsSvc - ok 10:20:26.0015 3996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 10:20:26.0156 3996 Null - ok 10:20:26.0203 3996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:20:26.0359 3996 NwlnkFlt - ok 10:20:26.0375 3996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:20:26.0531 3996 NwlnkFwd - ok 10:20:26.0593 3996 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 10:20:26.0765 3996 Parport - ok 10:20:26.0781 3996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 10:20:26.0953 3996 PartMgr - ok 10:20:27.0000 3996 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 10:20:27.0156 3996 ParVdm - ok 10:20:27.0171 3996 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 10:20:27.0328 3996 PCI - ok 10:20:27.0328 3996 PCIDump - ok 10:20:27.0359 3996 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 10:20:27.0500 3996 PCIIde - ok 10:20:27.0546 3996 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 10:20:27.0703 3996 Pcmcia - ok 10:20:27.0718 3996 PDCOMP - ok 10:20:27.0734 3996 PDFRAME - ok 10:20:27.0734 3996 PDRELI - ok 10:20:27.0750 3996 PDRFRAME - ok 10:20:27.0750 3996 perc2 - ok 10:20:27.0765 3996 perc2hib - ok 10:20:27.0812 3996 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 10:20:27.0843 3996 PlugPlay - ok 10:20:27.0859 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 10:20:28.0000 3996 PolicyAgent - ok 10:20:28.0015 3996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:20:28.0187 3996 PptpMiniport - ok 10:20:28.0203 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 10:20:28.0343 3996 ProtectedStorage - ok 10:20:28.0343 3996 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 10:20:28.0500 3996 PSched - ok 10:20:28.0531 3996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:20:28.0687 3996 Ptilink - ok 10:20:28.0734 3996 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:20:28.0765 3996 PxHelp20 - ok 10:20:28.0781 3996 ql1080 - ok 10:20:28.0781 3996 Ql10wnt - ok 10:20:28.0796 3996 ql12160 - ok 10:20:28.0796 3996 ql1240 - ok 10:20:28.0812 3996 ql1280 - ok 10:20:28.0812 3996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:20:28.0968 3996 RasAcd - ok 10:20:29.0015 3996 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 10:20:29.0171 3996 RasAuto - ok 10:20:29.0203 3996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:20:29.0375 3996 Rasl2tp - ok 10:20:29.0421 3996 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 10:20:29.0562 3996 RasMan - ok 10:20:29.0578 3996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:20:29.0734 3996 RasPppoe - ok 10:20:29.0734 3996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 10:20:29.0875 3996 Raspti - ok 10:20:29.0906 3996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:20:30.0062 3996 Rdbss - ok 10:20:30.0093 3996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:20:30.0234 3996 RDPCDD - ok 10:20:30.0296 3996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:20:30.0468 3996 rdpdr - ok 10:20:30.0500 3996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 10:20:30.0593 3996 RDPWD - ok 10:20:30.0625 3996 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 10:20:30.0781 3996 RDSessMgr - ok 10:20:30.0812 3996 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 10:20:30.0984 3996 redbook - ok 10:20:31.0031 3996 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 10:20:31.0203 3996 RemoteAccess - ok 10:20:31.0234 3996 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 10:20:31.0390 3996 RemoteRegistry - ok 10:20:31.0453 3996 [ 20C9AD5EE73AF9E5F2F524C98E5E5F49 ] RetroLauncher C:\Programme\Dantz\Retrospect\retrorun.exe 10:20:31.0484 3996 RetroLauncher ( UnsignedFile.Multi.Generic ) - warning 10:20:31.0484 3996 RetroLauncher - detected UnsignedFile.Multi.Generic (1) 10:20:31.0515 3996 [ B4BFA84CA8368D1A69FC0835C844BBE7 ] Retrospect Helper C:\Programme\Dantz\Retrospect\rthlpsvc.exe 10:20:31.0546 3996 Retrospect Helper ( UnsignedFile.Multi.Generic ) - warning 10:20:31.0546 3996 Retrospect Helper - detected UnsignedFile.Multi.Generic (1) 10:20:31.0578 3996 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 10:20:31.0734 3996 RpcLocator - ok 10:20:31.0765 3996 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 10:20:31.0812 3996 RpcSs - ok 10:20:31.0859 3996 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 10:20:32.0015 3996 RSVP - ok 10:20:32.0046 3996 [ 6EA04A4370609E5E1EAEEE898A2AB6AC ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys 10:20:32.0125 3996 RT73 - ok 10:20:32.0156 3996 [ F4EDD3A7AC7E89EDEAAC7B11F5B531D2 ] RTL2832UBDA C:\WINDOWS\system32\drivers\RTL2832UBDA.sys 10:20:32.0187 3996 RTL2832UBDA - ok 10:20:32.0203 3996 [ 2B1453657AE1E2FAD33C4DE627C8F643 ] RTL2832UUSB C:\WINDOWS\system32\Drivers\RTL2832UUSB.sys 10:20:32.0218 3996 RTL2832UUSB - ok 10:20:32.0296 3996 [ B1DB1E76D94788B48D9C579F4439C71D ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys 10:20:32.0343 3996 RTL8192su - ok 10:20:32.0375 3996 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 10:20:32.0515 3996 SamSs - ok 10:20:32.0546 3996 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 10:20:32.0718 3996 SCardSvr - ok 10:20:32.0765 3996 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 10:20:32.0921 3996 Schedule - ok 10:20:32.0968 3996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:20:33.0046 3996 Secdrv - ok 10:20:33.0078 3996 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 10:20:33.0234 3996 seclogon - ok 10:20:33.0250 3996 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 10:20:33.0390 3996 SENS - ok 10:20:33.0421 3996 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 10:20:33.0562 3996 serenum - ok 10:20:33.0578 3996 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 10:20:33.0750 3996 Serial - ok 10:20:33.0812 3996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 10:20:33.0968 3996 Sfloppy - ok 10:20:34.0015 3996 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 10:20:34.0187 3996 SharedAccess - ok 10:20:34.0234 3996 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 10:20:34.0265 3996 ShellHWDetection - ok 10:20:34.0328 3996 [ 73AC4DF79566C74073B67FEF8D0FC6C5 ] siellif C:\WINDOWS\system32\Drivers\siellif.sys 10:20:34.0359 3996 siellif ( UnsignedFile.Multi.Generic ) - warning 10:20:34.0359 3996 siellif - detected UnsignedFile.Multi.Generic (1) 10:20:34.0375 3996 Simbad - ok 10:20:34.0406 3996 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 10:20:34.0546 3996 SLIP - ok 10:20:34.0562 3996 Sparrow - ok 10:20:34.0578 3996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 10:20:34.0734 3996 splitter - ok 10:20:34.0781 3996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 10:20:34.0843 3996 Spooler - ok 10:20:34.0875 3996 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 10:20:34.0984 3996 sr - ok 10:20:35.0015 3996 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 10:20:35.0093 3996 srservice - ok 10:20:35.0140 3996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 10:20:35.0187 3996 Srv - ok 10:20:35.0234 3996 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys 10:20:35.0250 3996 sscdbus - ok 10:20:35.0296 3996 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 10:20:35.0328 3996 sscdmdfl - ok 10:20:35.0359 3996 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 10:20:35.0390 3996 sscdmdm - ok 10:20:35.0421 3996 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 10:20:35.0500 3996 SSDPSRV - ok 10:20:35.0562 3996 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 10:20:35.0578 3996 ssmdrv - ok 10:20:35.0578 3996 SSPORT - ok 10:20:35.0640 3996 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 10:20:35.0781 3996 stisvc - ok 10:20:35.0812 3996 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 10:20:35.0984 3996 streamip - ok 10:20:36.0031 3996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 10:20:36.0203 3996 swenum - ok 10:20:36.0234 3996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 10:20:36.0390 3996 swmidi - ok 10:20:36.0390 3996 SwPrv - ok 10:20:36.0406 3996 symc810 - ok 10:20:36.0406 3996 symc8xx - ok 10:20:36.0421 3996 sym_hi - ok 10:20:36.0421 3996 sym_u3 - ok 10:20:36.0468 3996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 10:20:36.0593 3996 sysaudio - ok 10:20:36.0640 3996 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 10:20:36.0796 3996 SysmonLog - ok 10:20:36.0828 3996 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 10:20:36.0984 3996 TapiSrv - ok 10:20:37.0046 3996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:20:37.0093 3996 Tcpip - ok 10:20:37.0156 3996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 10:20:37.0296 3996 TDPIPE - ok 10:20:37.0328 3996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 10:20:37.0500 3996 TDTCP - ok 10:20:37.0546 3996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 10:20:37.0703 3996 TermDD - ok 10:20:37.0765 3996 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 10:20:37.0906 3996 TermService - ok 10:20:37.0937 3996 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 10:20:37.0953 3996 Themes - ok 10:20:38.0000 3996 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 10:20:38.0109 3996 TlntSvr - ok 10:20:38.0109 3996 TosIde - ok 10:20:38.0171 3996 [ 1840772747E1F3CDD822328AC6DE0A43 ] TotRec7 C:\WINDOWS\system32\drivers\TotRec7.sys 10:20:38.0203 3996 TotRec7 - ok 10:20:38.0203 3996 [ A0D67ABC7A8CDA2E000E63C0F648B93A ] TotRec8 C:\WINDOWS\system32\drivers\TotRec8.sys 10:20:38.0234 3996 TotRec8 - ok 10:20:38.0250 3996 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 10:20:38.0406 3996 TrkWks - ok 10:20:38.0437 3996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 10:20:38.0593 3996 Udfs - ok 10:20:38.0593 3996 ultra - ok 10:20:38.0625 3996 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 10:20:38.0671 3996 UMWdf - ok 10:20:38.0734 3996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 10:20:38.0890 3996 Update - ok 10:20:38.0953 3996 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Programme\UPHClean\uphclean.exe 10:20:38.0984 3996 UPHClean ( UnsignedFile.Multi.Generic ) - warning 10:20:38.0984 3996 UPHClean - detected UnsignedFile.Multi.Generic (1) 10:20:39.0015 3996 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 10:20:39.0140 3996 upnphost - ok 10:20:39.0171 3996 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 10:20:39.0343 3996 UPS - ok 10:20:39.0390 3996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:20:39.0531 3996 usbccgp - ok 10:20:39.0562 3996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:20:39.0703 3996 usbehci - ok 10:20:39.0734 3996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:20:39.0875 3996 usbhub - ok 10:20:39.0906 3996 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:20:40.0062 3996 usbprint - ok 10:20:40.0093 3996 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:20:40.0250 3996 usbscan - ok 10:20:40.0312 3996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:20:40.0468 3996 USBSTOR - ok 10:20:40.0500 3996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:20:40.0640 3996 usbuhci - ok 10:20:40.0640 3996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 10:20:40.0796 3996 VgaSave - ok 10:20:40.0812 3996 ViaIde - ok 10:20:40.0843 3996 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 10:20:40.0984 3996 VolSnap - ok 10:20:41.0031 3996 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 10:20:41.0156 3996 VSS - ok 10:20:41.0187 3996 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 10:20:41.0328 3996 W32Time - ok 10:20:41.0375 3996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:20:41.0515 3996 Wanarp - ok 10:20:41.0531 3996 WDICA - ok 10:20:41.0546 3996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 10:20:41.0703 3996 wdmaud - ok 10:20:41.0734 3996 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 10:20:41.0859 3996 WebClient - ok 10:20:41.0968 3996 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 10:20:42.0109 3996 winmgmt - ok 10:20:42.0171 3996 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 10:20:42.0234 3996 WmdmPmSN - ok 10:20:42.0296 3996 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 10:20:42.0328 3996 Wmi - ok 10:20:42.0375 3996 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:20:42.0531 3996 WmiApSrv - ok 10:20:42.0546 3996 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys 10:20:42.0578 3996 WpdUsb - ok 10:20:42.0640 3996 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 10:20:42.0765 3996 wscsvc - ok 10:20:42.0812 3996 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 10:20:42.0968 3996 WSTCODEC - ok 10:20:43.0015 3996 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 10:20:43.0171 3996 wuauserv - ok 10:20:43.0234 3996 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 10:20:43.0406 3996 WZCSVC - ok 10:20:43.0500 3996 [ 8F0D73F36340843B07E564C7357A65D0 ] xControlCOM C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe 10:20:43.0546 3996 xControlCOM ( UnsignedFile.Multi.Generic ) - warning 10:20:43.0546 3996 xControlCOM - detected UnsignedFile.Multi.Generic (1) 10:20:43.0578 3996 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 10:20:43.0718 3996 xmlprov - ok 10:20:43.0750 3996 [ 265B882E0501AC6D06F083B04AF488A8 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yukonwxp.sys 10:20:43.0796 3996 yukonwxp - ok 10:20:43.0828 3996 ================ Scan global =============================== 10:20:43.0859 3996 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 10:20:43.0921 3996 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 10:20:43.0953 3996 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 10:20:43.0968 3996 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 10:20:43.0968 3996 [Global] - ok 10:20:43.0968 3996 ================ Scan MBR ================================== 10:20:44.0000 3996 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 10:20:44.0234 3996 \Device\Harddisk0\DR0 - ok 10:20:44.0234 3996 ================ Scan VBR ================================== 10:20:44.0234 3996 [ 7123382085202763C6671FF43D534E2A ] \Device\Harddisk0\DR0\Partition1 10:20:44.0234 3996 \Device\Harddisk0\DR0\Partition1 - ok 10:20:44.0250 3996 ============================================================ 10:20:44.0250 3996 Scan finished 10:20:44.0250 3996 ============================================================ 10:20:44.0359 0440 Detected object count: 20 10:20:44.0359 0440 Actual detected object count: 20 10:21:35.0921 0440 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0921 0440 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0921 0440 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0921 0440 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0921 0440 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0921 0440 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0921 0440 CAPI ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0921 0440 CAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0921 0440 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0921 0440 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0937 0440 DectEnum ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0937 0440 DectEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0937 0440 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0937 0440 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0937 0440 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0937 0440 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0937 0440 Gigusb ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0937 0440 Gigusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0937 0440 HRCMPA ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0937 0440 HRCMPA ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0937 0440 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0937 0440 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0937 0440 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0937 0440 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0953 0440 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0953 0440 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0953 0440 IUAPIWDM ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0953 0440 IUAPIWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0953 0440 NDISCAPI ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0953 0440 NDISCAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0953 0440 RetroLauncher ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0953 0440 RetroLauncher ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0968 0440 Retrospect Helper ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0968 0440 Retrospect Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0968 0440 siellif ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0968 0440 siellif ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0968 0440 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0968 0440 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:21:35.0968 0440 xControlCOM ( UnsignedFile.Multi.Generic ) - skipped by user 10:21:35.0968 0440 xControlCOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:22:02.0093 2444 Deinitialize success Hans-Friedrich |
20.01.2013, 14:59 | #6 | |
/// Malware-holic | Avira meldet Trojaner, Malwarebytes findet nichts hi nächsten Schritt im betroffenen Konto: combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Avira meldet Trojaner, Malwarebytes findet nichts |
21.01.2013, 13:15 | #7 |
| Avira meldet Trojaner, Malwarebytes findet nichts Hallo Markus, so, ich habe Comboxfix.exe laufen lassen. Da das Programm nur als Admin gestartet werden konnte, habe ich es auch als Admin gestartet. Soweit ich das beurteilen kann, hat es auch ucgyt.exe erkannt und gelöscht. Hier ComboFix.txt: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-21.01 - Dumrese 21.01.2013 10:36:56.1.2 - x86 ausgeführt von:: c:\dokumente und einstellungen\Hans-Friedrich\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\dokumente und einstellungen\Dumrese\WINDOWS c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Cizime c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Cizime\ucgyt.exe c:\dokumente und einstellungen\Hans-Friedrich\WINDOWS c:\dokumente und einstellungen\NetworkService\NTUSER.DAT.tmp c:\windows\IsUn0407.exe c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\cefcaebcb_s.dll c:\windows\system32\SET10.tmp c:\windows\system32\SET12.tmp c:\windows\system32\SET4.tmp c:\windows\system32\SET5.tmp c:\windows\system32\SET58.tmp c:\windows\system32\SET5F.tmp c:\windows\system32\SET6.tmp c:\windows\system32\SET60.tmp c:\windows\system32\SET67.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SETA.tmp c:\windows\system32\SETB.tmp c:\windows\system32\SETC.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-21 bis 2013-01-21 )))))))))))))))))))))))))))))) . . 2013-01-18 16:54 . 2013-01-18 16:54 -------- d-----w- c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Malwarebytes 2013-01-18 13:19 . 2013-01-18 13:19 -------- d-----w- c:\dokumente und einstellungen\Dumrese\Anwendungsdaten\Malwarebytes 2013-01-18 13:19 . 2013-01-18 13:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2013-01-18 13:19 . 2013-01-20 09:04 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2013-01-18 13:19 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-07 16:28 . 2013-01-07 16:28 -------- d-----w- c:\dokumente und einstellungen\Hans-Friedrich\Lokale Einstellungen\Anwendungsdaten\Identities 2013-01-07 16:28 . 2013-01-20 16:22 -------- d-----w- c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Akly 2013-01-07 16:28 . 2013-01-07 16:28 -------- d-----w- c:\dokumente und einstellungen\Hans-Friedrich\Anwendungsdaten\Tuefys 2012-12-28 11:17 . 2001-09-30 18:10 246784 ----a-w- c:\windows\system32\ActiveSkin.ocx 2012-12-28 11:17 . 2001-05-24 11:59 162304 ----a-w- C:\UNWISE.EXE 2012-12-22 17:40 . 2012-12-22 17:40 -------- d-----w- c:\dokumente und einstellungen\Dumrese\Anwendungsdaten\GetRightToGo 2012-12-22 15:15 . 2012-12-22 15:15 -------- d-----w- c:\programme\Gemeinsame Dateien\Jumping Bytes . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-14 20:23 . 2012-04-29 07:42 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-14 20:23 . 2012-01-04 04:30 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-11 18:36 . 2012-11-03 18:30 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-12-11 18:36 . 2012-11-03 18:30 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-11-18 08:28 . 2012-11-03 18:30 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-11-13 11:55 . 2004-08-04 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-11-08 14:19 . 2012-09-15 14:07 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2012-11-08 14:19 . 2012-11-08 14:06 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe 2012-11-06 02:01 . 2008-07-17 04:05 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 12:00 916992 ------w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2006-10-12 05:31 . 2006-10-12 05:31 60526 ----a-w- c:\programme\mozilla firefox\components\jar50.dll 2006-10-12 05:31 . 2006-10-12 05:31 49256 ----a-w- c:\programme\mozilla firefox\components\jsd3250.dll 2006-10-12 05:31 . 2006-10-12 05:31 166000 ----a-w- c:\programme\mozilla firefox\components\xpinstal.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnalogClock"="c:\programme\Analog Clock\AnalogClock.exe" [2005-11-05 480256] "DeskDriveStartup"="c:\programme\Desk Drive\DeskDrive.exe" [2009-12-06 66048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784] "FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2005-05-27 147456] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888] "3200 Scan2PC"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2010-05-18 1989120] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . c:\dokumente und einstellungen\Dumrese\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] DOSPRN.lnk - c:\programme\DOSPRN\DOSprn.exe [2012-3-24 815104] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . c:\dokumente und einstellungen\Hans-Friedrich\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] DOSprn.exe.lnk - c:\programme\DOSPRN\DOSprn.exe [2012-3-24 815104] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . c:\dokumente und einstellungen\Dumrese\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] DOSPRN.lnk - c:\programme\DOSPRN\DOSprn.exe [2012-3-24 815104] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\ CAPI - Monitor.lnk - c:\programme\Gigaset DECT\capi\Tools\CALLTRAY.exe [2003-6-17 45056] PRINTKEY2000.lnk - c:\programme\Printkey 2000\PRINTKEY2000.EXE [2007-1-13 794112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFileAssociate"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=DrvTrNTm.dll "wave"=DrvTrNTm.dll . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Dumrese^Startmenü^Programme^Autostart^CAPI - Monitor.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io.exe"= "c:\\Programme\\Steuer 2011\\on4u3\\bdmsc.exe"= "c:\\Programme\\Steuer 2011\\stman2012.exe"= "c:\\Programme\\Steuer 2011\\on4u3\\bdrm.dll"= "c:\\Programme\\Steuer 2011\\wmain12.dll"= "c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Programme\\Audacity\\audacity.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Realtek AP UDP Prot . R2 DXSOFTIO;DXSOFTIO; [x] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] R3 RTL2832UBDA;NOXON DAB Stick BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x] R3 RTL2832UUSB;NOXON DAB Stick USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x] R3 xControlCOM;xControlCOM;c:\programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [x] S2 CAPI;CAPI 2.0 Service;c:\windows\system32\DRIVERS\capi.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\DRIVERS\ndiscapi.sys [x] S3 DectEnum;DectEnum;c:\windows\system32\Drivers\DectEnum.sys [x] S3 Gigusb;Dect USB Driver;c:\windows\system32\Drivers\Gigusb.sys [x] S3 HRCMPA;ISDN Wan driver (Ver. 1.20.0032);c:\windows\system32\DRIVERS\hrcmpa.sys [x] S3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0032);c:\windows\system32\DRIVERS\IUAPIWDM.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] S3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [x] S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [x] S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - uphcleanhlp . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Web-Recherche: Bild speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#101 IE: Web-Recherche: Bild speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#108 IE: Web-Recherche: Link-Adresse speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#110 IE: Web-Recherche: Markierte Ziele speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#111 IE: Web-Recherche: Markierung speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#104 IE: Web-Recherche: Markierung speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#109 IE: Web-Recherche: Seitenbereich (Frame) speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#102 IE: Web-Recherche: Seitenbereich (Frame) speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#106 IE: Web-Recherche: Ziel speichern - c:\progra~1\WEB-RE~1\wrshell.dll/#103 IE: Web-Recherche: Ziel speichern unter... - c:\progra~1\WEB-RE~1\wrshell.dll/#107 Trusted Zone: dumrese-pc1 TCP: Interfaces\{257DA1AF-4336-48B3-8040-D63390A71D88}: NameServer = 192.168.2.1 FF - ProfilePath - c:\dokumente und einstellungen\Dumrese\Anwendungsdaten\Mozilla\Firefox\Profiles\lct3ckxh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank . . ------- Dateityp-Verknüpfung ------- . .txt=ntpfile . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKLM-Run-Samsung PanelMgr - d:\application\SPanel\PanelMgr\SSMMgr.exe HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe HKLM-Run-NPSStartup - (no file) AddRemove-Xaldon WebSpider 2 - c:\windows\unin0407.exe AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-01-21 10:42 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,af,a8,31,97,11,b6,49,8d,3a,0f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,af,a8,31,97,11,b6,49,8d,3a,0f,\ . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\RemoteAccess\Profile\x *] "EnableAutodisconnect"=dword:00000001 "EnableExitDisconnect"=dword:00000001 "DisconnectIdleTime"=dword:00000014 . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CeWe Color\Home Photo Service\mainwindow] @DACL=(02 0000) "maximized"="true" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\BuildInfo] @DACL=(02 0000) "SR_No"="CDS050408-03" "Setup"="050412" "RC"="050307" "Help"="050308" "Readme"="050304" "Skin"="041220" "OlReg"="041130" "RegRC"="050325" "Ver"="6.00.1417" "Utility"="1102" "UI"="1417b" "UI98"="1417b" "DShow"="1403d" "AVSetting"="2513" "CPXM"="2207" "Other"="1215" "CL264"="-" "Pou"="1423" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\Color_Control] @DACL=(02 0000) "1"=hex:4f,00,72,00,69,00,67,00,69,00,6e,00,61,00,6c,00,00,00,00,00,38,dc,d1, 02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\ "2"=hex:4c,00,65,00,75,00,63,00,68,00,74,00,65,00,6e,00,64,00,00,00,38,dc,d1, 02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\ "3"=hex:48,00,65,00,6c,00,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,38,dc,d1, 02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\ "4"=hex:54,00,68,00,65,00,61,00,74,00,65,00,72,00,00,00,00,00,00,00,38,dc,d1, 02,54,bf,12,00,74,b5,12,00,a8,9a,83,7c,e0,c0,12,00,a8,9a,83,7c,f8,9f,80,7c,\ . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\DVD_ResumeState] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerDVD\UserReg] @DACL=(02 0000) "SR_No"="CDS050408-03" "Prod_Name"="PowerDVD" "Prod_Ver"="6.0" "CustomerNO"="92" "Hardware"="Display Card" "Channel"="OEM" "RegVType"="OEM 2CH" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\CyberLink\PowerProducer\3.0\Player] @DACL=(02 0000) "UIVMode"=dword:00000004 . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\CDDBServer2] @DACL=(02 0000) "0"="freedb.freedb.org Random freedb server" "1"="freedb.freedb.de Dortmund, Germany" "2"="at.freedb.org Vienna, Austria" "3"="au.freedb.org Sydney, Australia" "4"="bg.freedb.org Sofia, Bulgaria" "5"="ca.freedb.org Winnipeg, MB Canada" "6"="de.freedb.org Berlin, Germany" "7"="es.freedb.org Valencia, Spain" "8"="fi.freedb.org Tampere, Finland" "9"="lu.freedb.org Betzdorf, Luxemburg" "10"="no.freedb.org Tromso, Norway" "11"="uk.freedb.org London, UK" "12"="us.freedb.org San Jose, CA USA" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\DNVorgaben] @DACL=(02 0000) "0"="%A - %T" "N0"="%FilenameTemplateStandard" "1"="%N %A - %T" "N1"="%FilenameTemplateWithTrackNo" "2"="%N - %A - %T" "N2"="%FilenameTemplateWithSepTrackNo" "3"="%B - %N - %A - %T" "N3"="%FilenameTemplateAlbumTrackNoArtistTitle" "4"="%P %N %A - %T" "N4"="%FilenameTemplateDiscNoTrackNoArtistTitle" "5"="%A\\%B\\%T" "N5"="%FilenameTemplateArtistAlbumTitleFolder" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\Export] @DACL=(02 0000) "HTMLColumns"="TPE1TIT2*LENCOMM" "HTMLColumnsLink"="----" "HTMLNoOwnCol"=dword:00000001 "HTMLRelDir"=dword:00000000 "HTMLRelLinks"=dword:00000000 "HTMLGrouping"=dword:00000000 "HTMLManyFiles"=dword:00000000 "HTMLGroupField"="TPE1" "HTMLVLastFile"="" "HTMLVRelDir"=dword:00000000 "HTMLVRelLinks"=dword:00000000 "PlaylistAll"=dword:00000001 "PlaylistAddInfos"=dword:00000001 "PlaylistRelLinks"=dword:00000000 "ExcelColumns"="TPE1TIT2COMM*LEN*BIT*FIN" "ExcelNoOwnCol"=dword:00000000 "LastExport"=dword:00000003 . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\GM-Soft\MP3-Tag-Editor\3\Felder] @DACL=(02 0000) "0"="TPE1TIT2TRCKTCONCOMMTALB" "N0"="%PageGeneralTitle" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\AspectRatios] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\Buttons] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\Collage] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\HotFolders] @DACL=(02 0000) "0"="c:\\Dokumente und Einstellungen\\Hans-Friedrich\\Eigene Dateien\\Transfer\\" "1"="c:\\Dokumente und Einstellungen\\Hans-Friedrich\\Eigene Dateien\\Eigene Bilder\\2 Nachbestellung\\21 unbearbeitet\\" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Google\Picasa\Picasa2\Preferences\LifescapeUpdater] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Internet Explorer\Main\FeatureControl] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Internet Explorer\Main\WindowsSearch] @DACL=(02 0000) "Version"="WS not installed" "AutoCompleteGroups"=dword:00000005 "EnabledScopes"=dword:00000000 . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/corporate.wsz] @DACL=(02 0000) "Prefs"="SettingsTab;SRSSettings;SettingsDrawer;False;PlaylistDrawer;False" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin.wsz] @DACL=(02 0000) "Prefs"="mute;False" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin2.wsz] @DACL=(02 0000) "Prefs"="mute;False;TrackTimeFormat;0" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/wmpdxm.wsz] @DACL=(02 0000) "Prefs"="debug;Not Rocking Onward" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Player\Skins\Revert.wmz] @DACL=(02 0000) "Prefs"="vwPL;false;vwEQ;false" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\CD-Laufwerk (E:)] @DACL=(02 0000) "PDASelectedFolder"="In Search of Sunrise 5 CD 01" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\Library] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\MTP Player] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\ProxySettings] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\VideoSettings] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\MediaPlayer\Preferences\{e2706d43-e254-11da-9efb-806d6172696f}] @DACL=(02 0000) "CDReadRate"=hex:f3,97,8e,40 . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Office\Common\Assistant] @DACL=(02 0000) "AsstState"=dword:00000026 "AsstFile"="c:\\Programme\\Microsoft Office\\Office10\\clippit.acs" "AsstLeft"=dword:000000fb "AsstTop"=dword:00000016 . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Office\Common\Offline] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Microsoft\Office\Common\UserInfo] @DACL=(02 0000) "Company"="" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Panasonic\PHOTOfunSTUDIO 5.2 HD\Settings\Device] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013\Software\Panasonic\PHOTOfunSTUDIO 5.2 HD\Settings\Network] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\Amazon.MusicDownload.amz\DefaultIcon] @DACL=(02 0000) @="c:\\Dokumente und Einstellungen\\Hans-Friedrich\\Lokale Einstellungen\\Program Files\\Amazon\\MP3 Downloader\\AmazonMP3Downloader.exe" . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\Amazon.MusicDownload.amz\shell] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\Applications\NotePro.exe\shell] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\opml_auto_file\shell] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\PlanMaker\DefaultIcon] @DACL=(02 0000) @="c:\\Programme\\SoftMaker Office 2008\\PlanMaker.exe,1 " . [HKEY_USERS\S-1-5-21-1390067357-1303643608-839522115-1013_Classes\PlanMaker\shell] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'winlogon.exe'(3648) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2013-01-21 10:44:45 ComboFix-quarantined-files.txt 2013-01-21 09:44 . Vor Suchlauf: 7 Verzeichnis(se), 176.042.311.680 Bytes frei Nach Suchlauf: 9 Verzeichnis(se), 176.085.159.936 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FCD368341AEE98798BD3DC7385C3FBFF Was klappt? Ich komme wieder auf die HP meiner Bank und auch beim Aufruf meines Diba-Kontos kommen keine merkwürdigen Popups. Was hakt noch? Im User-Konto erscheint nicht mehr Avira im Systray. Das wurde neben vier anderen Programmen bei Hochfahren über HKLM/Software/Microsoft/Windows/CurrentVersion/Run gestartet. Die fünf Einträge (MXO Auto Loader, FreePDF Assistant, QuickTime Task, 3200 Scan2PC und avgnt) sind nicht mehr da. Regedit verwehrt mir aber auch als User den Zugriff auf HKLM/Software/Microsoft/Windows/CurrentVersion/Run. Im Admin-Modus sind die fünf Einträge da. Ich bin schon sehr zufrieden!!! Hans-Friedrich |
21.01.2013, 15:23 | #8 |
/// Malware-holic | Avira meldet Trojaner, Malwarebytes findet nichts hi öffne bitte c: rechtsklick qoobox, mit winrar oder nem anderen Programm packen, archiv hochladen: Trojaner-Board Upload Channel wenn fertig, bitte melden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.01.2013, 08:49 | #9 |
| Avira meldet Trojaner, Malwarebytes findet nichts Hallo Markus, habe c:\qoobox eben gezip't und hochgeladen. Avira meckerte natürlich den dort enthaltenen ucgyt.exe an. Auf c:\qoovox\BackEnv habe ich keinen Zugriff, auch nicht als Admin. Die beim User fehlenden Registryeinträge sind auch wieder da, nachdem ich als Admin auch der Gruppe "Jeder" Zugriffsrechte vergeben habe. Hans-Friedrich |
22.01.2013, 14:54 | #10 |
/// Malware-holic | Avira meldet Trojaner, Malwarebytes findet nichts hi du hast einen Trojan.zbot. dieser stiehlt banking Daten, informiere die Bank,lasse onlinebanking sperren. Da man diesen nicht 100 %ig sicher los wird: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
24.01.2013, 13:51 | #11 |
| Avira meldet Trojaner, Malwarebytes findet nichts Hallo Markus, vielen Dank für den Hinweis. Ich werde mal das Online-Banking von diesem Rechner aus sein lassen. Habe auch schon meine Passworte geändert. Ob ich meinen Rechner neu aufsetzen werde, ist fraglich. Nochmals Xp aufsetzen, wo doch 2014 der Support aufhört, erscheint mir nicht effizient. Ich muss das mal mit meinem Hardware-Mann besprechen. Wird wohl eher ein neuer Rechner werden. Einstweilen schon einmal vielen Dank für Deine Hilfe. Ich weiß sie zu schätzen! BTW: Wie werde ich c:\qoobox wieder los? Mit Löschen als Admin klappt es nicht. Hans-Friedrich |
24.01.2013, 17:55 | #12 |
/// Malware-holic | Avira meldet Trojaner, Malwarebytes findet nichts hi frage: soll der Rechner denn ins internet, denn dann muss er trotzdem neu gemacht werden, formatieren müsstest du sowieso, denn einen pc mit Daten wegzugeben währe eher ungünstig. combofix können wir bei bedafr schon noch löschen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Avira meldet Trojaner, Malwarebytes findet nichts |
adresse, antivirus, avira, avira antivir, bestimmte, bestimmte seiten, betriebssystem, browser, infizierte, log, malwarebytes, meldet, meldungen, nicht mehr, nichts, quarantäne, scan, schutz, seite, seiten, software, sp3, tr/crypt.zpack.gen, trojaner, virenschutz, windows |